Most problems in IdentityServer can be determined by looking at the trace files. Here’s a quick how-to:
1. Make sure tracing configuration is included- your web.config should contain this:
<system.diagnostics configSource=“configuration\tracing.config“ />
2. Inspect the tracing configuration file.
The following trace sources are available:
WCF (System.ServiceModel and System.ServiceModel.MessageLogging)
.NET Identity APIs (System.IdentityModel)
IdentityModel / IdentityServer Tracing (Thinktecture.IdentityModel and Thinktecture.IdentityServer)
By default only the Thinktecture sources are enabled and should be generally sufficient to determine the problem. If not, you may need to enable the other sources to get more low level traces.
Every source points to a listener, which in turn points to a location on disk where the trace files should be written to. Make sure the IIS worker process has write access to these files.
The easiest way to view the trace files is to use the SvcTraceViewer tool from the .NET SDK.