SMTRACE default config info

book

Article ID: 142441

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We'd like to get a minimal Policy Server Profiler template, which
will catch all important activity, but not in details in order to not
harm the Production.

More we'd like to know what parameter/data is added in the
smtracedefault.txt file so that the Policy Server traces shows
your specific Custom Assertion Generator Plugin lines such as

  "My SAML 2.0 Assertion Plugin", "No attribute defined in SP
   Object"

  "My SAML 2.0 Assertion Plugin", "Creating Attribute Statement
   in Assertion"

 

Environment

 

Policy Server 12.8SP3 on RedHat 7

 

Resolution

At first glance, we provide already a template which can be run in
Production, which is delivered in the Policy Server traces analysis tool :

  components: Server/Connection_Management, Server/Policy_Server_General, IsProtected/Function_Begin_End, Login_Logout/Function_Begin_End, Login_Logout/Authentication, IsAuthorized/Function_Begin_End, ODBC, LDAP/Ldap_Call_Begin_End, LDAP/Internal_Operation, LDAP/Connection_Management, LDAP/Ldap_Error_Messages
  data: Date, PreciseTime, Tid, SrcFile, Function, ErrorValue, ErrorString, Data, Message
  version: 1.1

  Siteminder Policy Trace Analysis
  https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=824043#bm600dfbba-3c79-40a8-825d-b90fc03ae7f6

This template is useful because it can guide you if a problem occurs
in production without putting to much pressure on log writing.

To get the Custom Assertion Generator Plugin specific lines you added,
you should add the Component Fed_Server

  Fed_Server "Federation Server Logging"

and the subcomponents you need, probably the Assertion_Generator as
you run a custom assertion generator.

  | subcomponent         | description                              |
  |----------------------+------------------------------------------|
  | Assertion_Generator  | Watch Assertion Generator Activity       |
  | Auth_Scheme          | Watch SAML Auth Scheme Activity          |
  | Configuration        | Watch SAML Provider Configuration        |
  | Single_Logout        | Watch Single Logout Activity             |
  | Saml_Requester       | Watch SAML Requester Activity            |
  | Attribute_Authority  | Watch Attribute Service Activity         |
  | DSig_Tunnel          | Watch DSig Tunnel Service Activity       |
  | NameID_Management    | Watch NameID Mgt Tunnel Service Activity |
  | Signature_Processing | Watch Signature Processing Activity      |

And maybe you want to add JavaAPI component too :

  JavaAPI "Function calls activity to support Java APIs"

and its subcomponents :

  | subcomponent       | description                              |
  |--------------------+------------------------------------------|
  | BeginEnd           | Watch which parameters are passed to the |
  | Function_Begin_End | Policy Server and what is returned to    |
  |                    | the clients of DMS API and Java Policy   |
  |                    | Management API.                          |

You probably want to set "Message" in the "data:" line to get the
custom message you've set in your code.