The Web Agent trace logging facility and the Policy Server Profiler enable SiteMinder to monitor the performance of the Web Agent and Policy Server. These logging mechanisms provide comprehensive information about the operation of SiteMinder processes so you can analyze performance and troubleshoot issues.
For Federation Security Services, several logging components are available to collect trace messages related to federated communication. Trace messages provide detailed information about program operation for tracing, debugging, or both. Trace messages are ordinarily turned off during normal operation. You can enable them to extract in-depth information in addition to the trace message itself. For example, you can look at the FWSTrace.log to see the SAML assertion generated by SiteMinder or collect the name of the current user.
The collected trace messages are written to a trace log. The FWSTrace.log is located in the directory web_agent_home/log.
Note: For Web Agents on IIS 6.0 servers, log files are created only after the first user request has been submitted. To verify your configuration in the log file, a user has to submit a request.
The Federation Web Services (FWS) application that is installed with the Web Agent Option Pack, represents the federation client. The component that controls the trace messages and monitors FWS activity is the Fed_Client component.
Within the Fed_Client component, the following sub components are included:
Monitors single sign-on activity.
Monitors requests for single logout.
Monitors the identity provider discovery profile activity.
Watches administration-related messages.
Monitors request and authentication activity.
Monitors activity that other subcomponents are not monitoring.
Monitors SAML 2.0 Service Provider configuration messages.
FWS uses the common tracing facility that the Web Agent uses to log trace messages. The following files are used to set up trace logging:
Specifies the configuration file that determines which components and events FWS monitors. The default file is FWSTrace.conf.
Specifies the output file for all the logged messages. You provide a name and the location for this file in the Web Agent configuration file.
Contains the logging parameters that enable logging and format the log. This file does not define message content.
To collect trace messages for the Federation Web Services application, configure the FWS trace logging.
Follow these steps:
Note: Do not edit the template directly.
The LoggerConfig.properties file contains descriptions of all these settings.
The component that controls the trace messages for federation services at the Policy Server is the Fed_Server component. This component monitors activity for the assertion generator and the SAML authentication scheme. For example, you can view the generated assertion in the smtracedefault.log file.
To configure logging at the Policy Server, use the Policy Server Profiler. The Profiler is available from the Policy Server Management Console. The Profiler is a graphical user interface that lets you specify components for trace logging, which include:
Defines the components and subcomponents that are included in the file.
Specifies the output file for all the logged messages.
The following subcomponents are available for the Fed_Server component:
Monitors SAML 2.0 Service Provider configuration activity.
Watches the activity for the SAML 1.x and 2.0 assertion generators.
Monitors the activity of the SAML 1.x or SAML 2.0 authentication schemes.
Watches SAML Requester activity
Watches the Attribute Service activity
The profiler is the Policy Server facility for logging. You can use the profiler to collect trace messages for federation services.
Access the profiler from the Policy Server Management Console.
To configure the profiler
You can load the default template, smtracedefault.txt, in the directory policy_server_home/config, or one of the preconfigured templates in the directory policy_server_home/config/profiler_templates.
Note: Verify that the log file uses a unique name.
|
Copyright © 2012 CA.
All rights reserved.
|
|