# Troubleshoot SAML

You can configure Moogsoft Enterprise so that so users from an external directory can log in by Single Sign-On (SSO) using Security Assertion Markup Language (SAML). This topic contains ideas to help you debug SAML connection and configuration problems. See SAML Strategies and Tips for strategies to help you decide how to configure the SAML integration.

Most SAML integration issues occur as a result of misconfiguration. If checking your configuration using the instructions in Configure Single Sign-On with SAML does not solve the problem, there are two methods you can use to obtain the diagnostic data you require to debug SAML issues.

## SAML debugging tool

View the available add-ons for your browser to choose and install a SAML debugging tool. These tools typically show the outgoing request and the response received by Moogsoft Enterprise. If the payloads are not encrypted, you will be able to see the claims returned in the response from the SAML identity provider (IdP).

## Trace logging

Enable "trace" logging for the moogsvr UI component. Once enabled, the $APPSERVER_HOME/logs/catalina.out log file shows the returned claim data as it is processed. Your system administrator can use this data to validate the claim data being returned by the IdP and ensure it is mapped correctly in $MOOGSOFT_HOME/config/security.conf.

See Configure Logging for information on log levels.