Runtime transaction logging - PingFederate - 10.2

PingFederate Server

bundle
pingfederate-102
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.2
category
Product
pf-102
pingfederate
ContentType_ce

PingFederate provides for flexible, scalable logging of all federated-identity transactions, for both inbound and outbound messages.

Administrators can configure transaction logging to any of the four modes on a per-connection basis or override the logging mode for all service provider (SP) connections, identity provider (IdP) connections, or both for troubleshooting or as a one-step means of raising or lowering all connection logging modes to the same level. The log file is transaction.log, located in the <pf_install>>/pingfederate/log directory.

The following table describes the four transaction logging modes.

Mode Description
None No transaction logging.
Standard (Default) Summary information for each transaction message, including:
  • Time stamp
  • Hostname and port
  • Log mode
  • Connection ID
  • SAML status code, for SAML responses only
  • Context
  • Message type
  • SAML ID, for SAML messages only
  • Endpoint, for outbound messages only
  • Target URL, if single sign-on (SSO) transaction
Enhanced Includes everything logged at the Standard level including:
  • SAML_SUBJECT*
  • Binding
  • Relay state, if available
  • Signature policy
  • Signature status
  • HTTP request parameters, for outbound messages only

* Only when available in a SAML assertion, a single logout (SLO) request, an STS Request Security Token Response (RSTR), or an authentication request (AuthnRequest)

Full Includes everything logged at the Enhanced level plus the complete XML message for every transaction.

Each field is separated by a vertical pipe (|) for parsing.

  • To configure transaction logging mode on a per connection basis:
    1. Select the applicable connection on the IdP Connections window (Authentication > Integration > IdP Connections) or the SP Connections window (Applications > Integration > SP Connections).
    2. On the General Info tab, select one of the logging modes.
  • To override transaction logging mode for all SP or IdP connections:
    1. On the IdP Connections window or SP Connections window, click Show Advanced Fields.
    2. On the Logging Mode Override setting, click On.
    3. Select a logging mode for the IdP or SP connections.