How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I add logging to server-side scripts in AM (All versions)?

Last updated Apr 13, 2021

The purpose of this article is to provide information on adding logging to server-side scripts in AM. You may want to add logging to troubleshoot a script that is not behaving as expected or desired.


1 reader recommends this article

Background information

The Scripting API in AM uses the logger object to log debug messages from scripts to the AM debug logs. Debug logging in scripts is not enabled by default; you must enable it by setting the debug log level for the amScript service.

Debug log messages from scripts are logged to the following AM debug logs depending on the type of script:

Script type Log file
Authentication Authentication
Policy Condition Entitlement
OIDC claims OAuth2Provider
OAuth 2.0 Access Tokens (AM 6.5 and later) OAuth2Provider

The available logger methods that can be used are detailed in: Getting Started with Scripting › Debug Logging.

Logging in scripts (AM 7 and later)

AM 7 uses Logback for configuration of debug logging. Any scripts that create debug messages have their own logger, which is only created after the script has executed at least once.

See Maintenance Guide › To Temporarily Enable Debug Logging with Logback.jsp for further information.

Logging in scripts (Pre-AM 7)

This example shows how you would output an error message in the Authentication log for an authentication-related script. The log level selected and the log level specified in the script should match, else a message will not be output.

  1. Set the required debug level for the amScript service by navigating to the Debug.jsp page, for example: http://host1.example.com:8080/openam/Debug.jsp and setting the following fields:
    • Select the Authentication debug file from the Category field.
    • Select Scripting from the Debug instances field.
    • Select Error from the Level field.
  2. Click Submit to change the debug level.
  3. Update your script to include the required logger code. You can either do this via the Console or the REST API depending on how you manage your scripts. For example, you could add the following to the script you want to debug:  logger.error("Test error message logged for Authentication"); This message will output to the Authentication log when the script is run.

See Also

How do I create a script in AM (All versions) using Amster?

Getting Started with Scripting

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.