• To enable more detailed logging to understand how policy decisions are being made, including the comparison values and results of the various expressions that comprise a policy decision tree, run the dsconfig set-policy-decision-service-prop command.
    PingAuthorize/bin/dsconfig set-policy-decision-service-prop \
      --no-prompt --port 8636 --useSSL --trustAll \
      --bindDN "cn=directory manager" \
      --bindPassword <your-pingauthorize-password> \
      --add decision-response-view:decision-tree \
      --add decision-response-view:request \
      --add decision-response-view:evaluated-entities
    Note:

    decision-response-view:request causes the Policy Decision Logger to record potentially sensitive data in API requests and responses.

  • To enable Trace (detailed) logging, including complete HTTP requests and responses, run the dsconfig set-log-publisher-prop command .
    PingAuthorize/bin/dsconfig set-log-publisher-prop \
      --no-prompt --port 8636 --useSSL --trustAll \
      --bindDN "cn=directory manager" \
      --bindPassword <your-pingauthorize-password> \
      --publisher-name "Debug Trace Logger" \
      --set enabled:true
    Note:

    Complete HTTP requests and responses might contain sensitive data.

    For information about enabling detailed debug logging for troubleshooting purposes, see Enable detailed logging.