Review the server log messages using the Tracking ID value provided by the user.
  1. Ask the user for the Tracking ID value in the error message.
  2. Search for the tracking ID in the server log.
  3. Review the log messages and payloads pertaining to the transaction that is associated with the tracking ID.

In general, the most useful log messages are the ones tagged with WARN, ERROR, or prefixed with Caused by.

Example

Suppose an error occurred and the associated the tracking ID was V3IwuUsy8PQp-9ZbE9UfUjOEo9c. Based on the tracking ID, you found the following log message.

2015-12-03 11:13:33,784 tid:V3IwuUsy8PQp-9ZbE9UfUjOEo9c DEBUG [org.sourceid.servlet.HttpServletRespProxy] adding lazy cookie Cookie{PF=OaxBwPGw5OBeHVXe1sgifB7iZR5Rz2VI4rhJwqUSIXV; path=/; maxAge=-1; domain=null} replacing null

After reviewing the related log messages, you found the next few messages.

2015-12-03 12:36:21,176 tid:V3IwuUsy8PQp-9ZbE9UfUjOEo9c ERROR [org.sourceid.saml20.profiles.idp.HandleAuthnRequest] Exception occurred during request processing org.sourceid.websso.profiles.RequestProcessingException: Unexpected Runtime Authn Adapter Integration Problem.

...

Caused by: org.sourceid.saml20.adapter.AuthnAdapterException: Could not obtain attributes from the IdP Authentication Service.

Based on these log messages, the remedy is to review and update the configuration of the applicable identity provider (IdP) adapter instance.