You can enable message level debugging in ssoadm as follows:
- Add the following JVM option to the ssoadm or ssoadm.bat script: -D"com.iplanet.services.debug.level=message" \
- Delete the contents of the /debug directory; the /debug directory is specified during the installation of the ssoadm administration tool. You can confirm which directory this is by checking the value of the following JVM option in the ssoadm or ssoadm.bat script: -D"com.iplanet.services.debug.directory=YOUR_DEBUG_FOLDER_PATH" \
- Re-attempt the ssoadm command that was causing issues to obtain more detailed debug information; this is logged to the /debug directory.
You can enable SSL debug logging by adding the following JVM option to the ssoadm or ssoadm.bat script:-D"javax.net.debug=SSL" \
SSL debugging information is output to the command line providing you access the configuration store and/or AM instance using a SSL/TLS secured connection.