PingAuthorize

Configuring PingAuthorize logging

Increase the default logging value to include details that will aid in debugging.

Steps

  • To enable more detailed logging to understand how policy decisions are being made, including the comparison values and results of the various expressions that comprise a policy decision tree, run the dsconfig set-policy-decision-service-prop command.

    Example:

    {pingauthorize}/bin/dsconfig set-policy-decision-service-prop \
  --no-prompt --port 8636 --useSSL --trustAll \
  --bindDN "cn=directory manager" \
  --bindPassword <your-pingauthorize-password> \
  --add decision-response-view:decision-tree \
  --add decision-response-view:request \
  --add decision-response-view:evaluated-entities

    decision-response-view:request causes the Policy Decision Logger to record potentially sensitive data in API requests and responses.

    Policy Decision views affect the decision response payload of the request. You can remove added views by using the --remove decision-response-view:<view_name> argument. See About the Decision Response View for more information.

  • To enable Trace (detailed) logging, including complete HTTP requests and responses, run the dsconfig set-log-publisher-prop command .

    Example:

    {pingauthorize}/bin/dsconfig set-log-publisher-prop \
  --no-prompt --port 8636 --useSSL --trustAll \
  --bindDN "cn=directory manager" \
  --bindPassword <your-pingauthorize-password> \
  --publisher-name "Debug Trace Logger" \
  --set enabled:true

    Complete HTTP requests and responses might contain sensitive data.

    For information about enabling detailed debug logging for troubleshooting purposes, see Enable detailed logging.