When enabled on PingDirectory, you can correlate events in PingFederate with LDAP activities in PingDirectory by looking for the matching session and request tracking IDs in their logs.
PingFederate can receive many requests during a session. The session ID is consistent throughout a session, but the request ID is unique for every request. You can use the request ID to search for specific events within a session.
PingFederate records runtime requests in its audit log and gives them tracking IDs. When PingFederate sends an LDAP call to PingDirectory, PingFederate also sends the request's tracking ID.
For PingFederate to send the tracking ID to PingDirectory, the Intermediate Client Request Control (OID=184.108.40.206.4.1.30220.127.116.11) must be enabled in PingDirectory. Also, there cannot be any access control instructions that prevent the PingFederate service account accessing PingDirectory from using this OID.
PingDirectory records the tracking ID as a session ID or request ID value in its access log. In the log, the ID is a property of a via element.
For example, if you see the following via elements in the PingDirectory
access log, you can match them with PingFederate events by looking for
kkLivppizq1RvbaYBAuB1r9z-Y8' and request ID
FhMl5Lz0KwsQphYUlUVHS4xkC5s in the PingFederate
via="app='PingFederate' sessionID='tid:kkLivppizq1RvbaYBAuB1r9z-Y8'" via="app='PingFederate' requestID='tid:FhMl5Lz0KwsQphYUlUVHS4xkC5s'"
When a PingFederate endpoint receives a request, it records a request ID at the DEBUG level of the server log. When the Request Header for Correlation ID field in the General Settings window specifies a request header, if the request includes that header, and the header's value contains 1 to 50 alphanumeric characters and hyphens, then PingFederate uses that value for the request ID. Otherwise, PingFederate uses a unique value that it generates for the request ID. For more information, see General settings.