PingFederate provides for flexible, scalable logging of all federated-identity transactions (inbound and outbound messages). Administrators may configure transaction logging to any of the four modes on a per-connection basis or override the logging mode for all SP connection, IdP connections, or both for troubleshooting or as a one-step means of raising or lowering all connection logging modes to the same level. The log file is transaction.log, located in the <pf_install>/pingfederate/log directory.

The following table describes the four transaction logging modes:

Mode Description
None No transaction logging.
Standard (Default) Summary information for each transaction message, including:
  • Time stamp
  • Hostname and port
  • Log mode
  • Connection ID
  • SAML status code (for SAML responses only)
  • Context
  • Message type
  • SAML ID (for SAML messages only)
  • Endpoint (for outbound messages only)
  • Target URL (if SSO transaction)
Enhanced Includes everything logged at the Standard level plus:
  • Binding
  • Relay state (if available)
  • Signature policy
  • Signature status
  • HTTP request parameters (outbound messages only)

* Only when available in a SAML assertion, a single-logout request, an STS Request Security Token Response (RSTR), or an authentication request (AuthnRequest)

Full Includes everything logged at the Enhanced level plus the complete XML message for every transaction.

Each field is separated by a vertical pipe (|) for parsing.

  • To configure transaction logging mode on a per connection basis:
    1. Select the applicable connection from the Identity Provider or Service Provider screen.
    2. Click General Info and then select the one of the four logging modes.
  • To override transaction logging mode for all SP (or IdP) connections:
    1. On the Identity Provider (or Service Provider) screen, click Manage All under SP Connections (or IdP Connections).
    2. Turn on the Logging Mode Override setting and select a logging mode for all SP (or IdP) connections.