Capture debugging data - PingAuthorize - 9.0

PingAuthorize

  • PingAuthorize
  • Release Notes
  • PingAuthorize 9.0.0.4 (January 2023)
  • PingAuthorize 9.0.0.2 (July 2022)
  • PingAuthorize 9.0.0.1 (February 2022)
  • PingAuthorize 9.0 (December 2021)
  • Previous Releases
  • Introduction to PingAuthorize
  • Getting started with PingAuthorize (tutorials)
  • Using the tutorials
  • Setting up your environment
  • Starting PingAuthorize
  • Verifying proper startup
  • Accessing the GUIs
  • Stopping PingAuthorize
  • About the tutorial configuration
  • Tutorial 1: Importing default policies
  • Introduction to the Trust Framework and default policies
  • Tutorial 2: Configuring fine-grained access control for an API
  • Configuring a reverse proxy for the Meme Game API
  • Testing the reverse proxy
  • For further consideration: The PingAuthorize API security gateway, part 1
  • Adding a policy for the Create Game endpoint
  • For further consideration: The PingAuthorize API security gateway, part 2
  • Testing the policy from the Policy Editor
  • Testing the policy by making an HTTP request
  • For further consideration: Decision Visualiser
  • Modifying the rule for the Create Game endpoint
  • For further consideration: Resolvers and value processors
  • Conclusion
  • Tutorial 3: Configuring attribute-based access control for API resources
  • Configuring the API security gateway
  • Creating the gateway API endpoint
  • Testing the gateway
  • Creating a policy based on user credentials
  • Creating a service for the Shared Answers endpoint
  • Creating a policy for the Shared Answers endpoint
  • Testing the policy
  • Creating an attribute from user data
  • Adding logic to allow non-Youngstown users
  • Testing that the policy blocks Youngstown users
  • Creating a policy based on the API response
  • Creating an attribute from response data
  • Adding logic to allow family-friendly memes
  • Testing that the policy blocks Youngstown users from viewing age 13+ memes
  • Allowing unrated memes
  • Testing the default value
  • Creating an advice to provide a more useful error message
  • Testing the advice
  • Conclusion
  • Tutorial (optional): Creating SCIM policies
  • Tutorial: Creating the policy tree
  • Tutorial: Creating SCIM access token policies
  • Creating a policy for permitted access token scopes
  • Testing the policy with cURL
  • Defining the email scope
  • Testing the email scope with cURL
  • Defining the profile scope
  • Testing the profile scope with cURL
  • Defining the scimAdmin scope
  • Adding the scimAdmin retrieve rule
  • Adding the scimAdmin create/modify rule
  • Adding the scimAdmin search rule
  • Adding the scimAdmin delete rule
  • Creating a policy for permitted OAuth2 clients
  • Testing the client policy with cURL
  • Creating a policy for permitted audiences
  • Testing the audience policy with cURL
  • Tutorial: Creating a policy for role-based access control
  • Testing the policy with cURL
  • Example files
  • Conclusion
  • Installing PingAuthorize
  • Docker installation
  • Before you install using Docker
  • Installing the PingAuthorize server and the Policy Editor using Docker
  • Installing the PingAuthorize server using Docker
  • Signing on to the administrative console (Docker installation)
  • Installing PingAuthorize Policy Editor using Docker
  • Post-setup steps (Docker installation)
  • Signing on to the PingAuthorize Policy Editor
  • Configuring an OIDC provider for single sign-on requests from PingAuthorize
  • Next steps
  • Manual installation
  • Before you install manually
  • System requirements
  • About license keys
  • Creating a Java installation dedicated to PingAuthorize
  • Preparing a Linux environment
  • Setting the file descriptor limit
  • Setting the maximum user processes
  • Disabling file system swapping
  • Managing system entropy
  • Enabling the server to listen on privileged ports
  • Obtaining the installation packages
  • Installing the server and the Policy Editor manually
  • Installing the server manually
  • Signing on to the administrative console (manual installation)
  • Installing the PingAuthorize Policy Editor manually
  • Setting up a PostgreSQL database
  • Installing the PingAuthorize Policy Editor interactively
  • Example: Installing and configuring the PingAuthorize Policy Editor
  • Installing the PingAuthorize Policy Editor noninteractively
  • Post-setup steps (manual installation)
  • Signing on to the PingAuthorize Policy Editor
  • Changing the Policy Editor authentication mode
  • Configuring an OIDC provider for single sign-on requests from PingAuthorize
  • Clustering and scaling
  • Next steps
  • Upgrading PingAuthorize
  • Upgrade considerations
  • Upgrade considerations introduced in PingAuthorize 8.x
  • Docker upgrades
  • Upgrading PingAuthorize Server using Docker
  • Upgrading the PingAuthorize Policy Editor using Docker
  • Manual upgrades
  • Upgrading PingAuthorize Server manually
  • Reverting an update
  • Upgrading the PingAuthorize Policy Editor manually
  • Backing up policies
  • Upgrading the Trust Framework and policies
  • Uninstalling PingAuthorize
  • PingAuthorize Integrations
  • MuleSoft API gateway integration
  • Deploying the custom MuleSoft policy for PingAuthorize
  • Applying the custom MuleSoft policy for PingAuthorize
  • PingAuthorize Server Administration Guide
  • Running PingAuthorize
  • Starting PingAuthorize Server
  • Running PingAuthorize Server as a foreground process
  • Starting PingAuthorize Server at boot time (Unix/Linux)
  • Starting PingAuthorize Server at boot time (Windows)
  • Registering PingAuthorize Server as a Windows service
  • Running multiple service instances
  • Deregistering and uninstalling services
  • Log files for services
  • Starting PingAuthorize Policy Editor
  • Stopping PingAuthorize Server
  • Stopping PingAuthorize Policy Editor
  • Restarting PingAuthorize Server
  • About the API security gateway
  • Request and response flow
  • Gateway configuration basics
  • API security gateway authentication
  • API security gateway policy requests
  • Policy request attributes
  • Gateway API Endpoint configuration properties that affect policy requests
  • Path parameters
  • Basic example
  • Advanced example
  • API security gateway HTTP 1.1 support
  • About error templates
  • Configuring error templates example
  • About the Sideband API
  • API gateway integration
  • Sideband API configuration basics
  • Authenticating to the Sideband API
  • Creating a shared secret
  • Deleting a shared secret
  • Rotating shared secrets
  • Customizing the shared secret header
  • Authenticating API server requests
  • Sideband API policy requests
  • Policy request attributes
  • Sideband API Endpoint configuration properties
  • Path parameters
  • Path parameters: Basic example
  • Path parameters: Advanced example
  • Request context configuration
  • Access token validation
  • Error templates
  • Example: Configure error templates
  • About the SCIM service
  • Request and response flow
  • SCIM configuration basics
  • About the create-initial-config tool
  • Example: Mapped SCIM resource type for devices
  • SCIM endpoints
  • SCIM authentication
  • SCIM policy requests
  • Policy request attributes
  • About SCIM searches
  • SCIM search policy processing
  • Search request authorization
  • Search response authorization
  • Using paged SCIM searches
  • Lookthrough limit
  • Disabling the SCIM REST API
  • About the SCIM user store
  • Defining the LDAP user store
  • Defining the LDAP user store with create-initial-config
  • Defining the LDAP user store manually
  • Location management for load balancing
  • Automatic backend discovery
  • Joining a PingAuthorize Server to an existing PingDirectory Server topology
  • Joining a topology at setup
  • Joining a topology with manage-topology
  • Configuring a load-balancing algorithm with an LDAP external template
  • Configuring automatic backend discovery
  • LDAP health checks
  • Configuring a health check using dsconfig
  • Connecting non-LDAP data stores
  • About the Authorization Policy Decision APIs
  • JSON PDP API request and response flow
  • JSON PDP API request format
  • JSON PDP API response format
  • Authenticating to the JSON PDP API
  • Creating a shared secret
  • Deleting a shared secret
  • Rotating shared secrets
  • Customizing the shared secret header
  • XACML-JSON PDP API request and response flow
  • Requests
  • Authorization
  • Decision processing
  • Responses
  • Example
  • Policy Editor configuration
  • Specifying custom configuration with an options file
  • Example: Configure policy configuration keys
  • Example: Configure a key store for a policy information provider
  • Example: Configure a trust store for a policy information provider
  • Example: Use environment variables
  • Example: Configure JWT claims
  • Configuring the Policy Editor to publish policies to a deployment package store
  • Configuring Policy Editor security headers
  • Manage policy database credentials
  • Setting database credentials at initial setup
  • Changing database credentials
  • Specifying database credentials when you start the GUI
  • Docker: Setting the initial database credentials
  • Docker: Changing database credentials
  • Configuring SpEL Java classes for value processing
  • Setting the request list length for Decision Visualizer
  • Policy administration
  • About the Trust Framework
  • Create policies in a development environment
  • Example: Configure external PDP mode
  • Example: Change the active policy branch
  • Default and example policies
  • Importing and exporting policies
  • Loading a policy snapshot
  • Exporting a policy snapshot
  • Publishing a deployment package to a deployment package store
  • Exporting a deployment package
  • Using the Deployment Manager
  • Adding a filesystem deployment package store
  • Adding an Amazon S3 deployment package store
  • Adding an Azure deployment package store
  • Use policies in a production environment
  • Configuring embedded PDP mode with a deployment package store
  • Configuring embedded PDP mode with an exported deployment package
  • Example: Define policy configuration keys
  • Example: Define a policy information provider key store for MTLS
  • Example: Define a policy information provider trust store
  • Example: Add SpEL Java classes to the allowed list
  • Example: Add non-standard Java classes to the server classpath
  • Policy database backups
  • Restoring a policy database from a backup
  • Use signed deployment packages
  • Example: Configure signed deployment packages for healthcare
  • Environment-specific Trust Framework attributes
  • Example
  • Define the policy information provider in the Trust Framework
  • Define policy configuration keys in a development environment
  • Define policy configuration keys in a preproduction environment
  • Make a user's profile available in policies
  • Advice types
  • Add Filter
  • Combine SCIM Search Authorizations
  • Denied Reason
  • Exclude Attributes
  • Filter Response
  • Include Attributes
  • Modify Attributes
  • Modify Headers
  • Modify Query
  • Modify SCIM Patch
  • Regex Replace Attributes
  • Access token validators
  • Access token validator types
  • Token resource lookup methods
  • Server configuration
  • Administration accounts
  • About the dsconfig tool
  • PingAuthorize administrative console
  • About the configuration audit log
  • About the config-diff tool
  • Certificates
  • Replacing the server certificate
  • Preparing a new keystore with the replacement key pair
  • Using an existing key pair
  • Replacing the certificate associated with the original key pair
  • Importing earlier trusted certificates into the new keystore
  • Updating the server configuration to use the new certificate
  • Replacing the key store and trust store files with the new ones
  • Retiring the previous certificate
  • Listener certificates
  • Replacing listener certificates
  • X.509 certificates
  • Certificate subject DNs
  • Certificate key pairs
  • Certificate extensions
  • Certificate chains
  • About representing certificates, private keys, and certificate signing requests
  • Certificate trust
  • Keystores and truststores
  • Transport Layer Security (TLS)
  • TLS handshakes
  • Key agreement
  • LDAP StartTLS extended operation
  • About the manage-certificates tool
  • Available subcommands
  • Using manage-certificates as a simple certification authority
  • Common arguments
  • Listing the certificates in a keystore
  • Generating self-signed certificates
  • Generating certificate signing requests
  • Importing signed and trusted certificates
  • Exporting certificates
  • Enabling TLS support during setup
  • Enabling TLS support after setup
  • Configuring key and trust manager providers
  • Configuring connection handlers
  • Updating the topology registry
  • Troubleshooting TLS-related issues
  • Log messages
  • manage-certificates check-certificate-usability
  • ldapsearch
  • Using low-level TLS debugging
  • Configure the Policy Decision Service
  • Configure a user store
  • Configure access token validation
  • Configure PingOne to use SSO for the administrative console
  • Configure traffic through a load balancer
  • Examples: Configuring PingAuthorize Server
  • Configuring the PingAuthorize user store
  • Configuring the PingAuthorize OAuth subject search
  • Configuring PingAuthorize logging
  • Deployment automation and server profiles
  • Variable substitution
  • Layout of a server profile
  • setup-arguments.txt
  • dsconfig/
  • server-root/
  • server-sdk-extensions/
  • variables-ignore.txt
  • server-root/permissions.properties
  • misc-files/
  • Workflows
  • Creating a server profile
  • Installing a new environment
  • Scaling up your environment
  • Rolling out an update
  • Server status
  • Server availability
  • User Store Availability gauge
  • Endpoint Average Response Time (Milliseconds) gauge
  • HTTP Processing (Percent) gauge
  • Policy Decision Service Availability gauge
  • Example: auto-healing
  • Available gauges
  • Common alarms
  • Managing monitoring
  • Profiling server performance using the Stats Logger
  • Enabling the Stats Logger
  • Configuring multiple Periodic Stats Loggers
  • Logging HTTP performance statistics using the Periodic Stats Logger
  • StatsD monitoring endpoint
  • Sending metrics to Splunk
  • Managing HTTP correlation IDs
  • About HTTP correlation IDs
  • Enabling or disabling correlation ID support
  • Configuring the correlation ID response header
  • How the server manages correlation IDs
  • Server SDK support
  • Example: HTTP correlation ID
  • Command-line tools
  • Available command-line tools
  • Saving options in a file
  • Creating a tools properties file
  • Evaluation of command-line options and file options
  • Sample dsconfig batch files
  • Running task-based tools
  • Capture debugging data
  • Exporting policy data
  • Enable detailed logging
  • Policy Decision logger
  • Debug Trace logger
  • Debug logger
  • About the Decision Response View
  • Visualizing a policy decision response
  • Capture debugging data with the collect-support-data tool
  • About the layout of the PingAuthorize Server folders
  • About the layout of the PingAuthorize Policy Editor folders
  • PingAuthorize Policy Administration Guide
  • Getting started
  • Version control (Branch Manager)
  • Creating a new top-level branch
  • Creating a subbranch from a commit
  • Importing a branch
  • Deleting a branch
  • Merging branches
  • Reverting changes
  • Committing changes
  • Generating snapshots
  • Partial snapshot export and merging
  • Creating a partial export
  • Merging a partial snapshot
  • Creating a deployment package
  • Deleting a deployment package
  • Trust Framework
  • Domains (Authorization Policy Decision APIs only)
  • Services
  • Resources
  • Policy information providers
  • Common settings
  • HTTP services
  • LDAP services
  • Camel services
  • Attributes
  • Creating an attribute
  • Attribute name, description, and location
  • Resolvers
  • Resolver types
  • Conditional resolvers
  • Value processing for a resolver
  • Attribute caching
  • Value processing for an attribute
  • Value settings
  • Attribute interpolation
  • Actions
  • Identity classifications and IdP support
  • Identity properties
  • Identity providers
  • Identity classifications
  • Named conditions
  • Value processing
  • Chained processors
  • Testing
  • Seeing what depends on a Trust Framework entity
  • Policy management
  • Policy sets, policies, and rules
  • Policies and policy sets
  • Creating policies and policy sets
  • Adding targets to a policy
  • Conditional targets (applies when)
  • Advice
  • Provided advice
  • Custom advice
  • Properties
  • Rules and combining algorithms
  • Rule structure
  • Testing
  • Repeating policies and attributes
  • Policy solutions
  • Use case: Using consent to determine access to a resource
  • Getting a path component from the request URL
  • Getting the requestor identifier from the access token
  • Searching for consent by resource owner to requestor
  • Getting consent status from the consent record
  • Creating a policy to check consent and then permit or deny access
  • Use case: Using consent to change a response
  • Creating a policy to check consent and then change the server response
  • Use case: Using a SCIM resource type or a policy request action to control behavior
  • Getting the SCIM resource type and the action being executed
  • Creating a policy to permit or deny the creation of resources
  • Creating a policy to control the set of actions for a specific resource
  • Creating a policy to restrict the ability to delete based on resource type
  • Creating a policy to modify a resource differently based on the SCIM resource type
  • Restricting the attributes that can be modified
  • Allowing attributes to be modified
  • Adding attributes to an allow list
  • Test Suite
  • Advice types
  • Add Filter
  • Combine SCIM Search Authorizations
  • Denied Reason
  • Exclude Attributes
  • Filter Response
  • Include Attributes
  • Modify Attributes
  • Modify Headers
  • Modify Query
  • Modify SCIM Patch
  • Regex Replace Attributes
  • REST API documentation
Page created: 26 Jul 2021 |
Page updated: 12 Jul 2022
| 1 min read

Content Type Product documentation 9.0 PingAuthorize Product Troubleshooting User task

For problems with PingAuthorize Server or a supporting component, such as the Java Virtual Machine (JVM), the operating system, or the hardware, you can capture diagnostic data.

With this data, you can troubleshoot the problem quickly to determine the underlying cause and the best course of action to resolve it.

For specific details, see the following topics:
  • Exporting policy data
  • Enable detailed logging
  • About the Decision Response View
  • Visualizing a policy decision response
  • Capture debugging data with the collect-support-data tool
Back to home page