Tracking transactions between PingFederate and PingAM
To help with application log debugging, you can track PingFederate and PingAM transactions using a unique request ID that’s set by the adapter.
About this task
PingFederate and PingAM both have methods to keep track of transactions across multiple applications:
-
In PingFederate, the
httprequestidcan be used to track transactions that come from outside PingFederate. -
In PingAM, the
X-ForgeRock-TransactionIdheader tracks related requests throughout the ForgeRock platform.
To track transactions between PingFederate and PingAM, the PingAM IdP Adapter injects the X-ForgeRock-TransactionId header with the httprequestid value in all API calls to PingAM.
Complete the following procedure to finish the setup in PingAM and see the unique request ID in the audit logs:
Steps
-
To see the value set for
httprequestidin theX-ForgeRock-TransactionIdheader, configure PingFederate to log thehttprequestid:-
In the
<pf_install>/pingfederate/server/default/conf/log4j2.xmlfile, go to theSecurityAudit2FileRollingFile and add the httprequestid field in the Pattern section.Learn more in PingFederate security audit logging and the PingFederate log files section of the PingFederate documentation.
-
Save the file.
-
-
Configure PingAM to accept the
X-ForgeRock-TransactionIdheader:-
In the PingAM admin UI, go to Configure > Server Defaults > Advanced and go to the bottom of the list.
-
In the Property Name column, enter
org.forgerock.http.TrustTransactionHeader. -
In the corresponding Property Value column, enter
true. -
To add the property and save your work, click the + icon.
-
Result
You can now track the unique request ID between PingFederate and PingAM in the PingFederate security audit log and the PingAM access audit log.