EDR: How to enable Verbose Debugging for SSO/SAML
search cancel

EDR: How to enable Verbose Debugging for SSO/SAML

book

Article ID: 285650

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • How can verbose debugging for SSO/SAML be enabled?

Environment

  • EDR Server: All Versions
  • SSO/SAML

Resolution

  • Verbose Debugging can be enabled with the following steps:
    1. Make a copy of the coreservices-logger.conf 
      cp /etc/cb/coreservices-logger.conf /etc/cb/coreservices-logger.orig
    2. Open the /etc/cb/coreservices-logger.conf file
    3. Append cb.flask.blueprints.api_routes_saml to the list of keys under [loggers] section:  
      [loggers]
keys=root, gunicorn.access, cb.flask.blueprints.api_routes_saml, saml2
    4. Copy/paste the following snippet anywhere below in the logger configuration file:  
      [logger_cb.flask.blueprints.api_routes_saml] 
level=DEBUG 
handlers=debug_syslog 
qualname=cb.flask.blueprints.api_routes_saml 
propagate=1
    5. Then copy and past the following below that:  
      [logger_saml2]
level=DEBUG
handlers=debug_syslog
propagate=0
qualname=saml2
    6. Save the file. cb-coreservices will automatically re-read the logger configuration after a few minutes (no need to restart). You can verify the change in /var/log/cb/coreservices/debug.log when you swap over to debug level:  
      tail -f /var/log/cb/coreservices/debug.log
2017-02-28 09:04:36 [2420] <warning> cb.utils.cb_logging - Detected new logger config, '/etc/cb/coreservices-logger.conf'. reloading...
    7. Reproduce your authentication issue. Subsequent attempts to login via SSO/SAML (either IdP or SP initiated) will now be logged with increased verbosity.
    8. Restore the original file 
      mv /etc/cb/coreservices-logger.conf /etc/cb/coreservices-logger.conf.sso ; mv /etc/cb/coreservices-logger.conf.orig /etc/cb/coreservices-logger.conf

Additional Information

  • Restart is NOT required. cb-coreservices will automatically re-read the logger configuration after a few minutes
  • If copying and pasting, verify there are no hidden characters at the end of the added lines by running "cat -A /etc/cb/coreservices-logger.conf"
Powered by Wolken Software