PingFederate Server

Correlating log messages by PF cookie

If you do not want to activate the tracking ID in the user-facing error templates, you can capture the HTTP traffic and use the PF cookie value to find related server log messages for a given request.

About this task

Search the HTTP traffic server log and use the PF cookie value to review server log messages.

Steps

  1. Capture HTTP traffic and look for the PF cookie value.

  2. Search for the PF cookie value in the server log.

  3. Because all server log messages, except the contents of the inbound requests and the outbound responses, are prefixed with their respective tracking IDs, use the tracking ID to review log messages and payloads pertaining to this transaction.

Result

In general, the most useful log messages are the ones tagged with WARN, ERROR, or prefixed with Caused by.

Example

Suppose an error occurred and the associated the PF cookie value was OaxBwPGw5OBeHVXe1sgifB7iZR5Rz2VI4rhJwqUSIXV. Based on the cookie value, you found the following log message.

2015-12-03 11:13:33,784 tid:V3IwuUsy8PQp-9ZbE9UfUjOEo9c DEBUG [org.sourceid.servlet.HttpServletRespProxy] adding lazy cookie Cookie\{PF=OaxBwPGw5OBeHVXe1sgifB7iZR5Rz2VI4rhJwqUSIXV; path=/; maxAge=-1; domain=null} replacing null

After reviewing the related log messages based on the tracking ID V3IwuUsy8PQp-9ZbE9UfUjOEo9c, you found the next few messages.

2015-12-03 12:36:21,176 tid:V3IwuUsy8PQp-9ZbE9UfUjOEo9c ERROR [org.sourceid.saml20.profiles.idp.HandleAuthnRequest] Exception occurred during request processing org.sourceid.websso.profiles.RequestProcessingException: Unexpected Runtime Authn Adapter Integration Problem.

…​

Caused by: org.sourceid.saml20.adapter.AuthnAdapterException: Could not obtain attributes from the IdP Authentication Service.

Based on these log messages, the remedy is to review and update the configuration of the applicable identity provider (IdP) adapter instance.