Increase the default logging value to include details that will aid in debugging.
-
To enable more detailed logging to understand how policy decisions are being
made, including the comparison values and results of the various expressions
that comprise a policy decision tree, run the dsconfig
set-policy-decision-service-prop command.
PingAuthorize/bin/dsconfig set-policy-decision-service-prop \ --no-prompt --port 8636 --useSSL --trustAll \ --bindDN "cn=directory manager" \ --bindPassword <your-pingauthorize-password> \ --add decision-response-view:decision-tree \ --add decision-response-view:request \ --add decision-response-view:evaluated-entities
Warning:decision-response-view:request
causes the Policy Decision Logger to record potentially sensitive data in API requests and responses.Note:Policy Decision views affect the decision response payload of the request. You can remove added views by using the
--remove decision-response-view:<view_name>
argument. See About the Decision Response View for more information. -
To enable Trace (detailed) logging, including complete HTTP requests and
responses, run the dsconfig set-log-publisher-prop command
.
PingAuthorize/bin/dsconfig set-log-publisher-prop \ --no-prompt --port 8636 --useSSL --trustAll \ --bindDN "cn=directory manager" \ --bindPassword <your-pingauthorize-password> \ --publisher-name "Debug Trace Logger" \ --set enabled:true
Note:Complete HTTP requests and responses might contain sensitive data.
For information about enabling detailed debug logging for troubleshooting purposes, see Enable detailed logging.