Question:
How to enable debug logging for custom authentication scheme?
Environment:
Policy Server Version : R12.0SP3 and above
Answer:
There are couple of ways to enable debug logging for Java based custom authentication scheme.
Option 1: Write the debug log into Policy Server Trace logs
For this, you can simply call SmAuthenticationContext.getAPIContext().trace() API from your Custom Authentication scheme as below :
void logInPSTrace(SmAuthenticationContext context, String msg) {
//Log message into Policy Server Trace Log
context.getAPIContext().trace(getClass().getSimpleName(), "AuthApiSample:: ['" + msg +"']");
}
and use Policy server trace profiler something like this :
components: AgentFunc, Server, IsProtected, Login_Logout, IsAuthorized,
Tunnel_Service, JavaAPI, Directory_Access, ODBC, LDAP, IdentityMinder, TXM, Fed_Server
data: Date, PreciseTime, Realm, Rule, Policy, AuthStatus, AuthReason, User,
Action, Resource, Directory, ErrorValue, ErrorString, AgentName, Message,
Data, SrcFile, Pid, Tid, PreciseTime, Function, ReturnValue, Group, Domain,
AgentType, TransactionID, ObjectClass, DomainOID, SearchKey, ObjectOID,
Property, IPAddr, IPPort, AuthScheme, CertSerial, SubjectDN, IssuerDN,
SessionSpec, SessionID, CertDistPt, UserDN, RealmOID, State, ClusterID,
HandleCount, FreeHandleCount, BusyHandleCount, ResponseTime, Throughput,
MaxThroughput, MinThroughput, Threshold, TransactionName, HexadecimalData,
Query, ActiveExpr, CallDetail
Sample Policy Server trace log :
[08/25/2016][15:48:50.300][15:48:50][3420][3232][SmAuthUser.cpp:700][ServerTrace][][][][][][][][][][][][][][][][][][][][AuthApiSample:: ['Authenticating User :shruj01@ca.com']][AuthApiSample: AuthApiSample:: ['Authenticating User :shruj01@ca.com']][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[08/25/2016][15:48:50.300][15:48:50][3420][3232][SmAuthUser.cpp:700][ServerTrace][][][][][][][][][][][][][][][][][][][][AuthApiSample:: ['User Successfully Authenticated :shruj01@ca.com']][AuthApiSample: AuthApiSample:: ['User Successfully Authenticated :shruj01@ca.com']][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
Option 2 : Write the debug log into a separate log file using java.util.logging.Logger.
Step 1: Configure java util logging using logging.properties file located at : <PS_Install_directory>/config/properties as below:
handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
.level= ALL
...
# default file output is in user's home directory.
java.util.logging.FileHandler.pattern = C:/Program Files (x86)/CA/siteminder/log/javafile.log
java.util.logging.FileHandler.limit = 50000
java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.SimpleFormatter
Step 2 : Initialize java util logging and invoke the log method from the custom authentication scheme as below :
//Initialize logger
private static Logger theLogger =
Logger.getLogger(AuthApiSample.class.getName());
//Logger method to log the debug message
void logInJavaUtilLogger(String msg) {
//Log message into JavaUtil Logger
theLogger.fine("AuthApiSample::FileLogger::"+ msg);
}
//Invoke Logger Log method
logInJavaUtilLogger("User Successfully Authenticated :"+context.getUserCredentialsContext().getUserName());
Sample log using java.util.logging.logger:
Aug 25, 2016 3:48:50 PM com.netegrity.sdk.javaauthapi.AuthApiSample log
FINE: AuthApiSample::FileLogger::Authenticating User :shruj01@ca.com
Aug 25, 2016 3:48:50 PM com.netegrity.sdk.javaauthapi.AuthApiSample log
FINE: AuthApiSample::FileLogger::User Successfully Authenticated :shruj01@ca.com
Attachment:
- Sample logging.properties
- Sample Custom Authentication scheme utilizing both the above option to log debug message.
Additional Information:
N/A