PingFederate provides for flexible, scalable logging of all federated-identity transactions (inbound and outbound messages). Administrators may configure transaction logging to any of the four modes on a per-connection basis or override the logging mode for all SP connection, IdP connections, or both for troubleshooting or as a one-step means of raising or lowering all connection logging modes to the same level. The log file is transaction.log, located in the <pf_install>/pingfederate/log directory.
The following table describes the four transaction logging modes:
|None||No transaction logging.|
|Standard||(Default) Summary information for each transaction message, including:
|Enhanced||Includes everything logged at the Standard level plus:
* Only when available in a SAML assertion, a single-logout request, an STS Request Security Token Response (RSTR), or an authentication request (AuthnRequest)
|Full||Includes everything logged at the Enhanced level plus the complete XML message for every transaction.|
Each field is separated by a vertical pipe (
|) for parsing.
To configure transaction logging mode on a per connection basis:
- Select the applicable connection from the Identity Provider or Service Provider screen.
- Click General Info and then select the one of the four logging modes.
To override transaction logging mode for all SP (or IdP) connections:
- On the Identity Provider (or Service Provider) screen, click Manage All under SP Connections (or IdP Connections).
- Turn on the Logging Mode Override setting and select a logging mode for all SP (or IdP) connections.