Message Visualizer is a graphical utility that a developer or administrator can use to view the participants in a session and monitor the messages flowing between them. It gets extremely difficult to troubleshoot the messages flow in a complex service aggregation environment where multiple services participate in a CSF Session context that too in a production environment. This tool should make that easier. Currently there are some challenges to configure the tool which I have addressed in this article.
How do I configure the Message Visualizer(MV) so that I can see the message flow?
To configure Message Visualizer, follow the below steps to ensure that messages are traced correctly and are viewable in MV:
1. Apply TraceAssertion to all the incoming and outgoing messages of Session
a. To apply the TraceAssertion for the incoming message from a participant, you need to add the TraceAssertion (highlighted below) in the SessionServerPolicy which can be found in SessionPolicy.config.
<policy name="SessionServerPolicy">
<authorization>
<allow role="<YOURDOMAIN>\Requestors@CSF_Session"/>
<deny user="*"/>
</authorization>
<traceAssertion remoteServerUri="http://<YOURMACHINENAME>:9502/LogWriter.soap" />
<dynamicSecurity>
<usernameOverTransportSecurity/>
<kerberosSecurity establishSecurityContext="false" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" ttlInSeconds="300">
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true"/>
<response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true"/>
<fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false"/>
</protection>
</kerberosSecurity>
</dynamicSecurity>
<requireActionHeader/>
</policy>
b. To apply the TraceAssertion for the outgoing message to a participant from Session, you need to include the TraceAssertion in the Policy that is applied for that service participant. To apply a specific policy to a participant, you need to include the PolicyDocument element as described below in the ParticipantManifest and specify the policy name (highlighted) in the Reference element.
<PolicyDocument>
<Reference>ServiceParticipantPolicy</Reference>
<Include>
<SecondaryCredentialMap>
<PrimaryCredentialForMessage>None</PrimaryCredentialForMessage>
<PrimaryCredentialForTransport transportAuthenticationType="Digest">None</PrimaryCredentialForTransport>
</SecondaryCredentialMap>
</Include>
</PolicyDocument>
Note: This is an example. The value for PrimaryCredentialForMessage or PrimaryCredentialForTransport could be any one of the following: None, Persona, System, or PassThrough.
2. Ensure you have a Policy with the name “ServiceParticipantPolicy" in the SessionPolicy.config which can be found in Configuration folder. The policy MUST have the TraceAssertion as described below. This policy can contain other Assertions like UNT or Kerberos assertion as needed.
<policy name="ServiceParticipantPolicy">
<traceAssertion remoteServerUri="http://<YOURMACHINENAME>:9502/LogWriter.soap" />
</policy>
3. Start CSF Trace Service.
In the Services Control Manager (Administrative Tools, Services), ensure that the CSF Trace Service is Started and set to Automatic instead of Manual or Disabled.
4. Reset the IIS on the Session server.
5. In addition to this you need to enable Kerberos for Session service account so that the CSF Trace service can communicate with Session seamlessly. Please refer to the deployment guide for more information on how to enable Kerberos.
6. Start the Message Visualizer to search the sessions, select the session and start to visualize.
7. If the life of the session is going to be too short to search and start to visualize from MV, then you could add the CSF Trace Service as participant during the Create Session process so that all the messages are automatically traced.
8. To view the traced messages, choose the option "Traced Sessions" instead of "Live Sessions" on the top right hand corner of the Message Visualizer, search the session and visualize.
