SSO Troubleshooting

A desktop browser:

Chrome (recommended)
Firefox (alternative)
Edge (alternative)

A SAML tracing extension:

- SAML-tracer for Firefox
  - **SAML Chrome Panel for Chrome
    **
  - SAML oAuth Tracer for Edge

Steps to Capture a SAML Trace

1. Launch the Tracing Tool

Open SAML-tracer from your browser’s toolbar.
It opens in a new window and starts recording requests automatically.

In a new tab, go to 👉 https://app.scopestack.io
Enter your work email address.
The app will detect your domain and redirect you to your Azure login page.
Continue the login flow until the error occurs or you’re redirected unexpectedly.

⚠️ Important: Keep the SAML-tracer window open while you complete the login attempt.

3. Review the SAML Traffic

In the SAML-tracer window:

Look for HTTP POST requests with URLs that include /saml or /acs.
Click one of these entries.
In the right-hand pane, look under the SAML tab.

You’ll see:

A SAML Request going to Azure from ScopeStack
A SAML Response coming back from Azure to ScopeStack

✅ You should see your email under NameID and attributes like email, name, etc.
🚫 If the response is missing key fields or shows an error, that could be the source of the issue.

💾 Export the Trace

After you’ve captured the full flow:

Firefox:

Click the 💾 Save icon in SAML-tracer to export a .har file

Chrome:

Right-click in the SAML Chrome Panel > Save as HAR with content

📬 Send to Support

Please email the exported file to: support@scopestack.io
Include:

Your email address
Time of your login attempt
A short description of what you saw (error message, unexpected loop, etc.)

Subject Line:
SSO Login Issue – SAML Trace Attached

Required Azure Attributes

ScopeStack expects these in your SAML Response:

NameID = your email address
Attributes:
- email
- name
- firstName (optional)
- lastName (optional)

Need help interpreting the trace or checking your configuration? Contact support@scopestack.io.