PingFederate provides for flexible, scalable logging of all federated-identity transactions, for both inbound and outbound messages.
Administrators can configure transaction logging to any of the four modes on a per-connection basis or override the logging mode for all service provider (SP) connections, identity provider (IdP) connections, or both for troubleshooting or as a one-step means of raising or lowering all connection logging modes to the same level. The log file is transaction.log, located in the <pf_install>>/pingfederate/log directory.
The following table describes the four transaction logging modes.
Mode | Description |
---|---|
None | No transaction logging. |
Standard | (Default) Summary information for each transaction message, including:
|
Enhanced | Includes everything logged at the Standard level
including:
* Only when available in a SAML assertion, a single logout (SLO) request, an STS Request Security Token Response (RSTR), or an authentication request (AuthnRequest) |
Full | Includes everything logged at the Enhanced level plus the complete XML message for every transaction. |
Each field is separated by a vertical pipe (|
) for parsing.
-
To configure transaction logging mode on a per connection basis:
- Select the applicable connection on the IdP Connections window ( ) or the SP Connections window ( ).
- On the General Info tab, select one of the logging modes.
-
To override transaction logging mode for all SP or IdP connections:
- On the IdP Connections window or SP Connections window, click Show Advanced Fields.
- On the Logging Mode Override setting, click On.
- Select a logging mode for the IdP or SP connections.