No SAML log line in the CA Access Gateway (SPS) Agent traces
Article ID: 278630
Updated On:
Products
CA Single Sign On Agents (SiteMinder)
CA Single Sign On Secure Proxy Server (SiteMinder)
SITEMINDER
Issue/Introduction
When running a CA Access Gateway (SPS), this one doesn't log SAML application access in the SPS Agent trace file.
The only lines seen are these:
[Date][Time][Pid][Tid][TransactionID][SrcFile][Function][Message]
[====][====][===][===][=============][=======][========][=======]
[Date][Time][Pid][Tid][TransactionID][SrcFile][Function][Message]
[====][====][===][===][=============][=======][========][=======]
Cause
The CA Access Gateway (SPS) ACO parameters are for the Agent traces, and for SAML, enable them in the SAML Application which configuration files are in the embedded Tomcat directories.
The CA Access Gateway (SPS) ACO traceconfigfile parameter should be set with that path as value:
/{home_sps}/secure-proxy/proxy-engine/conf/defaultagent/SecureProxyTrace.conf
To get the SAML Application access log, enable it in the LoggerConfig.properties file located in:
/{home_sps}/secure-proxy/Tomcat/webapps/affwebservices/WEB-INF/classes/LoggerConfig.properties
Resolution
- Set the CA Access Gateway (SPS) ACO traceconfigfile to the value:
/{home_sps}/secure-proxy/proxy-engine/conf/defaultagent/SecureProxyTrace.conf - From Tomcat files, enable LoggerConfig.properties file, modify the following values:
// TracingOn can be Y, NTracingOn=Y// EnableDNSLookUp can be Y, NEnableDNSLookUp=Y// If TraceFileName is set Trace output will go to the file namedTraceFileName=/{home_sps}/secure-proxy/proxy-engine/logs/FWSTrace.log// TraceConfigFile should be set to the full path of the desired Trace.conf configuration fileTraceConfig=/{home_sps}/secure-proxy/proxy-engine/conf/defaultagent/FederationTrace.conf - Restart the CA Access Gateway (SPS);
Feedback
Yes
No
Powered by
