Logging of Login Authentication Messages
If you have configured your authentication settings but still experience problems when trying to log in, you can use CentraSite's log files to analyze the problem. Some log file entries contain information about authentication problems in general, whereas other log file entries contain information about authentication problems related to individual CentraSite components.
You can activate the authentication logging by configuring the options in the CentraSite login context of jaas.config file. The options in the jaas.config file allow you to make the following changes:
Switch authentication logging on or off for all
CentraSite components.
Specify the depth of logging required.
The CentraSite login context consists of one or more modules. Each individual module is defined by a specification. For example, you might specify a single login module LDAPLoginModule like the example shown below:
com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule ...
You can specify arbitrary login modules. For example:
com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule
com.softwareag.security.jaas.login.internal.InternalLoginModule
Options for activating the logging can be added to login modules: The available logging options are:
useLog. Specify
true to switch logging on, or
false to switch logging off.
logLevel. Specify the level of logging information required. Possible values are:
error - log only error messages
info - log error and information messages
debug - log all messages with additional debug information
logFile. Specify the path and file name of the log file.
We recommend that you specify the logging options to the first occurrence of the above login modules.
Open the file, jaas.config, in a rich text editor. You can find the file in the directory <Software AG_directory>/profiles/CTP/configuration.
Example: To activate a SIN logging:
CentraSite {
com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule required
useLog="true"
logFile="/opt/softwareag/profiles/CTP/logs/sin-SAG-LDAP.log"
logLevel="DEBUG"
domain="SAG"
alias="SAG"
applyDomain="true"
url="ldap://daeqarh01.eur.ad.sag:10389"
prin="cn=LdapUser4CSAdmin,ou=people,ou=gdm,o=sag"
cred="manage"
usecaching="false"
useaf="true"
dnprefix="cn="
dnsuffix=",ou=people,ou=gdm,o=sag"
userrootdn="ou=people,ou=gdm,o=sag"
uidprop="cn"
personobjclass="inetOrgPerson"
mattr="uniqueMember"
memberinfoingroups="true"
grouprootdn="ou=groups,ou=gdm,o=sag"
gidprop="cn"
groupobjclass="groupOfUniqueNames"
creategroups="true"
createGroupProperties="true"
createUserProperties="true";
};
This configuration creates a log file: /opt/softwareag/profiles/CTP/logs/sin-SAG-LDAP.log
The log shows whether login attempts are successful or not, and indicates the user domain where CentraSite attempted to find the login user information, for example:
...Authenticator (<domain>, ...) was created successfully
...login of user <username> (domain: <domain>) was successful.
If the authentication was not successful, a message such as the following is displayed:
Login of user <username> (host: <hostname>, port:<portnumber>) failed.