PingFederate provides for flexible, scalable logging of all federated-identity transactions (inbound and outbound messages). Administrators may configure transaction logging to any of the four modes on a per-connection basis or override the logging mode for all SP connection, IdP connections, or both for troubleshooting or as a one-step means of raising or lowering all connection logging modes to the same level. The log file is transaction.log, located in the <pf_install>/pingfederate/log directory.
The following table describes the four transaction logging modes:
Mode | Description |
---|---|
None | No transaction logging. |
Standard | (Default) Summary information for each transaction message, including:
|
Enhanced | Includes everything logged at the Standard level plus:
* Only when available in a SAML assertion, a single-logout request, an STS Request Security Token Response (RSTR), or an authentication request (AuthnRequest) |
Full | Includes everything logged at the Enhanced level plus the complete XML message for every transaction. |
Each field is separated by a vertical pipe (|
) for parsing.
-
To configure transaction logging mode on a per connection basis:
- Select the applicable connection from the Identity Provider or Service Provider screen.
- Click General Info and then select the one of the four logging modes.
-
To override transaction logging mode for all SP (or IdP) connections:
- On the Identity Provider (or Service Provider) screen, click Manage All under SP Connections (or IdP Connections).
- Turn on the Logging Mode Override setting and select a logging mode for all SP (or IdP) connections.