PingFederate provides for flexible, scalable logging of all federated-identity transactions, for both inbound and outbound messages.
Administrators can configure transaction logging to any of the four modes on a per-connection basis or override the logging mode for all service provider (SP) connections, identity provider (IdP) connections, or both for troubleshooting or as a one-step means of raising or lowering all connection logging modes to the same level. The log file is transaction.log, located in the <pf_install>>/pingfederate/log directory.
The following table describes the four transaction logging modes.
|No transaction logging.
|(Default) Summary information for each transaction message, including:
|Includes everything logged at the Standard level
* Only when available in a SAML assertion, a single logout (SLO) request, an STS Request Security Token Response (RSTR), or an authentication request (AuthnRequest)
|Includes everything logged at the Enhanced level plus the complete XML message for every transaction.
Each field is separated by a vertical pipe (
|) for parsing.
To configure transaction logging mode on a per connection basis:
- Select the applicable connection on the IdP Connections window ( ) or the SP Connections window ( ).
- On the General Info tab, select one of the logging modes.
To override transaction logging mode for all SP or IdP connections:
- On the IdP Connections window or SP Connections window, click Show Advanced Fields.
- On the Logging Mode Override setting, click On.
- Select a logging mode for the IdP or SP connections.