Configuring PingAuthorize logging - PingAuthorize - 9.3

PingAuthorize 9.3

bundle
pingauthorize-93
ft:publication_title
PingAuthorize 9.3
Product_Version_ce
PingAuthorize 9.3
category
ContentType
Product
Productdocumentation
paz-93
pingauthorize
ContentType_ce
Product documentation

Increase the default logging value to include details that will aid in debugging.

  • To enable more detailed logging to understand how policy decisions are being made, including the comparison values and results of the various expressions that comprise a policy decision tree, run the dsconfig set-policy-decision-service-prop command.
    PingAuthorize/bin/dsconfig set-policy-decision-service-prop \
      --no-prompt --port 8636 --useSSL --trustAll \
      --bindDN "cn=directory manager" \
      --bindPassword <your-pingauthorize-password> \
      --add decision-response-view:decision-tree \
      --add decision-response-view:request \
      --add decision-response-view:evaluated-entities
    Warning:

    decision-response-view:request causes the Policy Decision Logger to record potentially sensitive data in API requests and responses.

    Note:

    Policy Decision views affect the decision response payload of the request. You can remove added views by using the --remove decision-response-view:<view_name> argument. See About the Decision Response View for more information.

  • To enable Trace (detailed) logging, including complete HTTP requests and responses, run the dsconfig set-log-publisher-prop command .
    PingAuthorize/bin/dsconfig set-log-publisher-prop \
      --no-prompt --port 8636 --useSSL --trustAll \
      --bindDN "cn=directory manager" \
      --bindPassword <your-pingauthorize-password> \
      --publisher-name "Debug Trace Logger" \
      --set enabled:true
    Note:

    Complete HTTP requests and responses might contain sensitive data.

    For information about enabling detailed debug logging for troubleshooting purposes, see Enable detailed logging.