Previous Topic: Export Metadata to Aid Partnership ConfigurationNext Topic: Transaction IDs to Aid Federation Troubleshooting

Federation GuidesPartnership Federation GuideLog Files that Aid Troubleshooting

Log Files that Aid Troubleshooting

This section contains the following topics:

Federation Trace Logging

Transaction IDs to Aid Federation Troubleshooting

Federation Services Trace Logging (smtracedefault.log)

Federation Web Services Trace Logging (FWSTrace.log)

Federation Trace Logging

The Federation Web Services (FWS) trace logging facility and the Policy Server Profiler monitor the performance of the federation services. These logging mechanisms provide information about federated operation so you can analyze the system performance and can troubleshoot issues.

Enable trace logging where the Web Agent Option Pack and the Policy Server are installed to extract in-depth information about federation processes. For example, you can look at the FWSTrace.log to see the generated SAML assertion or collect the name of the current user.

Note: Trace messages are ordinarily turned off during normal operation because they can impact performance.

The collected trace messages are written to two trace logs:

FWSTrace.log

The FWSTrace.log is located in the /log directory of the web server or application server where the web agent option pack is installed or deployed.

Web server

webagent/log

webagent_optionpack/log

Application server

default_deployment_directory/log

SPS federation gateway

sps_home/secure-proxy/proxy-engine/logs

smtracedefault.log

The smtracedefault.log is located in the directory siteminder_home/log.

siteminder_home represents the installation directory of the product.

In the FWSTrace.log and the smtracedefault.log, there are checkpoint log messages that indicate what is happening during a transaction. For example:

[07/30/2013][11:34:44][4260][5824][1181adbb-993f775c-33ba08f3-76b52f3b-3d2280cd-4ae][SSO.java][processRequest][Reading SAML 2.0 SP Configuration [CHECKPOINT = SSOSAML2_SPCONFREAD_REQ]

You can search on these checkpoint messages to follow some of the processes occurring during a transaction.

In addition to the checkpoint messages, you can follow transaction IDs in the log to follow a transaction. If a transaction fails, the checkpoint messages and transaction IDs can help you determine the specific problem.