Version

    SAML troubleshooting

    Configuring SAML authentication might be a quite challenging task. Sometimes it does not work but there is no clear reason why. To detect problems we can configure Log4j 2 to intercept communication between CloverDX Server and Identity Provider, write it to a log file and examine the log to find the problems.

    How to configure Log4j 2 to log SAML authentication

    1. Create a copy of [clover.war]/WEB-INF/log4j2.xml file.

    2. Uncomment fragments in the file with samlAppender and loggers referring to the appender.

      <RollingFile name="samlAppender"
       fileName="${sys:clover.clover.home}/cloverlogs/saml.log"
       filePattern="${sys:clover.clover.home}/cloverlogs/saml.log.%i">
       <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p %X{IP} %m%n" charset="UTF-8" />
       <Policies>
       <SizeBasedTriggeringPolicy size="5MB" />
       </Policies>
       <DefaultRolloverStrategy max="10" />
</RollingFile>
      <Logger name="com.cloveretl.server.auth.SamlServlet" level="debug" additivity="false">
       <AppenderRef ref="samlAppender" />
</Logger>

<Logger name="com.onelogin.saml2" level="debug" additivity="false">
       <AppenderRef ref="samlAppender" />
</Logger>

    3. Define a new system property log4j.configurationFile with the full path to the file:

      -Dlog4j.configurationFile=file:///C:/path/to/log4j2.xml

    4. Start the CloverDX Server.

    5. The communication is logged into saml.log file (located (by default) in the directory specified by the java.io.tmpdir system property in the cloverlogs subdirectory).

    OSZAR »