Introduction
Talis may give you a link to a login service in 'debug mode' so that when your Identity Provider returns you to Talis Aspire's Service Provider, you can see exactly what information is being sent.
This article explains the flow of the requests and what to expect.
Why do we need a debug mode?
Talis' Service Provider provides a login service for all Talis Products. This service devolves authentication to your university's authentication identity provider (IDP). It requires a number of specific attributes which are detailed in this article about setting up devolved authentication.
The debug mode allows a user who has successfully logged in (and only that user) to see the SAML 2 response from your Identity Provider. You can use this to iteratively test that your IDP is releasing the correct values to us when either setting up devolved authentication or devolved constraints.
The debug mode only happens when requested using a specific URL, and Talis technical staff will supply this to you.
What am I seeing now that debug mode is enabled?
- When you first load the URL, you will be redirected to your SSO for login.
- When you have logged in you will be redirected back to our Talis service provider.
- At this point you will see a screen full of information and XML which is the SAML response that your IdP is sending to our SP.
- In that XML response we expect to see an attribute for the
eduPersonTargettedID. - You might also use this to see what other information is being sent to Talis Aspire from your IDP.
Talis technical staff can supply the URL for this debug mode for your tenancy, and we'd only share this in particular circumstances.