Debug logging
AM services capture a variety of information in debug logs. Unlike audit log records, debug log records are unstructured. Debug logs contain different types of information that is useful when troubleshooting AM, including stack traces.
AM uses Logback as the handler for debug logging, making it easily customizable. For example, the level of debug log record output is configurable, as is the storage location and format.
AM lets you enable the debug log level for specific classes in the AM code base. This can be useful when you must turn on debug logging in a production system where you want to avoid excessive logging, but must gather messages when you reproduce a problem.
You can choose the level of logging from the following options:
Off
-
No debug messages are logged.
Error
-
Debug messages signifying that an error has occurred are logged.
This is the default level.
Warning
-
Debug messages signifying potentially harmful situations are logged.
Information
-
Debug messages that contain coarse-grained information about the status of AM are logged.
Debug
-
Debug messages that contain fine-grained information useful for troubleshooting AM are logged.
Trace
-
All debug messages are logged.
Create loggers to specify the debug level for a class, and choose where the output is recorded. The logger used by a feature in AM is hierarchical, based on the class that is creating the debug messages. The most specific logger is used, which is the logger whose path most closely matches the class that is creating the log messages.
For example, if you knew there was an issue in an authentication module,
you might enable trace-level debug logging in org.forgerock.openam.authentication.modules
.
If you are not sure where the problem lies, you may choose a broader option,
for example org.forgerock.openam.authentication
.
The least-specific, catch-all logger is named ROOT
.
AM also logs information related to client interactions
using the org.apache.http.wire
and org.apache.http.headers
appenders.
The information they collect is useful, for example, when you are developing authentication scripts
or when your environment requires STS transformations.
By default, these appenders are always set to the Warning
level unless logging is disabled.
Learn more in the org.forgerock.allow.http.client.debug advanced server property.
You can configure debug logging temporarily by using the AM admin UI, or you can create a file in the AM classpath with persistent debug configuration.
Temporarily enable debug logging with Logback.jsp
These steps let you temporarily capture debug messages, until the next time AM or the container in which it runs is restarted.
-
In the AM admin UI, go to
Logback.jsp
in the root context of the AM installation, for examplehttps://openam.example.com:8443/openam/Logback.jsp
.No links to this page are provided in the AM admin UI.
Only the
amAdmin
administrator account can access theLogback.jsp
page and alter the debug settings; delegated administrators do not have access.The page displays all the appenders and their associated debug loggers, for example:
For configuration that defines similar appenders and loggers, refer to the example logback.xml.
Logback.jsp logger names
The following lists contain the available logger names ordered by their associated appender:
Authentication
Authentication service, framework, Auth modules, Callbacks, JAAS, API com.sun.identity.authentication.spi.AMLoginModule, org.forgerock.openam.core.rest.authn.callbackhandlers, com.sun.identity.authentication.spi.AMAuthCallBackImpl, com.sun.identity.authentication.service.AuthContextLookup, com.sun.identity.authentication.util, org.forgerock.openam.authentication.service.LoginContextFactory, com.sun.identity.authentication.server.AuthContextLocal, com.sun.identity.authentication.service.AMAccountLockout, com.sun.identity.authentication.service.LoginState, com.sun.identity.authentication.UI.LoginViewBean, com.sun.identity.authentication.client, org.forgerock.openam.core.rest.authn.trees, com.sun.identity.authentication.spi.FirstTimeLogin, org.forgerock.openam.auth, org.forgerock.openam.authentication.service.SessionPropertyUpgrader, com.sun.identity.authentication.UI.AuthExceptionViewBean, com.sun.identity.authentication.spi.ReplayPasswd, com.sun.identity.authentication.config, com.sun.identity.authentication.share, org.forgerock.openam.authentication.SessionUpgradeVerifier, com.sun.identity.authentication.service.DSAMECallbackHandler, com.sun.identity.authentication.spi.AMModuleProperties, org.forgerock.openam.utils.MappingUtils, com.sun.identity.authentication.UI.AuthenticationServletBase, com.sun.identity.authentication.service.AuthenticationPrincipalDataRetrieverFactory, com.sun.identity.authentication.UI.LogoutViewBean, com.iplanet.security, com.sun.identity.authentication.internal, com.sun.identity.authentication.AuthContext, com.sun.identity.policy.plugins.AuthenticatedSharedAgents, org.forgerock.openam.ldap.LDAPAuthUtils, com.sun.identity.authentication.UI.AuthViewBeanBase, org.forgerock.openam.authentication.modules, com.iplanet.services.cdm, org.forgerock.openam.authentication.service.AuthUtilsWrapper, com.sun.identity.policy.plugins.AuthenticatedAgents, com.sun.identity.authentication.spi.JwtReplayPassword, com.sun.identity.policy.plugins.AllowedAgents, com.sun.identity.authentication.service.AuthenticationServiceAttributeCache, com.sun.identity.authentication.jaas, com.sun.identity.authentication.service.AuthD, org.forgerock.openam.core.rest.authn.core, org.forgerock.openam.scripting.api, com.sun.identity.common.ISAccountLockout, org.forgerock.openam.core.rest.authn.RestAuthCallbackHandlerFactory, org.forgerock.openam.core.rest.authn.RestAuthCallbackHandlerManager, org.forgerock.openam.webhook, com.iplanet.services.cdc, com.sun.identity.authentication.modules, org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1, com.sun.identity.authentication.service.AuthUtils, com.sun.identity.policy.plugins.AuthenticatedSharedAgentsCondition, org.forgerock.openam.authentication.service.JAASModuleDetector, org.forgerock.openam.core.rest.authn.RestAuthenticationHandler
Configuration
Service Configuration, Delegation, SMS Schema, SMS repository, plugins com.sun.identity.sm.ServiceSchemaManager, com.iplanet.services.ldap.event.EventService, com.sun.identity.sm.SMSSchema, com.sun.identity.tools, com.sun.identity.sm.SMSUtils, com.sun.identity.common.configuration.ServerConfigXMLObserver, com.sun.identity.sm.ServiceSchema, com.sun.identity.delegation, com.sun.identity.sm.OrganizationConfigManager, com.sun.identity.sm.ldap, com.sun.identity.sm.SMSNotificationManager, com.sun.identity.sm.PluginSchema, com.sun.identity.sm.AttributeValidator, com.sun.identity.sm.ServiceConfigManagerImpl, com.sun.identity.sm.ServiceConfigImpl, com.sun.identity.sm.SMSPropertiesObserver, com.sun.identity.sm.OrganizationConfigManagerImpl, com.sun.identity.sm.AuthenticationServiceNameProviderImpl, org.forgerock.openam.xui.XUIFilter, com.sun.identity.sm.ServiceSchemaImpl, com.sun.identity.setup, com.sun.identity.sm.AttributeSchemaState, com.sun.identity.sm.ServiceInstanceImpl, org.forgerock.openam.auditors, com.sun.identity.workflow, com.sun.identity.sm.ServiceConfigManager, org.forgerock.openam.sm.validation, com.sun.identity.common.configuration.SessionSiteNames, com.sun.identity.sm.ServiceConfig, com.sun.identity.sm.SMServlet, com.sun.identity.sm.ServiceManager, com.sun.identity.common.configuration.ServerPropertyValidator, com.sun.identity.sm.SMSEntry, com.sun.identity.sm.PluginConfig, org.forgerock.openam.utils.OpenAMSettingsImpl, com.sun.identity.sm.jaxrpc, com.sun.identity.sm.DNMapper, com.sun.identity.sm.SMSException, com.sun.identity.sm.SMSEventListenerManager, org.forgerock.openam.utils.MapHelper, com.sun.identity.sm.ServiceInstance, com.sun.identity.config.util, com.sun.identity.sm.CachedSubEntries, com.sun.identity.sm.PluginConfigImpl, com.sun.identity.authentication.service.ConfiguredSocialAuthServices, com.sun.identity.sm.ServiceSchemaManagerImpl, com.sun.identity.sm.CachedSMSEntry, com.sun.identity.sm.CreateServiceConfig, com.sun.identity.sm.AttributeSchema, com.sun.identity.sm.PluginSchemaImpl
CoreSystem
Core infrastructure services, PLL, cookies, naming, logging, upgrade, Scripting com.sun.identity.monitoring, com.sun.identity.saml2.idpdiscovery, com.sun.identity.security.cert.CRLValidator, org.forgerock.openam.xacml.v3.rest, org.forgerock.openam.core.rest.SelfServiceUserUiRolePredicate, org.forgerock.openam.core.rest.cts, org.forgerock.openam.sm.datalayer.impl.ldap.LdapSearchHandler, org.forgerock.openam.security, com.sun.identity.plugin.monitoring.impl, org.forgerock.openam.sm.datalayer.providers, com.zaxxer.hikari, org.forgerock.openam.uma.UmaUserUiRolePredicate, com.sun.identity.common.RequestUtils, org.forgerock.openam.entitlement.rest.SubjectAttributesResourceV1, org.forgerock.openam.services.baseurl, org.forgerock.openam.core.rest.IdentityRestUtils, org.forgerock.openam.core.rest.UserGroupsResource, org.forgerock.openam.oauth2.rest, com.sun.identity.authentication.UI.taglib, org.forgerock.openam.core.rest.docs, com.sun.identity.log, org.forgerock.openam.core.rest.AllAuthenticatedUsersResource, org.forgerock.openam.utils.WhitelistObjectInputStream, org.forgerock.openam.core.rest.dashboard, com.sun.identity.common.SystemTimerPool, org.forgerock.openam.core.rest.session.AnyOfAuthzModule, org.forgerock.openam.rest, org.forgerock.openam.core.rest.sms, com.sun.identity.common.admin, org.forgerock.openam.shared.resourcename, com.sun.identity.security.AdminTokenAction, org.forgerock.openam.uma.rest.UmaPolicyResourceAuthzFilter, org.forgerock.openam.shared.concurrency, org.forgerock.openam.core.rest.session.SessionResourcePrivilegeAuthzModule, org.forgerock.openam.entitlement.rest.ResourceTypesResource, org.forgerock.openam.uma.rest.UmaPolicyServiceImpl, org.forgerock.openam.entitlement.rest.DecisionCombinersResource, com.sun.identity.common.HttpURLConnectionManager, org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutor, org.forgerock.openam.network.ipv4.IPv4AddressRange, org.forgerock.openam.audit, org.forgerock.audit, com.sun.identity.common.DNUtils, org.forgerock.openam.utils.IPRange, org.forgerock.openam.services.RestSecurity, org.forgerock.openam.core.rest.IdentityResourceV4, org.forgerock.openam.core.rest.IdentityResourceV3, com.sun.identity.security.SecurityDebug, org.forgerock.openam.backstage, org.forgerock.openam.core.rest.server, org.forgerock.openam.utils.ClientUtils, org.forgerock.openam.core.rest.IdentityResourceV2, org.forgerock.openam.entitlement.rest.ApplicationV1Filter, org.forgerock.openam.core.rest.IdentityResourceV1, org.forgerock.openam.core.rest.devices, org.forgerock.openam.entitlement.rest.ApplicationsResource, com.sun.identity.policy.util.Gateway, com.sun.identity.shared.jaxrpc, org.forgerock.openam.forgerockrest, com.iplanet.am.util, com.iplanet.services.comm, org.forgerock.openam.core.rest.authn.AuditHelper, org.forgerock.openam.sm.datalayer.impl.PooledTaskExecutor, org.forgerock.openam.ldap.LdifUtils, org.forgerock.openam.core.rest.session.action.LogoutByHandleActionHandler, org.forgerock.openam.sm.datalayer.impl.ldap.LdapQueryBuilder, com.sun.identity.shared.search, org.forgerock.openam.entitlement.rest.SubjectTypesResource, com.sun.identity.shared.encode.CookieUtils, com.iplanet.services.naming, org.forgerock.openam.cors, com.sun.identity.idsvcs, com.sun.identity.jaxrpc, org.forgerock.openam.http, org.forgerock.openam.shared.guice, org.forgerock.openam.utils.AMKeyProvider, org.forgerock.openam.utils.AuthLevelUtils, org.forgerock.openam.shared.security.whitelist, org.forgerock.openam.notifications, com.sun.identity.policy.util.GatewayServletUtils, org.forgerock.openam.core.sms, org.forgerock.openam.blacklist, com.sun.identity.common.configuration.AgentConfiguration, org.forgerock.openam.entitlement.rest.ApplicationTypesResource, org.forgerock.openam.monitoring, com.sun.identity.common.ResourceLookup, org.forgerock.openam.entitlement.rest.PolicyV1Filter, com.sun.identity.authentication.server.AuthXMLRequestParser, org.forgerock.openam.entitlement.rest.wrappers, com.sun.identity.security.cert.AMCertStore, org.forgerock.openam.sm.datalayer.impl.SimpleTaskExecutor, com.sun.identity.shared.locale, com.sun.identity.shared.whitelist, org.forgerock.openam.sm.datalayer.impl.ldap.CTSDJLDAPv3PersistentSearch, com.sun.identity.protocol, org.forgerock.openam.scripting.rest, org.forgerock.openam.entitlement.rest.ConditionTypesResource, org.forgerock.openam.core.rest.record, com.sun.identity.security.cert.AMCertPath, org.forgerock.openam.utils.ServiceConfigUtils, com.sun.identity.authentication.server.AuthXMLRequest
EMBEDDED_DIRECTORY
Embedded Directory Server org.forgerock.opendj, com.forgerock.opendj, com.forgerock.opendj.ldap.config, org.opends
Federation
Federated SSO, protocols (WS-Federation, SAML2), Metadata, Hub, Circle of Trust com.sun.identity.wsfederation.profile, com.sun.identity.saml2.servlet, com.sun.identity.saml2.plugins.SAML2PluginsUtils, com.sun.identity.plugin.datastore, com.sun.identity.saml2.logging, com.sun.identity.saml2.protocol, com.sun.identity.saml2.common, com.sun.identity.saml2.plugins.DefaultAccountMapper, org.forgerock.openam.federation, com.sun.identity.wsfederation.plugins.DefaultSPAttributeMapper, com.sun.identity.saml2.plugins.DefaultSPAccountMapper, com.sun.identity.wsfederation.plugins.whitelist, com.sun.identity.saml2.profile, com.sun.identity.wsfederation.plugins.DefaultLibrarySPAccountMapper, com.sun.identity.saml2.plugins.SAML2IDPProxyFRImpl, com.sun.identity.wsfederation.key, com.sun.identity.multiprotocol, com.sun.identity.saml2.plugins.SAML2IDPProxyImpl, com.sun.identity.wsfederation.servlet, com.sun.identity.xacml, com.sun.identity.plugin.monitoring.MonitorManager, com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper, com.sun.identity.wsfederation.plugins.DefaultAccountMapper, com.sun.identity.saml2.plugins.DefaultAttributeMapper, com.sun.identity.wsfederation.plugins.DefaultAttributeMapper, org.forgerock.openam.authentication.Saml2SessionUpgradeHandler, com.sun.identity.saml2.ecp, org.forgerock.openam.wsfederation, com.sun.identity.federation, org.forgerock.openam.saml2, jsp.saml2, com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper, com.sun.identity.saml2.plugins.DefaultLibrarySPAccountMapper, com.sun.identity.plugin.log, com.sun.identity.saml, com.sun.identity.wsfederation.meta, com.sun.identity.wsfederation.plugins.DefaultIDPAuthenticationMethodMapper, com.sun.identity.saml2.plugins.DefaultFedletAdapter, com.sun.identity.saml2.plugins.DefaultLibraryIDPAttributeMapper, com.sun.identity.saml2.xmlenc, com.sun.identity.saml2.plugins.DefaultSPAttributeMapper, com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper, com.sun.identity.saml2.xmlsig, com.sun.identity.liberty.ws.security, com.sun.identity.plugin.session.SessionManager, com.sun.identity.wsfederation.plugins.DefaultIDPAccountMapper, com.sun.identity.plugin.session.impl.FMSessionProvider, com.sun.identity.saml2.key, com.sun.identity.wsfederation.logging, com.sun.identity.saml2.plugins.DefaultIDPAccountMapper, com.sun.identity.wsfederation.plugins.DefaultADFSPartnerAccountMapper, com.sun.identity.saml2.assertion, com.sun.identity.wsfederation.plugins.DefaultIDPAttributeMapper, com.sun.identity.plugin.session.impl.FedletSessionProvider, com.sun.identity.saml2.meta, com.sun.identity.plugin.configuration, com.sun.identity.saml2.soapbinding, com.sun.identity.wsfederation.common, com.sun.identity.cot
IdRepo
Identity Repositories, Datastores, plugins com.sun.identity.common.ISResourceBundle, com.iplanet.am.sdk, org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo, org.forgerock.openam.shared.security.crypto, com.iplanet.sso.SSOTokenManager, com.iplanet.services.ldap.DefaultDataStoreConfigurationManager, com.sun.identity.idm, org.forgerock.openam.idrepo.ldap.helpers.DirectoryHelper, com.sun.identity.shared.encode.Hash, org.forgerock.openam.core.realms, org.forgerock.openam.shared.security.ThreadLocalSecureRandom, com.iplanet.services.ldap.event.LDAPv3PersistentSearch, org.forgerock.openam.idrepo.ldap.psearch, com.sun.identity.security.ServerInstanceAction, org.forgerock.openam.identity, org.forgerock.openam.ldap.LDAPUtils
OAuth2Provider
OAuth 2.0 Provider org.forgerock.openam.oauth2.OpenAMClientRegistrationStore, org.forgerock.openam.oauth2.secrets, org.forgerock.openidconnect, org.forgerock.openam.oauth2.resources.ResourceSetLabelRegistration, org.forgerock.openam.oauth2.OAuth2GlobalSettings, org.forgerock.openam.oauth2.OpenAMClientRegistration, org.forgerock.openam.oauth2.ciba, org.forgerock.openam.oauth2.requesturis, org.forgerock.openam.oauth2.OAuth2AuditLogger, org.forgerock.openam.oauth2.token, org.forgerock.openam.oauth2.IdentityManager, org.forgerock.openam.oauth2.IgAgentClientRegistration, org.forgerock.openam.oauth2.jwks, org.forgerock.oauth2, org.forgerock.openam.utils.RealmNormaliser, org.forgerock.openam.oauth2.AgentClientRegistration, org.forgerock.openam.oauth2.ClientCredentialsReader, org.forgerock.openam.oauth2.remoteconsent, org.forgerock.openam.oauth2.OpenAMScopeValidator, org.forgerock.openam.oauth2.OAuth2Monitor
OpenDJ-SDK
Directory Server SDK org.forgerock.opendj.ldif, org.forgerock.opendj.asn1, com.forgerock.opendj.util, com.forgerock.opendj.ldap, org.forgerock.opendj.ldap, org.forgerock.opendj.util
OtherLogging
Miscellaneous logs org.forgerock.openam.secrets.SecretIdChoiceValues, org.forgerock.am.iot.IntrospectTokenActionHandler, com.sun.identity.sm.SmsObjectResolver, org.forgerock.config.resolvers, org.forgerock.openam.services.datastore, org.forgerock.openam.utils.JCECipherProvider, org.forgerock.config.resolvers.SystemPropertyResolver, com.sun.identity.policy.plugins, org.forgerock.openam.entitlement.rest, org.forgerock.openam.services.datastore.DataStoreConsistencyFilter, org.forgerock.openam.oauth2.saml2, org.forgerock.secrets.propertyresolver.PropertyResolverSecretStore, org.forgerock.openam.headers.DisableSameSiteCookiesFilter, org.forgerock.openam.oauth2.resources, org.forgerock.openam.uma.rest, org.forgerock.openam.integration.idm.IdmClientIdRepo, org.forgerock.am.health.HealthCheckService, com.sun.identity.shared, org.forgerock.openam.network.ipv4, com.forgerock, org.forgerock.openam.core.rest.session, org.forgerock.util.encode.Base64url, org.forgerock.openam.core.rest, com.iplanet.services.ldap.ServerGroup, org.forgerock.am.iot.ThingsResource, org.forgerock.openam.uma, org.forgerock.openam.secrets.config.GoogleKeyManagementServiceSecretStore, org.forgerock.api.models.Resource, org.forgerock.openam.oauth2.saml2.core.Saml2GrantTypeHandler, com.sun.identity.configuration.ConfigFedMonitoring, org.forgerock.openam.setup.BootstrapSubstitutionService, org.forgerock.util.promise, org.forgerock.config.resolvers.EnvironmentVariableResolver, org.forgerock.config.util, org.forgerock.openam.scripting.ScriptEngineConfigurator, org.forgerock.openam.oauth2.guice, org.forgerock.openam.scripting.persistence, org.forgerock.api.models.Items, org.forgerock.openam.homedirectory.HomeDirectoryUtils, org.forgerock.openam.selfservice, com.iplanet.services, org.forgerock.openam.scripting.ThreadPoolScriptEvaluator, jsp, org.forgerock.am.health.ReadinessCheckEndpoint, io.swagger.models.parameters.AbstractSerializableParameter, org.forgerock.openam.social, com.sun.identity.plugin.monitoring, org.forgerock.openam.services.MailService, OAuth2Factory, org.apache.http.headers, org.forgerock.json, org.forgerock.openam.oauth2.OAuth2UrisFactory, com.sun.identity.shared.encode, org.forgerock.http.swagger, com.iplanet, com.sun.identity.common.configuration, org.forgerock.json.resource.InterfaceCollectionInstance, org.forgerock.json.resource.http.HttpUtils, org.forgerock.openam.uma.UmaProviderSettingsFactory, org.forgerock.openam.utils, org.forgerock.openam.scripting, org.forgerock.openam.uma.rest.UmaEnabledFilter, org.forgerock.openam.sts.publish.rest.RestSTSSetupListener, org.forgerock.util.encode.Base64, com.zaxxer, org.forgerock.openam.oauth2.guice.OAuth2GuiceModule, org.forgerock.openam.social.idp.SocialIdpJwksSecretsProvider, org.forgerock.secrets, org.forgerock.util.promise.Promises, org.forgerock.secrets.SecretReference, org.forgerock.openam.sts.publish.common.STSInstanceConfigStoreBase, io.swagger.models.parameters, org.forgerock.openam.sts.publish.common, io.swagger, org.forgerock.openam.oauth2.pop, org.forgerock.openam.sm.datalayer, org.forgerock.openam.social.idp.choiceValues.AllowedJweAlgorithms, org.forgerock.http, oauth2, org.forgerock.openam.service.datastore.LdapDataStoreService, org.forgerock.http.filter, org.apache.http.wire, org.forgerock.http.swagger.OpenApiRequestFilter, org.forgerock.openam.xui, org.forgerock.api.models, com.iplanet.services.ldap.event, org.forgerock.json.jose.jws.SigningManager, com.sun.identity.shared.xml.XMLUtils, org.forgerock.http.oauth2, org.forgerock.util.promise.PromiseImpl, org.forgerock.openam.secrets, org.forgerock.openam.sts.publish.service, org.forgerock.openam.sm.config.ConsoleConfigHandlerImpl, org.forgerock.openam.integration.idm, com.sun.identity.authentication, io.swagger.models, org.forgerock.openam.selfservice.SelfServiceRequestHandler, org.forgerock.am.health.LivenessCheckEndpoint, com.sun.identity.sm.RootSuffixProvider, org.forgerock.am.iot, idRepoAuditor, org.forgerock.openam.sm.datalayer.impl, org.forgerock.http.util, com.sun.identity.plugin.session.impl, com.sun.identity.common, org.forgerock.openam.utils.PerThreadCache, com.sun.identity.shared.xml, org.forgerock.openam.service.datastore, com.sun.identity.shared.datastruct, org.forgerock.json.jose.jws, com.sun.identity.common.configuration.ConfigurationObserver, com.sun.identity.configuration, org.forgerock.http.filter.TransactionIdInboundFilter, frRest, org.forgerock.secrets.propertyresolver, org.apache, org.forgerock.openam.service, org.forgerock.openam.secrets.SecretsUtils, org.forgerock.openam.utils.LogUtils, ROOT, com.sun.identity.common.ShutdownManager, org.forgerock.am.iot.GetAccessTokenActionHandler, org.forgerock.openam.core.rest.authn, org.forgerock.openam.scripting.persistence.config.consumer.ScriptTypeAdapter, com.sun, org.forgerock.util.i18n, org.forgerock.openam.entitlement.service.ApplicationServiceImpl, com.sun.identity.policy.plugins.PrefixResourceName, com.sun.identity.wsfederation.plugins, org.forgerock.openam.secrets.config.GoogleSecretManagerSecretStoreProvider, org.forgerock.api.transform, org, org.forgerock.util.encode, com.sun.identity.sm.SmsWrapperObject, org.forgerock.openam.sm.config, org.forgerock.openam.scripting.sandbox, org.forgerock.openam.shared.security, org.forgerock.api.transform.OpenApiTransformer, org.forgerock.http.oauth2.ResourceServerFilter, org.forgerock.openam.headers, com.sun.identity, org.forgerock.openam.core.rest.authn.http, org.forgerock.openam.errors, org.forgerock.openam.idrepo.ldap.helpers, org.forgerock.openam.secrets.config.SecretsPlugin, org.forgerock.http.protocol.Form, org.forgerock.json.resource, org.forgerock.util.i18n.PreferredLocales, com.iplanet.services.ldap, com.sun.identity.sm.schema.ParsedSchema, org.forgerock.openam.scripting.service.ScriptChoiceValues, org.forgerock.openam.sts.publish.rest.RestSTSInstancePublisherImpl, org.forgerock.openam.errors.AgentResourceExceptionMappingHandler, org.forgerock.config.resolvers.FlatFileResolver, org.forgerock.http.routing, org.forgerock.openam.oauth2.pop.MutualTlsConfirmationMethod, org.forgerock.openam.scripting.StandardScriptEvaluator, org.forgerock.am.iot.IotClientRegistrationStore, org.forgerock.http.servlet.Servlet3Adapter, org.forgerock.openam.idrepo, org.forgerock.config, ldapUrl, org.forgerock.json.resource.InterfaceSingletonHandler, org.forgerock.openam.secrets.config, org.forgerock.openam.sm.DefaultAnnotatedServiceRegistry, org.forgerock.am.health, org.forgerock.caf.authentication.framework, org.forgerock.am.iot.GetUserTokenActionHandler, com.sun.identity.authentication.UI.LoginLogoutMapping, org.forgerock.openam.config, io, org.forgerock.caf.authentication, org.forgerock.openam.sm, org.forgerock.openam.sm.ServiceSchemaRegistrar, org.forgerock.api.models.Operation, org.forgerock.http.protocol, org.forgerock.util.DirectoryWatcher, com.sun.identity.security, org.forgerock.openam.entitlement, org.forgerock.openam.oauth2.ClientCertificateHeaderFormat, org.forgerock.am.iot.GetUserCodeActionHandler, org.forgerock.openam.shared, org.forgerock.http.servlet, org.forgerock.api.CrestApiProducer, org.forgerock.openam.sm.annotations.SchemaBuilder, org.forgerock.openam.scripting.sandbox.RhinoSandboxClassShutter, org.forgerock.util.xml, com.sun.identity.authentication.service.ConfiguredIdentityTypes, org.forgerock.openam.xacml, org.forgerock.openam.scripting.service.GlobalScriptChoiceValues, com.iplanet.services.ldap.Server, com.sun.identity.sm, org.forgerock.openam.sts.publish.rest.RestSTSPublishServiceListener, org.forgerock.secrets.AllowedKeyUsageConstraint, org.forgerock.openam.oauth2.jar, org.forgerock.openam.oauth2.OAuth2Utils, org.forgerock.openam.sm.health.FbcLivenessCheck, org.forgerock.json.resource.http, org.forgerock.openam.idrepo.ldap, com.sun.identity.authentication.UI, com.iplanet.services.util, com.sun.identity.liberty.ws, com.sun.identity.authentication.server, org.forgerock.openam.sts.publish.service.SoapSTSPublishServiceRequestHandler, org.forgerock.util, com.iplanet.sso, org.forgerock.openam.sm.health.PluginStartupCheck, org.forgerock.guice.core.InjectorFactory, org.forgerock.openam.sm.datalayer.impl.ldap, org.forgerock.openam.sts.publish, org.forgerock.macaroons, org.forgerock.openam.selfservice.SelfServiceTreesResource, com, org.forgerock.openam.scripting.service.StandardScriptStoreFactory, org.forgerock.openam.scripting.persistence.config, org.forgerock.openam.validation, com.sun.identity.authentication.service, com.sun.identity.sm.SMSThreadPool, org.forgerock.openam.validation.RequestEntitySizeVerificationFilter, org.forgerock.util.promise.Promises$CompletedPromise, com.sun.identity.authentication.service.AuthConfigMonitor, org.forgerock.am, org.forgerock.openam.scripting.service, org.forgerock.api, org.forgerock.http.header.SetCookieHeader, org.forgerock.macaroons.SerializationFormatV2, org.forgerock.am.iot.IotService, org.forgerock.openam.ldap, com.iplanet.am, com.sun.identity.plugin, org.forgerock.macaroons.SerializationFormatV1, com.sun.identity.plugin.session, org.forgerock.openam.services, org.forgerock.util.xml.XMLUtils, org.forgerock.openam.oauth2.saml2.core, org.forgerock.openam.social.idp, org.forgerock.openam.config.ServiceComponentConfigBuilder, org.forgerock.openam.core.rest.session.action, com.sun.identity.liberty, org.forgerock.openam.homedirectory, org.forgerock.openam.scripting.StandardScriptEngineManager, org.forgerock.openam.secrets.Secrets, org.forgerock.caf.authentication.framework.AuthenticationFramework, org.forgerock.json.jose.utils.Utils, org.forgerock.openam.social.idp.SocialIdentityProviders, org.forgerock.openam.core.rest.authn.AuthIdHelper, org.forgerock.openam.oauth2, org.forgerock.openam.core.CoreWrapper, org.forgerock.guice, org.forgerock.http.protocol.Entity, org.forgerock.openam.sts.publish.service.RestSTSPublishServiceRequestHandler, org.forgerock.openam.scripting.persistence.config.consumer, org.forgerock.openam.network, org.forgerock.http.header, org.forgerock.openam.entitlement.service, org.forgerock.openam.integration, com.sun.identity.common.SystemTimer, org.forgerock.openam.core, com.sun.identity.sm.SmsChangesLogger, org.forgerock.openam.sm.datalayer.impl.CtsConnectionCheck, org.forgerock.openam.sts, com.sun.identity.authentication.server.AuthXMLHandler, org.forgerock.openam.sm.annotations, org.forgerock.config.resolvers.PropertyResolvers, org.forgerock.secrets.SecretsProvider, com.sun.identity.policy, com.sun.identity.wsfederation, org.forgerock.json.resource.http.HttpAdapter, org.forgerock.http.util.Uris, com.sun.identity.shared.datastruct.CollectionHelper, org.forgerock.guice.core, org.forgerock, org.forgerock.openam.sts.publish.rest, org.forgerock.openam.social.idp.choiceValues, com.iplanet.services.util.Crypt, com.sun.identity.config, org.forgerock.json.resource.InterfaceCollectionHandler, org.forgerock.openam, jsp.realmSelection, org.forgerock.openam.service.datastore.SmsDataStoreLookup, com.sun.identity.authentication.service.AMLoginContext, com.sun.identity.authentication.spi, org.forgerock.config.util.JsonValuePropertyEvaluator, org.forgerock.openam.xacml.v3, org.forgerock.http.routing.Router, com.iplanet.services.ldap.LDAPUser, com.sun.identity.policy.util, org.apache.http, com.sun.identity.sm.schema, org.forgerock.http.servlet.HttpFrameworkServlet, org.forgerock.openam.setup, org.forgerock.openam.social.idp.DefaultOpenIdConnectRelyingPartySettings, org.forgerock.openam.headers.SecureCookieFilter, com.iplanet.services.util.JCEEncryption, org.forgerock.json.jose, org.forgerock.openam.oauth2.OAuth2NotificationPublisher, com.sun.identity.security.cert, org.forgerock.json.jose.utils, org.forgerock.caf, org.forgerock.openam.oauth2.jar.JarAuthorizeRequestValidator, org.forgerock.openam.sm.health, org.forgerock.config.resolvers.ChainedPropertyResolver
Plugins
Plugin Framework org.forgerock.openam.plugins
Policy
Policy Framework,Subject, Condition, Resource Attributes, XACML, Plugins, API com.sun.identity.policy.PolicyManager, com.sun.identity.policy.plugins.Organization, com.sun.identity.policy.SharedSubject, com.sun.identity.policy.ActionDecision, com.sun.identity.policy.ResourceManager, com.sun.identity.policy.plugins.IDRepoResponseProvider, com.sun.identity.policy.plugins.AuthSchemeCondition, com.sun.identity.policy.plugins.LEAuthLevelCondition, com.sun.identity.policy.PolicyCache, com.sun.identity.policy.PolicyDecision, org.forgerock.openam.entitlement.monitoring, com.sun.identity.policy.ProxyPolicyEvaluatorFactory, com.sun.identity.policy.Rule, com.sun.identity.policy.ResourceComparatorValidator, com.sun.identity.policy.plugins.IPCondition, com.sun.identity.policy.ProxyPolicyEvaluator, com.sun.identity.policy.remote, com.sun.identity.policy.ValidationErrorHandler, org.forgerock.openam.entitlement.rest.EntitlementsExceptionMappingHandler, org.forgerock.openam.network.ipv6, com.sun.identity.policy.Subjects, com.sun.identity.policy.plugins.PeerOrgReferral, com.sun.identity.policy.Policy, com.sun.identity.policy.ActionSchema, org.forgerock.openam.idrepo.ldap.helpers.ADHelper, org.forgerock.openam.entitlement.configuration, com.sun.identity.policy.plugins.SubOrgReferral, com.sun.identity.policy.plugins.AuthenticateToRealmCondition, org.forgerock.openam.entitlement.indextree, com.sun.identity.policy.SubjectEvaluationCache, org.forgerock.openam.uma.rest.UserPolicyResource, com.sun.identity.policy.plugins.OrgReferral, com.sun.identity.policy.plugins.LDAPUsers, com.sun.identity.policy.plugins.UserSelfCheckCondition, com.sun.identity.policy.ResponseProviderTypeManager, com.sun.identity.policy.plugins.LDAPFilterCondition, com.sun.identity.policy.plugins.SimpleTimeCondition, com.sun.identity.policy.ResponseProviders, org.forgerock.openam.xacml.v3.resources, com.sun.identity.policy.PolicyUtils, com.sun.identity.policy.plugins.SessionCondition, org.forgerock.openam.entitlement.CachingEntitlementCondition, com.sun.identity.policy.plugins.AMIdentitySubject, com.sun.identity.policy.Referrals, com.sun.identity.policy.ResourceIndexManager, com.sun.identity.policy.plugins.AuthLevelCondition, com.sun.identity.policy.plugins.LDAPConnectionPools, com.sun.identity.policy.plugins.AuthenticateToServiceCondition, com.sun.identity.policy.plugins.AuthRoleCondition, com.sun.identity.policy.plugins.AMIdentityMembershipCondition, com.sun.identity.entitlement, com.sun.identity.policy.PolicyEvaluatorFactory, com.sun.identity.policy.plugins.SessionPropertyCondition, org.forgerock.openam.entitlement.PolicyConstants, com.sun.identity.policy.PolicyEvaluator, com.sun.identity.policy.ServiceTypeManager, com.sun.identity.policy.ServiceType, com.sun.identity.policy.ResourceResult, com.sun.identity.policy.plugins.ResourceEnvIPCondition, org.forgerock.openam.entitlement.conditions, com.sun.identity.policy.ConditionTypeManager, com.sun.identity.policy.PolicyConfig, com.sun.identity.policy.plugins.LDAPGroups, org.forgerock.openam.network.ipv4.IPv4Condition, com.sun.identity.policy.SubjectTypeManager, org.forgerock.openam.entitlement.utils, com.sun.identity.policy.util.PolicyDecisionUtils, org.forgerock.openam.entitlement.PolicySetNotificationConsumer, com.sun.identity.policy.Conditions, org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV2, com.sun.identity.policy.ReferralTypeManager, org.forgerock.openam.entitlement.rest.PolicyResource, org.forgerock.openam.entitlement.rest.JsonPolicyParser
Push
Push Notification org.forgerock.openam.services.push
Radius
RADIUS server org.forgerock.openam.radius
Session
Session framework, session management, SSOToken, session failover, API org.forgerock.openam.core.rest.session.action.SetPropertyActionHandler, org.forgerock.openam.core.rest.session.action.GetPropertyActionHandler, org.forgerock.openam.core.rest.session.SessionResource, com.sun.identity.sm.ServerIDValidator, org.forgerock.openam.cts, org.forgerock.openam.core.rest.session.action.LogoutActionHandler, org.forgerock.openam.dpro, com.iplanet.sso.providers, org.forgerock.openam.core.rest.session.action.ValidateActionHandler, org.forgerock.openam.core.rest.session.action.GetSessionPropertiesActionHandler, org.forgerock.openam.session, org.forgerock.openam.sm.datalayer.impl.ldap.ExternalLdapConfig, org.forgerock.openam.core.rest.session.action.UpdateSessionPropertiesActionHandler, org.forgerock.openam.core.rest.session.SSOTokenPartialSessionFactory, org.forgerock.openam.sm.SMSConfigurationFactory, org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutorThread, com.iplanet.dpro, com.sun.identity.plugin.session.impl.FMSessionNotification, org.forgerock.openam.core.rest.session.action.GetPropertyNamesActionHandler, org.forgerock.openam.core.rest.session.SessionResourceUtil, org.forgerock.openam.core.rest.session.SessionResourceV2, com.sun.identity.sm.SiteIDValidator, org.forgerock.openam.core.rest.session.action.DeletePropertyActionHandler
UmaProvider
UMA provider org.forgerock.openam.oauth2.AccessTokenProtectionFilter, org.forgerock.openam.uma.UmaSettingsImpl, org.forgerock.openam.uma.icg, org.forgerock.openam.uma.PendingRequestEmailTemplate, org.forgerock.openam.uma.rest.UmaPolicyApplicationListener, org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook, org.forgerock.openam.oauth2.resources.labels, org.forgerock.openam.uma.UmaProviderSettingsImpl, org.forgerock.openam.uma.UmaGrantTypeHandler, org.forgerock.openam.uma.rest.UmaLabelResource, org.forgerock.openam.uma.PendingRequestsService, org.forgerock.openam.uma.audit
WebServices
Web services security (WSS), STS, Identity Services com.sun.identity.liberty.ws.paos, com.sun.identity.liberty.ws.common, com.sun.identity.policy.plugins.WebServicesClients, com.sun.identity.liberty.ws.soapbinding, com.sun.identity.authentication.spi.WSSReplayPasswd
amUpgrade
Upgrade framework com.sun.identity.sm.ServiceSchemaModifications, org.forgerock.openam.upgrade, com.sun.identity.common.configuration.ServerConfiguration, com.sun.identity.config.upgrade, com.sun.identity.security.cert.AMCRLStore
-
To set the logging level for all loggers that output to a particular appender:
-
Select the name of the appender from the Appender drop-down list.
-
Select the debug level from the Level drop-down list.
-
Click Apply.
-
-
To set the logging level for a class or package:
-
Select the name of the individual logger from the Logger drop-down list, or select the global
ROOT
logger to set the level for all loggers.The current debug level is shown in the Level field.
Scripts that create debug messages have their own logger that’s created after the script has executed at least once.
The name of the logger has the format:
scripts.<context>.<uuid>.(<name>)
.For example,
scripts.OIDC_CLAIMS.36863ffb-40ec-48b9-94b1-9a99f71cc3b5.(OIDC Claims Script)
. -
Select a new debug level from the Level drop-down list.
-
Click Apply.
When you apply any changes to the logger settings , a
Logger settings updated
message is shown at the top of theLogback.jsp
page.Changes made in
Logback.jsp
apply immediately, but are not permanently stored. Restarting AM or the container in which it runs will reset the levels to defaults.You can configure the default settings that will be applied when AM starts up. Refer to Change the startup debug settings.
-
-
As soon as you have reproduced the problem you are investigating, return to the
Logback.jsp
page and revert the logger levels to the previous settings, to avoid filling up disk space.
Persistent debug logging with logback.xml
Debug logging can be enabled and persisted in AM by configuring a logback.xml
file.
This file describes
the classes for which to capture debug messages, and the destination, or appender, where the output is stored.
For more information about configuring Logback, refer to Logback configuration in the Logback Documentation.
Configure basic debug logging
Follow these steps to configure basic persistent debug logging in AM, using a logback.xml
file:
-
Create a
logback.xml
file in the AM classpath, for example in/path/to/tomcat/webapps/openam/WEB-INF/classes/
.To view or use an existing file with example loggers and appenders, place the following
logback.xml
in your classpath and set the paths for your environment.Example
logback.xml
<configuration> <!-- amUpgrade --> <appender name="amUpgrade" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/amUpgrade</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="com.sun.identity.sm.ServiceSchemaModifications" level="Error" > <appender-ref ref="amUpgrade"/> </logger> <logger name="com.sun.identity.common.configuration.ServerConfiguration" level="Error" > <appender-ref ref="amUpgrade"/> </logger> <logger name="com.sun.identity.wsfederation.plugins.DefaultIDPAccountMapper" level="Error" > <appender-ref ref="amUpgrade"/> </logger> <logger name="com.sun.identity.saml2.plugins.DefaultIDPAccountMapper" level="Error" > <appender-ref ref="amUpgrade"/> </logger> <logger name="com.sun.identity.config.upgrade" level="Error" > <appender-ref ref="amUpgrade"/> </logger> <logger name="com.sun.identity.saml2.plugins.DefaultLibrarySPAccountMapper" level="Error" > <appender-ref ref="amUpgrade"/> </logger> <logger name="com.sun.identity.wsfederation.plugins.DefaultADFSPartnerAccountMapper" level="Error" > <appender-ref ref="amUpgrade"/> </logger> <logger name="com.sun.identity.wsfederation.plugins.DefaultIDPAttributeMapper" level="Error" > <appender-ref ref="amUpgrade"/> </logger> <logger name="org.forgerock.openam.upgrade" level="Error" > <appender-ref ref="amUpgrade"/> </logger> <logger name="com.sun.identity.wsfederation.plugins.DefaultSPAttributeMapper" level="Error" > <appender-ref ref="amUpgrade"/> </logger> <logger name="com.sun.identity.saml2.plugins.DefaultSPAccountMapper" level="Error" > <appender-ref ref="amUpgrade"/> </logger> <logger name="com.sun.identity.saml2.plugins.DefaultLibraryIDPAttributeMapper" level="Error" > <appender-ref ref="amUpgrade"/> </logger> <logger name="com.sun.identity.security.cert.AMCRLStore" level="Error" > <appender-ref ref="amUpgrade"/> </logger> <logger name="com.sun.identity.saml2.plugins.DefaultSPAttributeMapper" level="Error" > <appender-ref ref="amUpgrade"/> </logger> <logger name="com.sun.identity.wsfederation.plugins.DefaultLibrarySPAccountMapper" level="Error" > <appender-ref ref="amUpgrade"/> </logger> <!-- Authentication --> <appender name="Authentication" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/Authentication</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="com.sun.identity.authentication.spi.AMLoginModule" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.core.rest.authn.callbackhandlers" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.spi.AMAuthCallBackImpl" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.service.AuthContextLookup" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.util" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.authentication.service.LoginContextFactory" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.server.AuthContextLocal" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.service.AMAccountLockout" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.service.LoginState" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.UI.LoginViewBean" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.client" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.core.rest.authn.trees" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.spi.FirstTimeLogin" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.auth" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.authentication.service.SessionPropertyUpgrader" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.UI.AuthExceptionViewBean" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.spi.ReplayPasswd" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.config" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.share" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.authentication.SessionUpgradeVerifier" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.service.DSAMECallbackHandler" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.spi.AMModuleProperties" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.utils.MappingUtils" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.UI.AuthenticationServletBase" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.service.AuthenticationPrincipalDataRetrieverFactory" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.UI.LogoutViewBean" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.iplanet.security" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.internal" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.AuthContext" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.policy.plugins.AuthenticatedSharedAgents" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.ldap.LDAPAuthUtils" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.UI.AuthViewBeanBase" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.authentication.modules" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.iplanet.services.cdm" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.authentication.service.AuthUtilsWrapper" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.policy.plugins.AuthenticatedAgents" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.spi.JwtReplayPassword" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.policy.plugins.AllowedAgents" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.service.AuthenticationServiceAttributeCache" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.jaas" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.service.AuthD" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.core.rest.authn.core" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.scripting.api" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.common.ISAccountLockout" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.core.rest.authn.RestAuthCallbackHandlerFactory" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.core.rest.authn.RestAuthCallbackHandlerManager" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.webhook" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.iplanet.services.cdc" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.modules" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.authentication.service.AuthUtils" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="com.sun.identity.policy.plugins.AuthenticatedSharedAgentsCondition" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.authentication.service.JAASModuleDetector" level="Error" > <appender-ref ref="Authentication"/> </logger> <logger name="org.forgerock.openam.core.rest.authn.RestAuthenticationHandler" level="Error" > <appender-ref ref="Authentication"/> </logger> <!-- Configuration --> <appender name="Configuration" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/Configuration</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="com.sun.identity.sm.ServiceSchemaManager" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.iplanet.services.ldap.event.EventService" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.SMSSchema" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.tools" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.SMSUtils" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.common.configuration.ServerConfigXMLObserver" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.ServiceSchema" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.delegation" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.OrganizationConfigManager" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.ldap" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.SMSNotificationManager" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.PluginSchema" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.AttributeValidator" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.ServiceConfigManagerImpl" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.ServiceConfigImpl" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.SMSPropertiesObserver" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.OrganizationConfigManagerImpl" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.AuthenticationServiceNameProviderImpl" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="org.forgerock.openam.xui.XUIFilter" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.ServiceSchemaImpl" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.setup" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.AttributeSchemaState" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.ServiceInstanceImpl" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="org.forgerock.openam.auditors" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.workflow" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.ServiceConfigManager" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="org.forgerock.openam.sm.validation" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.common.configuration.SessionSiteNames" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.ServiceConfig" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.SMServlet" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.ServiceManager" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.common.configuration.ServerPropertyValidator" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.SMSEntry" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.PluginConfig" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="org.forgerock.openam.utils.OpenAMSettingsImpl" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.jaxrpc" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.DNMapper" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.SMSException" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.SMSEventListenerManager" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="org.forgerock.openam.utils.MapHelper" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.ServiceInstance" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.config.util" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.CachedSubEntries" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.PluginConfigImpl" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.authentication.service.ConfiguredSocialAuthServices" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.ServiceSchemaManagerImpl" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.CachedSMSEntry" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.CreateServiceConfig" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.AttributeSchema" level="Error" > <appender-ref ref="Configuration"/> </logger> <logger name="com.sun.identity.sm.PluginSchemaImpl" level="Error" > <appender-ref ref="Configuration"/> </logger> <!-- CoreSystem --> <appender name="CoreSystem" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/CoreSystem</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="com.sun.identity.monitoring" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.saml2.idpdiscovery" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.security.cert.CRLValidator" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.xacml.v3.rest" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.SelfServiceUserUiRolePredicate" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.cts" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.sm.datalayer.impl.ldap.LdapSearchHandler" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.security" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.plugin.monitoring.impl" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.sm.datalayer.providers" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.zaxxer.hikari" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.uma.UmaUserUiRolePredicate" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.common.RequestUtils" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.entitlement.rest.SubjectAttributesResourceV1" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.services.baseurl" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.IdentityRestUtils" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.UserGroupsResource" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.oauth2.rest" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.authentication.UI.taglib" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.docs" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.log" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.AllAuthenticatedUsersResource" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.utils.WhitelistObjectInputStream" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.dashboard" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.common.SystemTimerPool" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.session.AnyOfAuthzModule" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.rest" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.sms" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.common.admin" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.shared.resourcename" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.security.AdminTokenAction" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.uma.rest.UmaPolicyResourceAuthzFilter" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.shared.concurrency" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.session.SessionResourcePrivilegeAuthzModule" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.entitlement.rest.ResourceTypesResource" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.uma.rest.UmaPolicyServiceImpl" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.entitlement.rest.DecisionCombinersResource" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.common.HttpURLConnectionManager" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutor" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.network.ipv4.IPv4AddressRange" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.audit" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.audit" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.common.DNUtils" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.utils.IPRange" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.services.RestSecurity" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.IdentityResourceV4" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.IdentityResourceV3" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.security.SecurityDebug" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.backstage" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.server" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.utils.ClientUtils" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.IdentityResourceV2" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.entitlement.rest.ApplicationV1Filter" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.IdentityResourceV1" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.devices" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.entitlement.rest.ApplicationsResource" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.policy.util.Gateway" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.shared.jaxrpc" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.forgerockrest" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.iplanet.am.util" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.iplanet.services.comm" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.authn.AuditHelper" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.sm.datalayer.impl.PooledTaskExecutor" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.ldap.LdifUtils" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.session.action.LogoutByHandleActionHandler" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.sm.datalayer.impl.ldap.LdapQueryBuilder" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.shared.search" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.entitlement.rest.SubjectTypesResource" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.shared.encode.CookieUtils" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.iplanet.services.naming" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.cors" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.idsvcs" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.jaxrpc" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.http" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.shared.guice" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.utils.AMKeyProvider" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.utils.AuthLevelUtils" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.shared.security.whitelist" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.notifications" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.policy.util.GatewayServletUtils" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.sms" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.blacklist" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.common.configuration.AgentConfiguration" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.entitlement.rest.ApplicationTypesResource" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.monitoring" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.common.ResourceLookup" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.entitlement.rest.PolicyV1Filter" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.authentication.server.AuthXMLRequestParser" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.entitlement.rest.wrappers" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.security.cert.AMCertStore" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.sm.datalayer.impl.SimpleTaskExecutor" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.shared.locale" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.shared.whitelist" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.sm.datalayer.impl.ldap.CTSDJLDAPv3PersistentSearch" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.protocol" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.scripting.rest" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.entitlement.rest.ConditionTypesResource" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.core.rest.record" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.security.cert.AMCertPath" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="org.forgerock.openam.utils.ServiceConfigUtils" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <logger name="com.sun.identity.authentication.server.AuthXMLRequest" level="Error" > <appender-ref ref="CoreSystem"/> </logger> <!-- Embedded --> <appender name="Embedded" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/Embedded</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="org.forgerock.opendj" level="Error" > <appender-ref ref="Embedded"/> </logger> <logger name="com.forgerock.opendj" level="Error" > <appender-ref ref="Embedded"/> </logger> <logger name="com.forgerock.opendj.ldap.config" level="Error" > <appender-ref ref="Embedded"/> </logger> <logger name="org.opends" level="Error" > <appender-ref ref="Embedded"/> </logger> <!-- Federation --> <appender name="Federation" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/Federation</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="com.sun.identity.wsfederation.profile" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.servlet" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.plugins.SAML2PluginsUtils" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.plugin.datastore" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.logging" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.protocol" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.common" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.plugins.DefaultAccountMapper" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="org.forgerock.openam.federation" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.wsfederation.plugins.whitelist" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.profile" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.plugins.SAML2IDPProxyFRImpl" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.wsfederation.key" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.multiprotocol" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.plugins.SAML2IDPProxyImpl" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.wsfederation.servlet" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.xacml" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.plugin.monitoring.MonitorManager" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.wsfederation.plugins.DefaultAccountMapper" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.plugins.DefaultAttributeMapper" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.wsfederation.plugins.DefaultAttributeMapper" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="org.forgerock.openam.authentication.Saml2SessionUpgradeHandler" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.ecp" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="org.forgerock.openam.wsfederation" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.federation" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="org.forgerock.openam.saml2" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="jsp.saml2" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.plugin.log" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.wsfederation.meta" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.wsfederation.plugins.DefaultIDPAuthenticationMethodMapper" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.plugins.DefaultFedletAdapter" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.xmlenc" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.xmlsig" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.liberty.ws.security" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.plugin.session.SessionManager" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.plugin.session.impl.FMSessionProvider" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.key" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.wsfederation.logging" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.assertion" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.plugin.session.impl.FedletSessionProvider" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.meta" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.plugin.configuration" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.saml2.soapbinding" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.wsfederation.common" level="Error" > <appender-ref ref="Federation"/> </logger> <logger name="com.sun.identity.cot" level="Error" > <appender-ref ref="Federation"/> </logger> <!-- IdRepo --> <appender name="IdRepo" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/IdRepo</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="com.sun.identity.common.ISResourceBundle" level="Error" > <appender-ref ref="IdRepo"/> </logger> <logger name="com.iplanet.am.sdk" level="Error" > <appender-ref ref="IdRepo"/> </logger> <logger name="org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo" level="Error" > <appender-ref ref="IdRepo"/> </logger> <logger name="org.forgerock.openam.shared.security.crypto" level="Error" > <appender-ref ref="IdRepo"/> </logger> <logger name="com.iplanet.sso.SSOTokenManager" level="Error" > <appender-ref ref="IdRepo"/> </logger> <logger name="com.iplanet.services.ldap.DefaultDataStoreConfigurationManager" level="Error" > <appender-ref ref="IdRepo"/> </logger> <logger name="com.sun.identity.idm" level="Error" > <appender-ref ref="IdRepo"/> </logger> <logger name="org.forgerock.openam.idrepo.ldap.helpers.DirectoryHelper" level="Error" > <appender-ref ref="IdRepo"/> </logger> <logger name="com.sun.identity.shared.encode.Hash" level="Error" > <appender-ref ref="IdRepo"/> </logger> <logger name="org.forgerock.openam.core.realms" level="Error" > <appender-ref ref="IdRepo"/> </logger> <logger name="org.forgerock.openam.shared.security.ThreadLocalSecureRandom" level="Error" > <appender-ref ref="IdRepo"/> </logger> <logger name="com.iplanet.services.ldap.event.LDAPv3PersistentSearch" level="Error" > <appender-ref ref="IdRepo"/> </logger> <logger name="org.forgerock.openam.idrepo.ldap.psearch" level="Error" > <appender-ref ref="IdRepo"/> </logger> <logger name="com.sun.identity.security.ServerInstanceAction" level="Error" > <appender-ref ref="IdRepo"/> </logger> <logger name="org.forgerock.openam.identity" level="Error" > <appender-ref ref="IdRepo"/> </logger> <logger name="org.forgerock.openam.ldap.LDAPUtils" level="Error" > <appender-ref ref="IdRepo"/> </logger> <!-- OAuth2Provider --> <appender name="OAuth2Provider" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/OAuth2Provider</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="org.forgerock.openam.oauth2.OpenAMClientRegistrationStore" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.secrets" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openidconnect" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.resources.ResourceSetLabelRegistration" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.OAuth2GlobalSettings" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.OpenAMClientRegistration" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.ciba" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.requesturis" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.OAuth2AuditLogger" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.token" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.IdentityManager" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.IgAgentClientRegistration" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.jwks" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.oauth2" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.utils.RealmNormaliser" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.AgentClientRegistration" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.ClientCredentialsReader" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.remoteconsent" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.OpenAMScopeValidator" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <logger name="org.forgerock.openam.oauth2.OAuth2Monitor" level="Error" > <appender-ref ref="OAuth2Provider"/> </logger> <!-- OpenDJ-SDK --> <appender name="OpenDJ-SDK" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/OpenDJ-SDK</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="org.forgerock.opendj.ldif" level="Error" > <appender-ref ref="OpenDJ-SDK"/> </logger> <logger name="org.forgerock.opendj.asn1" level="Error" > <appender-ref ref="OpenDJ-SDK"/> </logger> <logger name="com.forgerock.opendj.util" level="Error" > <appender-ref ref="OpenDJ-SDK"/> </logger> <logger name="com.forgerock.opendj.ldap" level="Error" > <appender-ref ref="OpenDJ-SDK"/> </logger> <logger name="org.forgerock.opendj.ldap" level="Error" > <appender-ref ref="OpenDJ-SDK"/> </logger> <logger name="org.forgerock.opendj.util" level="Error" > <appender-ref ref="OpenDJ-SDK"/> </logger> <!-- Plugins --> <appender name="Plugins" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/Plugins</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="org.forgerock.openam.plugins" level="Error" > <appender-ref ref="Plugins"/> </logger> <!-- Policy --> <appender name="Policy" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/Policy</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="com.sun.identity.policy.PolicyManager" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.Organization" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.SharedSubject" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.ActionDecision" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.ResourceManager" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.IDRepoResponseProvider" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.AuthSchemeCondition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.LEAuthLevelCondition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.PolicyCache" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.PolicyDecision" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.entitlement.monitoring" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.ProxyPolicyEvaluatorFactory" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.Rule" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.ResourceComparatorValidator" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.IPCondition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.PolicyContinuousListener" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.ProxyPolicyEvaluator" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.remote" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.ValidationErrorHandler" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.entitlement.rest.EntitlementsExceptionMappingHandler" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.network.ipv6" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.Subjects" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.PeerOrgReferral" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.Policy" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.ActionSchema" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.idrepo.ldap.helpers.ADHelper" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.entitlement.configuration" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.SubOrgReferral" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.AuthenticateToRealmCondition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.entitlement.indextree" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.LDAPRoles" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.SubjectEvaluationCache" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.uma.rest.UserPolicyResource" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.OrgReferral" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.LDAPUsers" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.UserSelfCheckCondition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.ResponseProviderTypeManager" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.LDAPFilterCondition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.SimpleTimeCondition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.ResponseProviders" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.xacml.v3.resources" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.PolicyUtils" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.SessionCondition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.entitlement.CachingEntitlementCondition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.AMIdentitySubject" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.Referrals" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.ResourceIndexManager" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.AuthLevelCondition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.LDAPConnectionPools" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.AuthenticateToServiceCondition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.AuthRoleCondition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.AMIdentityMembershipCondition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.entitlement" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.PolicyEvaluatorFactory" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.SessionPropertyCondition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.entitlement.PolicyConstants" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.PolicyEvaluator" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.ServiceTypeManager" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.ServiceType" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.ResourceResult" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.ResourceEnvIPCondition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.entitlement.conditions" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.ConditionTypeManager" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.PolicyConfig" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.plugins.LDAPGroups" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.network.ipv4.IPv4Condition" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.SubjectTypeManager" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.entitlement.utils" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.util.PolicyDecisionUtils" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.entitlement.PolicySetNotificationConsumer" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.Conditions" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV2" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="com.sun.identity.policy.ReferralTypeManager" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.entitlement.rest.PolicyResource" level="Error" > <appender-ref ref="Policy"/> </logger> <logger name="org.forgerock.openam.entitlement.rest.JsonPolicyParser" level="Error" > <appender-ref ref="Policy"/> </logger> <!-- Push --> <appender name="Push" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/Push</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="org.forgerock.openam.services.push" level="Error" > <appender-ref ref="Push"/> </logger> <!-- Radius --> <appender name="Radius" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/Radius</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="org.forgerock.openam.radius" level="Error" > <appender-ref ref="Radius"/> </logger> <!-- Session --> <appender name="Session" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/Session</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="org.forgerock.openam.core.rest.session.action.SetPropertyActionHandler" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.core.rest.session.action.GetPropertyActionHandler" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.core.rest.session.SessionResource" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="com.sun.identity.sm.ServerIDValidator" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.cts" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.core.rest.session.action.LogoutActionHandler" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.dpro" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="com.iplanet.sso.providers" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.core.rest.session.action.ValidateActionHandler" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.core.rest.session.action.GetSessionPropertiesActionHandler" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.session" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.sm.datalayer.impl.ldap.ExternalLdapConfig" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.core.rest.session.action.UpdateSessionPropertiesActionHandler" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.core.rest.session.SSOTokenPartialSessionFactory" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.sm.SMSConfigurationFactory" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutorThread" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="com.iplanet.dpro" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="com.sun.identity.plugin.session.impl.FMSessionNotification" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.core.rest.session.action.GetPropertyNamesActionHandler" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.core.rest.session.SessionResourceUtil" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.core.rest.session.SessionResourceV2" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="com.sun.identity.sm.SiteIDValidator" level="Error" > <appender-ref ref="Session"/> </logger> <logger name="org.forgerock.openam.core.rest.session.action.DeletePropertyActionHandler" level="Error" > <appender-ref ref="Session"/> </logger> <!-- UmaProvider --> <appender name="UmaProvider" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/UmaProvider</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="org.forgerock.openam.oauth2.AccessTokenProtectionFilter" level="Error" > <appender-ref ref="UmaProvider"/> </logger> <logger name="org.forgerock.openam.uma.UmaSettingsImpl" level="Error" > <appender-ref ref="UmaProvider"/> </logger> <logger name="org.forgerock.openam.uma.PendingRequestEmailTemplate" level="Error" > <appender-ref ref="UmaProvider"/> </logger> <logger name="org.forgerock.openam.uma.rest.UmaPolicyApplicationListener" level="Error" > <appender-ref ref="UmaProvider"/> </logger> <logger name="org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook" level="Error" > <appender-ref ref="UmaProvider"/> </logger> <logger name="org.forgerock.openam.oauth2.resources.labels" level="Error" > <appender-ref ref="UmaProvider"/> </logger> <logger name="org.forgerock.openam.uma.UmaProviderSettingsImpl" level="Error" > <appender-ref ref="UmaProvider"/> </logger> <logger name="org.forgerock.openam.uma.UmaGrantTypeHandler" level="Error" > <appender-ref ref="UmaProvider"/> </logger> <logger name="org.forgerock.openam.uma.rest.UmaLabelResource" level="Error" > <appender-ref ref="UmaProvider"/> </logger> <logger name="org.forgerock.openam.uma.PendingRequestsService" level="Error" > <appender-ref ref="UmaProvider"/> </logger> <logger name="org.forgerock.openam.uma.audit" level="Error" > <appender-ref ref="UmaProvider"/> </logger> <!-- WebServices --> <appender name="WebServices" class="ch.qos.logback.core.FileAppender"> <file>/path/to/debug/WebServices</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="com.sun.identity.liberty.ws.paos" level="Error" > <appender-ref ref="WebServices"/> </logger> <logger name="com.sun.identity.liberty.ws.common" level="Error" > <appender-ref ref="WebServices"/> </logger> <logger name="com.sun.identity.policy.plugins.WebServicesClients" level="Error" > <appender-ref ref="WebServices"/> </logger> <logger name="com.sun.identity.liberty.ws.soapbinding" level="Error" > <appender-ref ref="WebServices"/> </logger> <logger name="com.sun.identity.authentication.spi.WSSReplayPasswd" level="Error" > <appender-ref ref="WebServices"/> </logger> <!-- OtherLogging rotation created so that ROOT could be set without outputting same debug to all files --> <appender name="OtherLogging" class="ch.qos.logback.core.rolling.RollingFileAppender"> <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> <file>/path/to/debug/OtherLogging</file> <fileNamePattern>/path/to/debug/OtherLogging.%d{yyyy-MM-dd}-%i</fileNamePattern> <maxFileSize>1GB</maxFileSize> </rollingPolicy> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <root level="Error"> <appender-ref ref="OtherLogging" /> </root> </configuration>
Download
logback.xml
. -
In your empty
logback.xml
file, add a top-level element calledconfiguration
.For example:
<configuration> </configuration>
This element will contain the configuration of the loggers and appenders, added in later steps.
-
To instruct AM to periodically check the
logback.xml
file for changes, and apply them to the running instance, add both ascan
and ascanPeriod
attribute to the<configuration>
element. For example:<configuration scan="true" scanPeriod="30 seconds"> </configuration>
If AM is not configured to scan the
logback.xml
file for changes, you’ll need to restart the instance in order to pick up any changes.You can set the
scanPeriod
attribute to a longer time period, for example one hour, so that you don’t have to restart a running system when you need to alter the debugging level.For more information, refer to Automatically reloading configuration file upon modification in the Logback Documentation.
-
To troubleshoot issues when configuring debug logging using the
logback.xml
file, add adebug
attribute, set totrue
, to the<configuration>
element. For example:<configuration debug="true"> </configuration>
AM records debug logging status information to the default log file for the container in which it’s running. For example, in Tomcat, status messages about the configuration of logback are recorded in the
Catalina.out
file.For more information, refer to Status data in the Logback Documentation.
-
-
Define one or more appenders in the
<configuration>
element.The following example appender logs messages to a file named
debug.out
in the default AM debug directory:<configuration> <appender name="DEBUG.OUT" class="ch.qos.logback.core.FileAppender"> <file>openam/var/debug/debug.out</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> </configuration>
The pattern in the above example creates debug log entries that are identical to the output produced by previous versions of AM, including the transaction ID to aid with tracking events as they occur throughout the system.
You can also define an appender that uses the JsonLayout class to include the transaction ID automatically. Refer to Format log files for details.
-
Define one or more loggers in the
<configuration>
element.Loggers specify which classes to capture debug messages from, including any sub-classes. They also specify the level of debug information to capture, and which appender is used to store the output.
This example logger applies the
Debug
level to thescripts.OIDC_CLAIMS.36863ffb-40ec-48b9-94b1-9a99f71cc3b5.(OIDC Claims Script)
. Note that script loggers are only created after the script has executed at least once. The output is recorded in the file specified in thedebug.out
appender, created in an earlier step:<configuration> <appender name="DEBUG.OUT" class="ch.qos.logback.core.FileAppender"> <file>openam/var/debug/debug.out</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="scripts.OIDC_CLAIMS.36863ffb-40ec-48b9-94b1-9a99f71cc3b5.(OIDC Claims Script)" level="Debug" > <appender-ref ref="DEBUG.OUT" /> </logger> </configuration>
-
Define a single
<root>
catch-all element in the<configuration>
element, to specify the global logging level for all classes that don’t match any of the loggers defined in thelogback.xml
file.<configuration> <appender name="DEBUG.OUT" class="ch.qos.logback.core.FileAppender"> <file>openam/var/debug/debug.out</file> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender> <logger name="scripts.OIDC_CLAIMS.36863ffb-40ec-48b9-94b1-9a99f71cc3b5.(OIDC Claims Script)" level="Debug" > <appender-ref ref="DEBUG.OUT" /> </logger> <root level="Error"> <appender-ref ref="DEBUG.OUT" /> </root> </configuration>
-
Save your changes.
The changes are applied the next time you restart AM, or the container in which it runs.
If you are editing an existing
logback.xml
that AM has already loaded, and contains thescan="true"
attribute, you do not need to reboot.Instead, wait for the amount of time specified in the
scanPeriod
attribute, and the new configuration will be loaded into AM. -
To verify that the configuration from the
logback.xml
file has loaded, go to theLogback.jsp
file, for example athttps://openam.example.com:8443/openam/Logback.jsp
, which reflects the configuration found:Note that any changes made in the
Logback.jsp
are temporary, and are not persisted to thelogback.xml
file.
Output to stdout
Configure logback.xml
to send logging to standard output.
For example, for Apache Tomcat deployments, console output is typically redirected to the Tomcat logging file, catalina.out
.
This example configuration captures all debug-level logging using the default <root>
element,
and redirects it to the STDOUT appender:
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> (1)
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<root level="Debug"> (2)
<appender-ref ref="STDOUT" />
</root>
</configuration>
-
To configure this example, create the following elements:
1 An <appender>
that uses thech.qos.logback.core.ConsoleAppender
class.2 A <logger>
, or a<root>
element as shown here, referencing the STDOUT appender. -
Save your changes as described in Configure basic debug logging.
-
Check that debug logging is now output to stdout. For example:
tail -f $TOMCAT_HOME/logs/catalina.out
Output to multiple locations
You can direct debug logging to more than one output location by defining multiple appenders and loggers. Note that you can only define at most one root element.
This example defines loggers for the com.sun.identity.sm.ServiceInstance
and org.forgerock.openam.utils.MapHelper
classes that output debug logging to file using the DEBUG.OUT appender.
All warning-level logging is also directed to standard output using the STDOUT appender.
<configuration>
<appender name="DEBUG.OUT" class="ch.qos.logback.core.FileAppender"> (1)
<file>openam/var/debug/debug.out</file>
<encoder>
<pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern>
</encoder>
</appender>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> (2)
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<logger name="com.sun.identity.sm.ServiceInstance" level="Debug"> (3)
<appender-ref ref="DEBUG.OUT" />
</logger>
<logger name="org.forgerock.openam.utils.MapHelper" level="Debug"> (3)
<appender-ref ref="DEBUG.OUT" />
</logger>
<root level="Warning"> (4)
<appender-ref ref="STDOUT" />
</root>
</configuration>
-
To configure this example, create the following elements:
1 An <appender>
that uses thech.qos.logback.core.FileAppender
class.2 An <appender>
that uses thech.qos.logback.core.ConsoleAppender
class.3 A <logger>
for each script, referencing the DEBUG.OUT appender.4 A <logger>
, or a<root>
element as shown here, referencing the STDOUT appender. -
Save and verify your changes as described in Configure basic debug logging.
Format log files
The org.forgerock.openam.logback.JsonLayout
class extends Logback JSON layout
functionality by adding the transaction ID to the JSON output.
This example shows how you can include the JsonLayout class to format your log files:
<appender name="JSON" class="ch.qos.logback.core.rolling.RollingFileAppender"> (1)
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>openam/var/debug/debugLog.%d{yyyy_MM_dd}.json</fileNamePattern>
<maxHistory>7</maxHistory>
</rollingPolicy>
<encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder"> (2)
<layout class="org.forgerock.openam.logback.JsonLayout"> (3)
<jsonFormatter class="ch.qos.logback.contrib.jackson.JacksonJsonFormatter"> (4)
<prettyPrint>true</prettyPrint>
</jsonFormatter>
<timestampFormat>yyyy-MM-dd' 'HH:mm:ss.SSS</timestampFormat>
<appendLineSeparator>true</appendLineSeparator>
</layout>
</encoder>
</appender>
-
To configure this example, create the following elements:
1 An <appender>
that uses thech.qos.logback.core.rolling.RollingFileAppender
class.2 An <encoder>
that uses thech.qos.logback.core.encoder.LayoutWrappingEncoder
class.3 A <layout>
element that uses theorg.forgerock.openam.logback.JsonLayout
class.4 A <jsonFormatter>
element that uses thech.qos.logback.contrib.jackson.JacksonJsonFormatter
class. -
Save and verify your changes as described in Configure basic debug logging.
The use of the JsonLayout class results in the addition of a
transactionId
at the top level of the log entry.For example:
{ "timestamp" : "2022-07-28 15:39:44.562", "level" : "DEBUG", "thread" : "http-nio-8080-exec-6", "mdc" : { "transactionId" : "eb0664cc-4615-461e-973a-64a1fc4f659a-34695" }, "logger" : "org.forgerock.openam.rest.restAuthenticationFilter", "message" : "OpenAM SSO Token Session Module has successfully authenticated the client", "context" : "default", "transactionId" : "eb0664cc-4615-461e-973a-64a1fc4f659a-34695" }
Rotate debug logs
Logback provides built-in support for a number of log file rotation schemes, including time- and-size based rotation.
If you have configured AM with a logback.xml
file, you can configure log file rotation in the appenders,
as follows:
-
In the
<configuration>
element, create an appender that uses thech.qos.logback.core.rolling.RollingFileAppender
class, for example:<appender name="DAILYLOG" class="ch.qos.logback.core.rolling.RollingFileAppender"> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender>
Within the appender, specify whether to rotate based on time, and optionally also size, as follows:
-
To rotate the log files based only on time, add a
<rollingPolicy>
element to the appender, which uses thech.qos.logback.core.rolling.TimeBasedRollingPolicy
class.Include a
<fileNamePattern>
element that defines when the log files should roll over, and the naming convention.For example, the following appender rolls the log file over at midnight each day, and includes the date in the filename:
<appender name="DAILYLOG" class="ch.qos.logback.core.rolling.RollingFileAppender"> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> <fileNamePattern>openam/var/debug/dailyLog.%d{yyyy-MM-dd}.log</fileNamePattern> </rollingPolicy> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender>
-
To rotate the log files based on both time and size, add a
<rollingPolicy>
element to the appender, which uses thech.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy
class.Include a
<fileNamePattern>
element that defines when the log files should roll over, and where the counter for rolling over based on size occurs, specified by including%i
. You must also include a<maxFileSize>
element to define the maximum size of the log files.For example, the following appender rolls the log file over at midnight each day, but earlier if the file reaches 2 gigabytes in size, and includes the date in the filename:
<appender name="DAILYLOG2GB" class="ch.qos.logback.core.rolling.RollingFileAppender"> <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> <fileNamePattern>openam/var/debug/dailyLog2GB.%d{yyyy-MM-dd}-%i.log</fileNamePattern> <maxFileSize>2GB</maxFileSize> </rollingPolicy> <encoder> <pattern>%lo{5}: %d{ISO8601}: Thread[%t]: TransactionId[%X{transactionId}]%n%level: %m%n%ex</pattern> </encoder> </appender>
-
-
Save and verify your changes as described in Configure basic debug logging.
Debug log files will roll over each night, and also if they reach the 2GB size limit. The file names will contain the date, and a counter to signify the order in which they were written.
Change the startup debug settings
You can configure the settings that are applied when AM starts up
and there is no logback.xml
file present.
The settings specified as defaults will be reflected in the Logback.jsp
file,
for example at https://openam.example.com:8443/openam/Logback.jsp
.
However, they will not override the configuration contained with a custom logback.xml
file.
Set the default debug level
These steps set the default debug level used by all loggers, when AM starts up:
-
In the AM admin UI, go to Deployment > Servers > Server Name > General > Debugging.
-
Select an option from the Debug Level field.
The default level for debug logging is
Error
. This level is appropriate for normal production operations, in which case no debug log messages are expected.Setting the debug log level to
Warning
increases the volume of messages. Setting the debug log level toMessage
dumps detailed trace messages.Unless told to do so by qualified support personnel, do not use
Warning
orMessage
levels as a default in production. Instead, set the levels on a per-class basis. -
Save your changes.
Changes are applied immediately.
Set the default debug directory
These steps set the default directory used to store debug log files:
-
In the AM admin UI, go to Deployment > Servers > Server Name > General > Debugging.
-
Enter a directory in which to store log files in the Debug Directory field.
The default value is as follows:
-
Unix/Linux
-
Windows
%BASE_DIR%/var/debug
BASE_DIR
is the local PingAM configuration directory; for example/path/to/openam
.%BASE_DIR%\var\debug
BASE_DIR
is the local PingAM configuration directory; for example\path\to\openam
.Make sure that the specified folder can be written to by the account that is running AM or the container in which it runs.
-
-
Save your changes.
The changes are applied the next time you restart AM, or the container in which it runs.
Combine log messages in a single file
These steps log all debug messages to a single debug.out
file:
-
In the AM admin UI, go to Deployment > Servers > Server Name > General > Debugging.
-
Set the Merge Debug Files property to
On
. -
Save your changes.
Changes are applied immediately.
All debug log messages will be written to a single debug file named
debug.out
. The file will be located in the directory specified in the Debug Directory property. Refer to Set the default debug directory.