Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

WIF Tracing

Windows Identity Foundation
[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

This topic shows you how to use tracing in Windows® Identity Foundation (WIF). This is similar to Windows Communication Foundation (WCF) tracing. For more information on WCF tracing, see How to: Enable Tracing.

The simplest way to enable tracing is in your application’s app.config or web.config file. The following configuration enables WIF traces, which are written to the file C:\logs\WIF.xml. Note that the folder in which the log file is written must already exist. WIF traces can be viewed with svctraceviewer.exe, which can be found in \Program Files\Microsoft SDKs\Windows\v6.0A\bin on the drive on which you installed Visual Studio.

<system.diagnostics>

  <sources>
    <source name="Microsoft.IdentityModel" switchValue="Verbose">
      <listeners>
        <add name="xml" type="System.Diagnostics.XmlWriterTraceListener"
             initializeData="C:\logs\WIF.xml" />
      </listeners>
    </source>
  </sources>

  <trace autoflush="true" />

</system.diagnostics>

The following configuration enables WCF and WIF traces, which are written to the files C:\logs\WCF.xml and C:\logs\WIF.xml, respectively. Note that the tracing sources are differentiated by the name attribute of the source element.

<system.diagnostics>

  <sources>

    <source name="Microsoft.IdentityModel" switchValue="Verbose">
      <listeners>
        <add name="wif" />
      </listeners>
    </source>

    <source name="System.ServiceModel.MessageLogging" logKnownPii="false" switchValue="Verbose">
      <listeners>
        <add name="wcf" />
      </listeners>
    </source>

  </sources>

  <sharedListeners>
    <add name="wcf" type="System.Diagnostics.XmlWriterTraceListener" 
         initializeData="C:\logs\WCF.xml" />
    <add name="wif" type="System.Diagnostics.XmlWriterTraceListener" 
         initializeData="C:\logs\WIF.xml" />
  </sharedListeners>

  <trace autoflush="true" />

</system.diagnostics>

security Security Note
Enabling WIF tracing for passive applications, that is, applications that use the WS-Federation protocol, can potentially expose the application to denial of service (DoS) attacks or to information disclosure to a malicious party. This includes both passive RPs and passive STSes. For this reason, we recommend that you not enable WIF tracing for passive RPs or STSes in a production environment.

security Security Note
WIF tracing does not attempt to filter personally identifiable information (PII). Therefore, WIF traces should be stored in a secure location.

This topic discusses the following traces:

The following tables show which traces are useful for which scenarios.

For STS developers:

 

Token Issuance Scenario Trace

WS-Federation

Fails to issue token

HashTrace

Warning: WS-Federation Message Not Processed

HashTrace

Success

Token

RST Received

Token

POST body (including wresult)

PassiveMessage, WsFedMessage

HashTraceRecord

HashTrace

WS-Trust

ActAs Request in RST

HashTrace

RSTR/RST (WCF Traces)

HashTrace

For RP developers:

 

Token Validation Scenario Trace

WS-Federation

Fail (Audience URI, Certificate Validation)

HashTrace, Reference

Warning: WS-Federation Message Not Processed

HashTrace, Reference

Success

Token

ClaimsPrincipal

ClaimsPrincipal

POST body (FedPassive Response)

PassiveMessage, WsFedMessage

Cookie (Name)

ChunkedCookie

Others

Authorizations

ClaimsPrincipal

Exceptions

Exception

The ChunkedCookieHandler trace contains information about the cookie: its name, size, path, domain, expiration, whether the channel was secure, and what action is being taken on it (reading, writing, or deleting).

The following trace records information about cookies that are being written:

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
    <EventID>0</EventID>
    <Type>3</Type>
    <SubType Name="Information">0</SubType>
    <Level>8</Level>
    <TimeCreated SystemTime="2009-08-27T16:06:43.3655884Z" />
    <Source Name="Microsoft.IdentityModel" />
    <Correlation ActivityID="{00000000-0000-0000-5a00-0080000000f7}" />
    <Execution ProcessName="w3wp" ProcessID="3412" ThreadID="4" />
    <Channel/>
    <Computer>MyComputer</Computer>
  </System>

  <ApplicationData>
    <TraceData>
      <DataItem>ChunkedCookieHandler: Writing Name=FedAuth Path=/ Domain= Expires=Session Secure=True HttpOnly=True</DataItem>
    </TraceData>
  </ApplicationData>

</E2ETraceEvent>

The following trace records information about cookies that are being read:

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
    <EventID>0</EventID>
    <Type>3</Type>
    <SubType Name="Information">0</SubType>
    <Level>8</Level>
    <TimeCreated SystemTime="2009-08-27T16:06:43.3812141Z" />
    <Source Name="Microsoft.IdentityModel" />
    <Correlation ActivityID="{00000000-0000-0000-5b00-0080000000f7}" />
    <Execution ProcessName="w3wp" ProcessID="3412" ThreadID="4" />
    <Channel/>
    <Computer>MyComputer</Computer>
  </System>

  <ApplicationData>
    <TraceData>
      <DataItem>ChunkedCookieHandler: Reading Name=FedAuth</DataItem>
    </TraceData>
  </ApplicationData>

</E2ETraceEvent>

The ClaimsPrincipal trace contains information about the principal that was created: its name and all claims identities that it contains. Each claims identity has a name, NameClaimType, RoleClaimType, Label, Actor (might be empty), and a set of claims.

The following is an example ClaimsPrincipal trace:

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
    <EventID>1</EventID>
    <Type>3</Type>
    <SubType Name="Information">0</SubType>
    <Level>8</Level>
    <TimeCreated SystemTime="2009-08-28T00:37:18.9548714Z" />
    <Source Name="Microsoft.IdentityModel" />
    <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
    <Execution ProcessName="ActiveStsExample.vshost" ProcessID="4380" ThreadID="11" />
    <Channel/>
    <Computer>MyComputer</Computer>
  </System>

  <ApplicationData>
    <TraceData>
      <DataItem>
        <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information">

          <Description>Setting an IClaimsPrincipal on the current EvaluationContext</Description>

          <AppDomain>ActiveStsExample.vshost.exe</AppDomain>

          <ClaimsPrincipalTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/ClaimsPrincipalTraceRecord">
            <ClaimsPrincipal Identity.Name="MyDomain\MyUserName">
              <ClaimsIdentity Name="MyDomain\MyUserName" NameClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" RoleClaimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Label="">

                <Claim Value="MyDomain\MyUserName" Type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" ValueType="http://www.w3.org/2001/XMLSchema#string"></Claim>

                <Claim Value="http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/x509" Type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" ValueType="http://www.w3.org/2001/XMLSchema#string"></Claim>

              </ClaimsIdentity>
            </ClaimsPrincipal>
          </ClaimsPrincipalTraceRecord>
        </TraceRecord>
      </DataItem>
    </TraceData>
  </ApplicationData>

</E2ETraceEvent>

The DeflateCookie trace contains information about the compression of the cookie: its original size and compressed size.

The following is an example DeflateCookie trace:

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
    <EventID>0</EventID>
    <Type>3</Type>
    <SubType Name="Information">0</SubType>
    <Level>8</Level>
    <TimeCreated SystemTime="2009-08-27T16:06:43.0843258Z" />
    <Source Name="Microsoft.IdentityModel" />
    <Correlation ActivityID="{00000000-0000-0000-5a00-0080000000f7}" />
    <Execution ProcessName="w3wp" ProcessID="3412" ThreadID="4" />
    <Channel/>
    <Computer>MyComputer</Computer>
  </System>

  <ApplicationData>
    <TraceData>
      <DataItem>DeflateCookieTransform: BeforeDeflate=5224 AfterDeflate=2596</DataItem>
    </TraceData>
  </ApplicationData>

</E2ETraceEvent>

The HashTrace trace contains information about signatures and signing XML: bytes in hexadecimal form, bytes in string form (when writing, the PreCanonicalBytes are included), length, and value.

The following is an example HashTrace trace:

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
    <EventID>1</EventID>
    <Type>3</Type>
    <SubType Name="Verbose">0</SubType>
    <Level>16</Level>
    <TimeCreated SystemTime="2009-08-28T01:04:35.4997605Z" />
    <Source Name="Microsoft.IdentityModel" />
    <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
    <Execution ProcessName="ActiveStsExample.vshost" ProcessID="8908" ThreadID="11" />
    <Channel/>
    <Computer>MyComputer</Computer>
  </System>

  <ApplicationData>
    <TraceData>
      <DataItem>
        <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Verbose">

          <Description>Microsoft.IdentityModel Diagnostic Trace</Description>

          <AppDomain>ActiveStsExample.vshost.exe</AppDomain>

          <HashTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/HashTraceRecord">

            <PreCanonicalBytes>
              <Length>3240</Length>
              <HexBytes>EFBBBF3C417…</HexBytes>
              <Encoding.UTF8>&lt;Assertion ID="_0457ef59-6994-40ee-a733-b9a1210bead3" IssueInstant="2009-08-28T01:04:27.590Z" Version="2.0" /AttributeStatement&gt;</Encoding.UTF8>
            </PreCanonicalBytes>

            <CanonicalBytes>
              <Length>3241</Length>
              <HexBytes>3C417373657274696F6E20</HexBytes>
              <Encoding.UTF8>&lt;Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0457ef59-6994-40ee-a733-b9a1210bead3" …/Assertion&gt;</Encoding.UTF8>
            </CanonicalBytes>

            <Hash>
              <Length>44</Length>
              <Value>pBEYEHY7srohYL4L0lHWgIhxDw8YCaPyUb99OUI/OZA=</Value>
            </Hash>

          </HashTraceRecord>
        </TraceRecord>
      </DataItem>
    </TraceData>
  </ApplicationData>

</E2ETraceEvent>

The PassiveMessage trace contains information about an STS passive or sign-in message that was received at a passive Web site: name/value pairs from the HTTP request.

The following is an example PassiveMessage trace:

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
    <EventID>1</EventID>
    <Type>3</Type>
    <SubType Name="Information">0</SubType>
    <Level>8</Level>
    <TimeCreated SystemTime="2009-11-04T01:36:22.2657059Z" />
    <Source Name="Microsoft.IdentityModel" />
    <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
    <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" />
    <Channel />
    <Computer>MyComputer</Computer>
  </System>
  <ApplicationData>
    <TraceData>
      <DataItem>
        <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information">
          <Description>HttpRequest.Form in SignInWithResponseMessage.</Description>
          <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain>
          <PassiveMessageTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/PassiveMessageTraceRecord">
            <Request>
              <wa>wsignin1.0</wa>
              <wresult>
                <trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
                  <trust:RequestSecurityTokenResponse Context="rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx">
                    <trust:Lifetime>
                      <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T01:36:22.156Z</wsu:Created>
                      <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T02:36:22.156Z</wsu:Expires>
                    </trust:Lifetime>
                    <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
                      <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
                        <Address>https://localhost/PassiveRedirectBasedClaimsAwareWebApp</Address>
                      </EndpointReference>
                    </wsp:AppliesTo>
                    <trust:RequestedSecurityToken>
                      <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></xenc:EncryptionMethod>
                        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                          <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                            <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                              <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
                            </e:EncryptionMethod>
                            <KeyInfo>
                              <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                                <X509Data>
                                  <X509IssuerSerial>
                                    <X509IssuerName>CN=localhost</X509IssuerName>
                                    <X509SerialNumber>-46063684837087187425230596485139881026</X509SerialNumber>
                                  </X509IssuerSerial>
                                </X509Data>
                              </o:SecurityTokenReference>
                            </KeyInfo>
                            <e:CipherData>
                              <e:CipherValue>Hjwt9Qfo/+fSaIqxy2vFIaVuPhKxHjmfYZsWLIAe8KZg4mNz4IH9j1eeMuJUdSiNY7yiv7SXVbVNmpi/lsSON8H9vVVpMgfYbr23tgbWjTKSJp59VWwzURx/MqyNOerlRc8GOSNz9S8AgVVm6twFYw/ZgScYFklYQuNKCEAYChU=</e:CipherValue>
                            </e:CipherData>
                          </e:EncryptedKey>
                        </KeyInfo>
                        <xenc:CipherData>
                          <xenc:CipherValue>hrt5PmmAaa3frZjz928PcWhXlUf+xzsR7pUSAosRfQ4MkNvyJtC12Bf4RdEYmauF59Pi2g+5WMggZj8RHfekTzV1k87jmNPxzQ9zcN8JVuz1UsqP3ADgEZiesnhSlhpfaogD3fgmFpCBikwFLg4I60y2X/0yQt+hBHqLcvu3LKbAy81tkPPx9qJYy+1y1FBbm0Wt55GdDwo+f9akJMXJkXc0MhYbNRKIsMWuWbVo73TF3aHJ8AqYjJy7kuWXdvxqbCo6yW0SkEiid6FYAG1/Rl6tB8BOaye8YlpPJRBeFkojHaa9RohnSZ73KPFH9JbFXERQfpN9Z5I1yLvkSkWbu81O3z4epgFVBcr+ARuRc5RnVnuQg7IUMeQFm5d2HD80DuonqrUkJC7+kr3ur//Hdc5WTSxCCVRTrR/YLuFRLDKjXfJ8gYXUkTCI8Ca9yoMesjNZWAT6nf0pu3P/DHh0IczdcGhMYelZiHTY6C5au0ZqMvJudgbLyLvhkM+tTX8Nt0MZFt7FEYz/QXrBjh6t5/WbItFf+2P6ZPQuGQFCMsJo0zMonmxQzUBMJbrG1hNrb2w27+RXAh5Xhvie/4njwaAmcb3nWanohs8AEU41kODsYrjbq+7VfqyyIIWvnL+8T1QEABXuGPbme+Jkp6xHViL5FHPLsHR9l9IAQwWTn85D+/LBlmSPA/avPst1nIUk5cCkwwg06W0g+ZL4zK9w7v7xTff6sinm7cNw3UcQfWbo8/R7DTEph4KFIzHPvy5kuAFk1A13uwrGvodapoh/gDyZ6laCA53S/nDy6nFeNtr3TYer8FXlZGXXe9DglBXWtYLcOc6pEM8r3rab13sbev5KgJOPUcg/ebtH6voyF/dfvsTh+hDRMtpOS+7JTV89Bn4zcDm9/8/2DzAEDhxb28YUKwgdVM30sF4e3/4+qedafQr2OIMRJqRFMxaDD6amvXw09qmp48edKDEQRCmqKi/iGPZQUtZNxrNBld+iOj8l/53dgum5DTQgrWhioeEgueWWmhLjepSpfrxW8HgeFTQMc/Eev8ASD2f1tL7rOC3XxTkQgxvLBpNm1UucI0GC/f3u0DOwL8R6z4gG2ZF5sQy0grAxiKRQOOHslw2OdKcEJCZPx8Dt53zHN5C/MhazWZcsIXS4sBE7lafC7cPS/C/kV5rNv+hvuLSrvaT3IEGx9Bfrt391FGssaqL1f6HeFBtSk7+IuGLJIFWurZ/LuZnGBcJZ9TBB7a9dpO5yj6trn/QTuaVoE7wsYJmtCpEkg/jjlQ2/SZMZlf9zUsauebwJKlm5l7U6aIlu6lsOkTdtGsNcTE2qgmN/3vZjguDCg+0/cVDQE6iyDafpatojv9/+7JAxd/Hf2ITmYb04GRn2TqPy0HPcBj4czkwJ7+q59oj49E8leFdQx/dFRFmwHk8N4XD8/Sn1rSrc3LnDcBu//xhBKf1pUoEjq2AEDYGIiY1j1Aoa1h11DxQdEx1qc4uKoVL6PHm/NA9LA5fKtwjfCmebNaVGmFx+Oq+EcHdMnL3g8GEYWkd59u0BgRaW1XeTTdF7lksNYqtwNii8fhw50oiquGwlcADksrGCxQtzrTSLq8Zt0npiOaXe1hKGuQEAsNRm5nzu7fruf2AKkQwh9RKyU1lpAux/y2cWQcvjRqldY0ZAuim7c+YmnXoWEe/xQ3k4QHn+xSooCrRjwbrV3bbMl2JdPyC4tt2MRjF/LIsH3lNWOTAXT4saFKO6dyigZoQvW88xaDPCiOIKMbL9yy9dGp5JQnk1AQv1/4UjyVgUdVakGEep0iR7euqh9m+vu1/o8WsE+lbO2S5X2WQxFxxzTnBT24AgoK2Qy9FXfmL9VQWTcif6I0tGFwGnQpp1n0Cn+37Ta+jYXtllWg1AmX8PtE18qjW/gHGh/U1aMHOLSJ6n/VmJyk9IUmmtA2q3D1tFCSGtCjd661kipUpBvi1u8dvRXz1jhrWIu0uKZ9FhMvsR4zi/oB98ZkEUSB0aUd0dCrJe7c9FHtUdDo5g7YfHY7Ch4yLMuvhfkmQa+dddXwuQNcmHdLq27PNah3v7A9SUgqZyHi+I4efjy17K3WxqxO9DJY7iaqa2KJkJifdAZ/YNRzmiL9RO4NRnheF7vc0W9fF5Ih/r1nxwLwbjyOZwIToksEgot1C2wfJpc6ylObuTCL2+/KpYKh1NGjZHRdQtEHxAaRxPhK3WW/iKT1U1g04YluHyxdlo0fiEYXikndhbNassN7fVF27FL0uCBNv75D5W0+KlYpWlSaYnBMqXMLm2Aw5cgIQueCGzMPCZf5yapP8BZUzBrURxYOiEbPPrLDzQZnSVfGDJJ9qBMBpDgtFE7fQVp11HUwwdps4bgrn1f0uTjf9G08eFTRV9jKKrhKnBZFRqNpiM97n5w+YuzTVwV4RcgXIqanZbd0q6lstQo6Ls9sg46yUQUmage6PWf/OBRdCU+1Rk0ve7uPYHATAP0gOu4HuEYbGU9Nz0BRQfGf/+Hf5xqJp1O1MzMMXpCn5kDhqZuNJRuHN26dVgk9EgviLsYSyeHJaG/yYpk3ZtRiTQU/fOKbaX8lpgCON/0UKS1rCPrf9ub1+rsZGQOYtJOGbnXulTcY8mcb//7SXTPJxPsgA51d+yZ6EgjQLc1G1E2HWzWNLSjSkd4vICoSqgM1uCecF+uacE9u9qlqaugRqT6LH65Nw6RCOlvmyJjzNh9R2xmjOqewz0QPzeojuF0DqxHmJfgyLqhv3bUrdoo3ESQ1yJPwl9srHejn0vK8MPdKB6GOocYg/Gh4fNGqxNXTG9Kz0sAw90qKByA4AfYPH7/7sscsHg+Mr3o0Ih5AJsJ9/JUBdhqMEYAVOC9kEMNgu+5HXY1aO7CfTCD/T+EuI8qYg3Dj9yVt1G0fXmCor+u7ETD2Sq8coiYJ03uCEsNqOLvCyUmZOlcBt2ZwWeNGhWokgEm9ybXQFjLhBTQ4qNrFww70oQk7Utxxgsdq/X/TWeBKWZwXDYxwiEs0mANp+YuvrDd/IrMHinThFP5wMoMG+mGapdX8uEGu6PByfd3kwzdVLPRA/dE/qxJEvVX1U8kthcxlhR3KZtmGvBDu6RZjldNVEGkjN8k8eOxMuCdiyPHRhBFHVEhEOvxkrmPtwGURFdY/7sgCXW8wYSYxmQkOzbi+6qymtcPOGxpDPHlN6ValdZih1QCotonxTF+cFVc9i41v5/VeQ9g283ujbr9P0+gqwt89mdZjG3fLPWgp4sNf9FUKo5/oHz2wkFqkdwpakNxB6KEOFIi7KgW2QP862z40waTW8/t8U6PsaYPGt2yLyssx0rHJunI0DgpxvB3FatR7EzU4xedcvribCKkX744p+iaDtIavvmVdiAPyvdZFun8fHatWK6gB9S6asrfRAK0y0yEcAU0PuLeA+h4a5VqFaRiqRxKH4sGEaYM8bsXuZPzpDeCCq1UAiaqAELGt3DFLB0OpbO3mS4ilL9kw9P/cvz/wX/nghiPRvj6Mm9qeonm/PBBfNmsnJeidGNCP3ZUD1iFkMxNIaA3oXayXwBd4+2FwY6m/jT8Gx0YseOZ4uoAiZnOBY6rrex/1pzMH/si696NtbUzw5d0RShZ13zS5LAw76QrZDsCK0YkFOnJm3Rcf6CfNDe1Efv+rTmsGwgT3tgWXp3UEeidTFrgaeMAFIfIsjKy1BSbx9ALhmORjfafEJLmZko06TWOr6fNWHIg/gWFkdFv2KmPy6/3xrqJm4vHbWdGnRSjEgnRVDZGwqTJEv35JO+CV7K78uU14VzUakgU7thEgS00hquoysOeK6Ibw3xun4NljPdb8++8u0kFXtjjFfNjpkzF82hfzurSbeF1NCPOxsP2og9xRCCmLFPcYvuHgjGGbx997lOnffoC3rfmKKnwKe40ugD6P2/+k/KKkzU1Dao+Tz/a2at69iLNLbrn8sVjFaBRadWV8eacl/kdw9f4vTNaqj4oCzqtJRKV4GDTbSwqjAi5HKI2ZjKw4KSLDnNxU7KoAZ0FBK99MBsRjN7lG/Gfm/ymF86S91Jh3z8O/FUFoi0EK+V2Z5B9vk=</xenc:CipherValue>
                        </xenc:CipherData>
                      </xenc:EncryptedData>
                    </trust:RequestedSecurityToken>
                    <trust:RequestedAttachedReference>
                      <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                        <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier>
                      </o:SecurityTokenReference>
                    </trust:RequestedAttachedReference>
                    <trust:RequestedUnattachedReference>
                      <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                        <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier>
                      </o:SecurityTokenReference>
                    </trust:RequestedUnattachedReference>
                    <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
                    <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
                    <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
                  </trust:RequestSecurityTokenResponse>
                </trust:RequestSecurityTokenResponseCollection>
              </wresult>
              <wctx>rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx</wctx>
            </Request>
          </PassiveMessageTraceRecord>
        </TraceRecord>
      </DataItem>
    </TraceData>
  </ApplicationData>
</E2ETraceEvent>

The Reference trace contains information about references in SignedInfo: the ReferenceId (a URI), a Boolean value that indicates equality, the computed digest, and the reference digest.

The following is an example Reference trace:

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
    <EventID>1</EventID>
    <Type>3</Type>
    <SubType Name="Verbose">0</SubType>
    <Level>16</Level>
    <TimeCreated SystemTime="2009-11-04T01:36:22.2969573Z" />
    <Source Name="Microsoft.IdentityModel" />
    <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
    <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" />
    <Channel />
    <Computer>MyComputer</Computer>
  </System>
  <ApplicationData>
    <TraceData>
      <DataItem>
        <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Verbose">
          <Description>Computing and checking digest of reference.</Description>
          <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain>
          <ReferenceTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/ReferenceTraceRecord">
            <Reference>#_a4e312b7-af54-4623-9c36-9d1da05b16de</Reference>
            <Equal>True</Equal>
            <ComputedDigestBase64>Y0WvY8uYETf/oWAYd+x6kPHxzgvH4XqcibGwt67PsZA=</ComputedDigestBase64>
            <ReferenceDigestBase64>Y0WvY8uYETf/oWAYd+x6kPHxzgvH4XqcibGwt67PsZA=</ReferenceDigestBase64>
          </ReferenceTraceRecord>
        </TraceRecord>
      </DataItem>
    </TraceData>
  </ApplicationData>
</E2ETraceEvent>

The Token trace contains information about the token. Currently, only SessionTokens, Saml11 and Saml2 tokens are traced when reading. This trace contains different information for each token type.

The following is an example Token trace:

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
    <EventID>1</EventID>
    <Type>3</Type>
    <SubType Name="Verbose">0</SubType>
    <Level>16</Level>
    <TimeCreated SystemTime="2009-11-04T01:36:22.2969573Z" />
    <Source Name="Microsoft.IdentityModel" />
    <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
    <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" />
    <Channel />
    <Computer>MyComputer</Computer>
  </System>
  <ApplicationData>
    <TraceData>
      <DataItem>
        <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Verbose">
          <Description>Validating SecurityToken.</Description>
          <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain>
          <TokenTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/TokenTraceRecord">
            <SecurityToken Type="System.IdentityModel.Tokens.SamlSecurityToken">
              <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_a4e312b7-af54-4623-9c36-9d1da05b16de" Issuer="PassiveSigninSTS" IssueInstant="2009-11-04T01:36:22.156Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
                <saml:Conditions NotBefore="2009-11-04T01:36:22.156Z" NotOnOrAfter="2009-11-04T02:36:22.156Z">
                  <saml:AudienceRestrictionCondition>
                    <saml:Audience>https://localhost/PassiveRedirectBasedClaimsAwareWebApp</saml:Audience>
                  </saml:AudienceRestrictionCondition>
                </saml:Conditions>
                <saml:AttributeStatement>
                  <saml:Subject>
                    <saml:SubjectConfirmation>
                      <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
                    </saml:SubjectConfirmation>
                  </saml:Subject>
                  <saml:Attribute AttributeName="name" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
                    <saml:AttributeValue>MyName</saml:AttributeValue>
                  </saml:Attribute>
                  <saml:Attribute AttributeName="myID" AttributeNamespace="http://WindowsIdentityFoundationSamples">
                    <saml:AttributeValue>myemail@contoso.com</saml:AttributeValue>
                  </saml:Attribute>
                  <saml:Attribute AttributeName="AgeClaim" AttributeNamespace="http://WindowsIdentityFoundationSamples/2008/05">
                    <saml:AttributeValue a:type="tn:integer" xmlns:a="http://www.w3.org/2001/XMLSchema-instance" xmlns:tn="http://www.w3.org/2001/XMLSchema">50</saml:AttributeValue>
                  </saml:Attribute>
                </saml:AttributeStatement>
                <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                  <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod>
                    <ds:Reference URI="#_a4e312b7-af54-4623-9c36-9d1da05b16de">
                      <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
                      </ds:Transforms>
                      <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
                      <ds:DigestValue>Y0WvY8uYETf/oWAYd+x6kPHxzgvH4XqcibGwt67PsZA=</ds:DigestValue>
                    </ds:Reference>
                  </ds:SignedInfo>
                  <ds:SignatureValue>NtLi5N5V/fOqTLxJZLMjODgPoAPxMllaPN1xsboU712EDk6TZ5RrdZjvjprKFEYKHCKG1bg779VXoXGYZImi0enBoyL0kXYtdfEtHTmYBwpXyib1bbhP0IuFAVQ7JCkhFDmODWA6nDLYBtlz2FQwEVqGnNM5OCDZZ6ItLvq7rnI=</ds:SignatureValue>
                  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <X509Data>
                      <X509Certificate>MIIB7jCCAVugAwIBAgIQ3Vh0/hsIm4RA2OvQLeSjvjAJBgUrDgMCHQUAMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0wMDAxMDEwODAwMDBaFw0zNjAxMDEwODAwMDBaMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtINoa5bYMLtbJoewBFrajwnQu3K8lahVL3EokQLuXZNA59DFzf1KJTjeAa+otkydNZygMqYj6odA/PHS1v36Kt+9KU88jj+HmxCY3zlzLLLAeLphMNboV69qrv8Xhjl9Av8p3+YEQWecN+z2NT4jN/b93zHuum0UOHxgpzeuBF0CAwEAAaNJMEcwRQYDVR0BBD4wPIAQ7LJlFrGxniplf/NwIOqPJ6EWMBQxEjAQBgNVBAMTCWxvY2FsaG9zdIIQ3Vh0/hsIm4RA2OvQLeSjvjAJBgUrDgMCHQUAA4GBAB+WKIcbd7DhDmThLxlH5M2YoGNKnwx4YqPKz5J7MaM+G5D1YGG9PQfQtxLi7E6G+slSIJ73Vhhf7odZ9VE7znnh2qLISe0THnWg8NUqm9eSLpUEixzoxQQsqZf24z0qtzVlsrjJNc4EnY2F71vUc0+1FlTZvZU0CVVNX349wiUc</X509Certificate>
                    </X509Data>
                  </KeyInfo>
                </ds:Signature>
              </saml:Assertion>
            </SecurityToken>
          </TokenTraceRecord>
        </TraceRecord>
      </DataItem>
    </TraceData>
  </ApplicationData>
</E2ETraceEvent>

The WsFedMessage trace contains information when WSFederationMessges are received: CanReadSignInResponse, GetReturnUrlFromResponse, CreateSignInResponse, and GetSignInResponse.

The following is an example WsFedMessage trace:

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
    <EventID>1</EventID>
    <Type>3</Type>
    <SubType Name="Information">0</SubType>
    <Level>8</Level>
    <TimeCreated SystemTime="2009-11-04T01:36:22.2657059Z" />
    <Source Name="Microsoft.IdentityModel" />
    <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
    <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" />
    <Channel />
    <Computer>MyComputer</Computer>
  </System>
  <ApplicationData>
    <TraceData>
      <DataItem>
        <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information">
          <Description>GetSignInResponseMessage</Description>
          <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain>
          <WSFederationMessageTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/WSFederationMessageTraceRecord">
            <WSFederationMessage>
              <BaseUri>https://localhost/PassiveRedirectBasedClaimsAwareWebApp/Default.aspx</BaseUri>
              <wa>wsignin1.0</wa>
              <wresult>
                <trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
                  <trust:RequestSecurityTokenResponse Context="rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx">
                    <trust:Lifetime>
                      <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T01:36:22.156Z</wsu:Created>
                      <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T02:36:22.156Z</wsu:Expires>
                    </trust:Lifetime>
                    <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
                      <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
                        <Address>https://localhost/PassiveRedirectBasedClaimsAwareWebApp</Address>
                      </EndpointReference>
                    </wsp:AppliesTo>
                    <trust:RequestedSecurityToken>
                      <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></xenc:EncryptionMethod>
                        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                          <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                            <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                              <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
                            </e:EncryptionMethod>
                            <KeyInfo>
                              <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                                <X509Data>
                                  <X509IssuerSerial>
                                    <X509IssuerName>CN=localhost</X509IssuerName>
                                    <X509SerialNumber>-46063684837087187425230596485139881026</X509SerialNumber>
                                  </X509IssuerSerial>
                                </X509Data>
                              </o:SecurityTokenReference>
                            </KeyInfo>
                            <e:CipherData>
                              <e:CipherValue>Hjwt9Qfo/+fSaIqxy2vFIaVuPhKxHjmfYZsWLIAe8KZg4mNz4IH9j1eeMuJUdSiNY7yiv7SXVbVNmpi/lsSON8H9vVVpMgfYbr23tgbWjTKSJp59VWwzURx/MqyNOerlRc8GOSNz9S8AgVVm6twFYw/ZgScYFklYQuNKCEAYChU=</e:CipherValue>
                            </e:CipherData>
                          </e:EncryptedKey>
                        </KeyInfo>
                        <xenc:CipherData>
                          <xenc:CipherValue>hrt5PmmAaa3frZjz928PcWhXlUf+xzsR7pUSAosRfQ4MkNvyJtC12Bf4RdEYmauF59Pi2g+5WMggZj8RHfekTzV1k87jmNPxzQ9zcN8JVuz1UsqP3ADgEZiesnhSlhpfaogD3fgmFpCBikwFLg4I60y2X/0yQt+hBHqLcvu3LKbAy81tkPPx9qJYy+1y1FBbm0Wt55GdDwo+f9akJMXJkXc0MhYbNRKIsMWuWbVo73TF3aHJ8AqYjJy7kuWXdvxqbCo6yW0SkEiid6FYAG1/Rl6tB8BOaye8YlpPJRBeFkojHaa9RohnSZ73KPFH9JbFXERQfpN9Z5I1yLvkSkWbu81O3z4epgFVBcr+ARuRc5RnVnuQg7IUMeQFm5d2HD80DuonqrUkJC7+kr3ur//Hdc5WTSxCCVRTrR/YLuFRLDKjXfJ8gYXUkTCI8Ca9yoMesjNZWAT6nf0pu3P/DHh0IczdcGhMYelZiHTY6C5au0ZqMvJudgbLyLvhkM+tTX8Nt0MZFt7FEYz/QXrBjh6t5/WbItFf+2P6ZPQuGQFCMsJo0zMonmxQzUBMJbrG1hNrb2w27+RXAh5Xhvie/4njwaAmcb3nWanohs8AEU41kODsYrjbq+7VfqyyIIWvnL+8T1QEABXuGPbme+Jkp6xHViL5FHPLsHR9l9IAQwWTn85D+/LBlmSPA/avPst1nIUk5cCkwwg06W0g+ZL4zK9w7v7xTff6sinm7cNw3UcQfWbo8/R7DTEph4KFIzHPvy5kuAFk1A13uwrGvodapoh/gDyZ6laCA53S/nDy6nFeNtr3TYer8FXlZGXXe9DglBXWtYLcOc6pEM8r3rab13sbev5KgJOPUcg/ebtH6voyF/dfvsTh+hDRMtpOS+7JTV89Bn4zcDm9/8/2DzAEDhxb28YUKwgdVM30sF4e3/4+qedafQr2OIMRJqRFMxaDD6amvXw09qmp48edKDEQRCmqKi/iGPZQUtZNxrNBld+iOj8l/53dgum5DTQgrWhioeEgueWWmhLjepSpfrxW8HgeFTQMc/Eev8ASD2f1tL7rOC3XxTkQgxvLBpNm1UucI0GC/f3u0DOwL8R6z4gG2ZF5sQy0grAxiKRQOOHslw2OdKcEJCZPx8Dt53zHN5C/MhazWZcsIXS4sBE7lafC7cPS/C/kV5rNv+hvuLSrvaT3IEGx9Bfrt391FGssaqL1f6HeFBtSk7+IuGLJIFWurZ/LuZnGBcJZ9TBB7a9dpO5yj6trn/QTuaVoE7wsYJmtCpEkg/jjlQ2/SZMZlf9zUsauebwJKlm5l7U6aIlu6lsOkTdtGsNcTE2qgmN/3vZjguDCg+0/cVDQE6iyDafpatojv9/+7JAxd/Hf2ITmYb04GRn2TqPy0HPcBj4czkwJ7+q59oj49E8leFdQx/dFRFmwHk8N4XD8/Sn1rSrc3LnDcBu//xhBKf1pUoEjq2AEDYGIiY1j1Aoa1h11DxQdEx1qc4uKoVL6PHm/NA9LA5fKtwjfCmebNaVGmFx+Oq+EcHdMnL3g8GEYWkd59u0BgRaW1XeTTdF7lksNYqtwNii8fhw50oiquGwlcADksrGCxQtzrTSLq8Zt0npiOaXe1hKGuQEAsNRm5nzu7fruf2AKkQwh9RKyU1lpAux/y2cWQcvjRqldY0ZAuim7c+YmnXoWEe/xQ3k4QHn+xSooCrRjwbrV3bbMl2JdPyC4tt2MRjF/LIsH3lNWOTAXT4saFKO6dyigZoQvW88xaDPCiOIKMbL9yy9dGp5JQnk1AQv1/4UjyVgUdVakGEep0iR7euqh9m+vu1/o8WsE+lbO2S5X2WQxFxxzTnBT24AgoK2Qy9FXfmL9VQWTcif6I0tGFwGnQpp1n0Cn+37Ta+jYXtllWg1AmX8PtE18qjW/gHGh/U1aMHOLSJ6n/VmJyk9IUmmtA2q3D1tFCSGtCjd661kipUpBvi1u8dvRXz1jhrWIu0uKZ9FhMvsR4zi/oB98ZkEUSB0aUd0dCrJe7c9FHtUdDo5g7YfHY7Ch4yLMuvhfkmQa+dddXwuQNcmHdLq27PNah3v7A9SUgqZyHi+I4efjy17K3WxqxO9DJY7iaqa2KJkJifdAZ/YNRzmiL9RO4NRnheF7vc0W9fF5Ih/r1nxwLwbjyOZwIToksEgot1C2wfJpc6ylObuTCL2+/KpYKh1NGjZHRdQtEHxAaRxPhK3WW/iKT1U1g04YluHyxdlo0fiEYXikndhbNassN7fVF27FL0uCBNv75D5W0+KlYpWlSaYnBMqXMLm2Aw5cgIQueCGzMPCZf5yapP8BZUzBrURxYOiEbPPrLDzQZnSVfGDJJ9qBMBpDgtFE7fQVp11HUwwdps4bgrn1f0uTjf9G08eFTRV9jKKrhKnBZFRqNpiM97n5w+YuzTVwV4RcgXIqanZbd0q6lstQo6Ls9sg46yUQUmage6PWf/OBRdCU+1Rk0ve7uPYHATAP0gOu4HuEYbGU9Nz0BRQfGf/+Hf5xqJp1O1MzMMXpCn5kDhqZuNJRuHN26dVgk9EgviLsYSyeHJaG/yYpk3ZtRiTQU/fOKbaX8lpgCON/0UKS1rCPrf9ub1+rsZGQOYtJOGbnXulTcY8mcb//7SXTPJxPsgA51d+yZ6EgjQLc1G1E2HWzWNLSjSkd4vICoSqgM1uCecF+uacE9u9qlqaugRqT6LH65Nw6RCOlvmyJjzNh9R2xmjOqewz0QPzeojuF0DqxHmJfgyLqhv3bUrdoo3ESQ1yJPwl9srHejn0vK8MPdKB6GOocYg/Gh4fNGqxNXTG9Kz0sAw90qKByA4AfYPH7/7sscsHg+Mr3o0Ih5AJsJ9/JUBdhqMEYAVOC9kEMNgu+5HXY1aO7CfTCD/T+EuI8qYg3Dj9yVt1G0fXmCor+u7ETD2Sq8coiYJ03uCEsNqOLvCyUmZOlcBt2ZwWeNGhWokgEm9ybXQFjLhBTQ4qNrFww70oQk7Utxxgsdq/X/TWeBKWZwXDYxwiEs0mANp+YuvrDd/IrMHinThFP5wMoMG+mGapdX8uEGu6PByfd3kwzdVLPRA/dE/qxJEvVX1U8kthcxlhR3KZtmGvBDu6RZjldNVEGkjN8k8eOxMuCdiyPHRhBFHVEhEOvxkrmPtwGURFdY/7sgCXW8wYSYxmQkOzbi+6qymtcPOGxpDPHlN6ValdZih1QCotonxTF+cFVc9i41v5/VeQ9g283ujbr9P0+gqwt89mdZjG3fLPWgp4sNf9FUKo5/oHz2wkFqkdwpakNxB6KEOFIi7KgW2QP862z40waTW8/t8U6PsaYPGt2yLyssx0rHJunI0DgpxvB3FatR7EzU4xedcvribCKkX744p+iaDtIavvmVdiAPyvdZFun8fHatWK6gB9S6asrfRAK0y0yEcAU0PuLeA+h4a5VqFaRiqRxKH4sGEaYM8bsXuZPzpDeCCq1UAiaqAELGt3DFLB0OpbO3mS4ilL9kw9P/cvz/wX/nghiPRvj6Mm9qeonm/PBBfNmsnJeidGNCP3ZUD1iFkMxNIaA3oXayXwBd4+2FwY6m/jT8Gx0YseOZ4uoAiZnOBY6rrex/1pzMH/si696NtbUzw5d0RShZ13zS5LAw76QrZDsCK0YkFOnJm3Rcf6CfNDe1Efv+rTmsGwgT3tgWXp3UEeidTFrgaeMAFIfIsjKy1BSbx9ALhmORjfafEJLmZko06TWOr6fNWHIg/gWFkdFv2KmPy6/3xrqJm4vHbWdGnRSjEgnRVDZGwqTJEv35JO+CV7K78uU14VzUakgU7thEgS00hquoysOeK6Ibw3xun4NljPdb8++8u0kFXtjjFfNjpkzF82hfzurSbeF1NCPOxsP2og9xRCCmLFPcYvuHgjGGbx997lOnffoC3rfmKKnwKe40ugD6P2/+k/KKkzU1Dao+Tz/a2at69iLNLbrn8sVjFaBRadWV8eacl/kdw9f4vTNaqj4oCzqtJRKV4GDTbSwqjAi5HKI2ZjKw4KSLDnNxU7KoAZ0FBK99MBsRjN7lG/Gfm/ymF86S91Jh3z8O/FUFoi0EK+V2Z5B9vk=</xenc:CipherValue>
                        </xenc:CipherData>
                      </xenc:EncryptedData>
                    </trust:RequestedSecurityToken>
                    <trust:RequestedAttachedReference>
                      <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                        <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier>
                      </o:SecurityTokenReference>
                    </trust:RequestedAttachedReference>
                    <trust:RequestedUnattachedReference>
                      <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                        <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier>
                      </o:SecurityTokenReference>
                    </trust:RequestedUnattachedReference>
                    <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
                    <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
                    <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
                  </trust:RequestSecurityTokenResponse>
                </trust:RequestSecurityTokenResponseCollection>
              </wresult>
              <wctx>rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx</wctx>
            </WSFederationMessage>
          </WSFederationMessageTraceRecord>
        </TraceRecord>
      </DataItem>
    </TraceData>
  </ApplicationData>
</E2ETraceEvent>

WIF exceptions are traces with a complete stack. The following is an example exception trace:

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
    <EventID>8</EventID>
    <Type>3</Type>
    <SubType Name="Error">0</SubType>
    <Level>2</Level>
    <TimeCreated SystemTime="2009-08-28T01:04:27.2624325Z" />
    <Source Name="Microsoft.IdentityModel" />
    <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
    <Execution ProcessName="ActiveStsExample.vshost" ProcessID="8908" ThreadID="11" />
    <Channel/>
    <Computer>MyComputer</Computer>
  </System>

  <ApplicationData>
    <TraceData>
      <DataItem>
        <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Error">

          <Description>Handled exception.</Description>

          <AppDomain>ActiveStsExample.vshost.exe</AppDomain>

          <Exception>

            <ExceptionType>System.Security.AccessControl.PrivilegeNotHeldException, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>

            <Message>The process does not possess the 'SeTcbPrivilege' privilege which is required for this operation.</Message>

            <StackTrace>
              at Microsoft.IdentityModel.Privilege.EnableTokenPrivilege(SafeCloseHandle threadToken)
              at Microsoft.IdentityModel.Privilege.Enable()
              at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.KerberosCertificateLogon(X509Certificate2 certificate)
              at Microsoft.IdentityModel.Claims.WindowsClaimsIdentity.CertificateLogon(X509Certificate2 x509Certificate)
              at Microsoft.IdentityModel.Claims.WindowsClaimsIdentity.CreateFromCertificate(X509Certificate2 certificate, Boolean useWindowsTokenService)
              at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
              at Microsoft.IdentityModel.Tokens.WrappedX509SecurityTokenAuthenticator.ValidateTokenCore(SecurityToken token)
              at System.IdentityModel.Selectors.SecurityTokenAuthenticator.ValidateToken(SecurityToken token)
              at System.ServiceModel.Security.TlsnegoTokenAuthenticator.ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation)
              at System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ProcessNegotiation(SspiNegotiationTokenAuthenticatorState negotiationState, Message incomingMessage, BinaryNegotiation incomingNego)
              at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.ProcessRequestCore(Message request)
              at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.NegotiationHost.NegotiationSyncInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp;amp; outputs)
              at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp;amp; rpc)
              at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp;amp; rpc)
              at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc&amp;amp; rpc)
              at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
              at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext)
              at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext)
              at System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result)
              at System.ServiceModel.Diagnostics.Utility.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
              at System.ServiceModel.AsyncResult.Complete(Boolean completedSynchronously)
              at System.ServiceModel.Channels.InputQueue`1.AsyncQueueReader.Set(Item item)
              at System.ServiceModel.Channels.InputQueue`1.Dispatch()
              at System.ServiceModel.Channels.InputQueue`1.OnDispatchCallback(Object state)
              at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke2()
              at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
              at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke()
              at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ProcessCallbacks()
              at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.CompletionCallback(Object state)
              at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
              at System.ServiceModel.Diagnostics.Utility.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
              at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
            </StackTrace>

            <ExceptionString>System.Security.AccessControl.PrivilegeNotHeldException: The process does not possess the 'SeTcbPrivilege' privilege which is required for this operation.</ExceptionString>

          </Exception>
        </TraceRecord>
      </DataItem>
    </TraceData>
  </ApplicationData>

</E2ETraceEvent>

AppDomain unloading is traced in WIF. The following is an example of the AppDomain Unloading trace:

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
    <EventID>2</EventID>
    <Type>3</Type>
    <SubType Name="Information">0</SubType>
    <Level>8</Level>
    <TimeCreated SystemTime="2009-08-28T01:04:44.0647095Z" />
    <Source Name="Microsoft.IdentityModel" />
    <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
    <Execution ProcessName="ActiveStsExample.vshost" ProcessID="8908" ThreadID="2" />
    <Channel/>
    <Computer>MyComputer</Computer>
  </System>

  <ApplicationData>
    <TraceData>
      <DataItem>
        <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information">

          <Description>AppDomain unloading.</Description>

          <AppDomain>ActiveStsExample.vshost.exe</AppDomain>

          <AppDomain.FriendlyName>ActiveStsExample.vshost.exe</AppDomain.FriendlyName>

          <ProcessName>ActiveStsExample.vshost</ProcessName>

          <ProcessId>8908</ProcessId>

        </TraceRecord>
      </DataItem>
    </TraceData>
  </ApplicationData>

</E2ETraceEvent>

The following diagram shows which traces correspond to which events in the relying party application pipeline.

RP Tracing



Show:
© 2014 Microsoft. All rights reserved.