Configure logging in Fedlet and explaining various log files

This is in continuation to Fedlet series. Configuration of logging in Fedlet is fairly simple. By default warning mode is set for logging. To enable debug mode which is called as message mode in Fedlet, edit the FederationConfig.properties present under fedlet configuration directory.

Look for below lines

com.iplanet.services.debug.level=warning
com.iplanet.services.debug.directory=@FEDLET_HOME@/debug

Change the debug level to message. Restart the application server.

com.iplanet.services.debug.level=message

All the debug files are created under debug folder.

libSAML2: This is the important file which contains all the debug messages for SAML requests, authentication, SAML responses, signature and encryption phases of Federation.

libSAML: This file does not contain any significant information. If the Single Sign-On fails then it just specifies the error page. On the other hand any encryption specific error messages are also shown here.

libCOT: This file tells whether the circle of trust is established for each and every request  between IDP and SP. The below message means the validation is successful.

CircleOfDescriptorCache:getCircleOfTrust:cacheKey = ///fedletcot, found = true

libPlugins: FederationConfig.properties contains certain parameters specifying the plugins involved in Fedlet such as FedletConfigurationImpl etc., The execution status of these plugins will be part of this log file.

amSecurity : Any certificate revocation list specific messages will be logged in this file.

Share This Post with Your Friends over Social Media!

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment: