Version 9.5 SP1
 —  Reference Guide to SIN  —

Troubleshooting

This document details on ways of troubleshooting SIN.

The information is organized under the following headings:


Troubleshooting Integrated Authentication Framework

Top of page

Troubleshooting sagssxauthd2

When you install CentraSite on a network file system (NFS) which is mapped to the local one, the local policies do not allow access rights, such as root or setuid to the remote installation. As a result, the sagssxauthd2 executable does not work properly despite the properly configured root and setuid rights.

Start of instruction setTo resolve the issues with the remote sagssxauthd2 executables

  1. Copy the sagssxauthd2 executable on the local file system.

  2. Set its root and setuid rights.

  3. To use the sagssxauthd2 on the remote installation of CentraSite, you must replace the remote executable files in the corresponding directories with symbolic hyperlinks that point to the locally copied executable.

Top of page

Turning on SIN Logging

SIN uses the log4j package for logging data. Ensure that the log4j logging level for com.softwareag.security is set to DEBUG. If this does not help you to solve the problem yourself, contact Software AG Customer Support.

Start of instruction setTo set the log level in log4j using the property style file:

Start of instruction setTo set the log level in log4j using the XML file:

You can configure Security Infrastructure login modules to log information into an external file on the file system.

Note:
It is recommended to use these logging settings to resolve only severe issues or system crashes. These logging settings have impact on the system performance and if you configure the system to log information constantly this leads to reduced overall performance.

To switch on logging, you must include the following properties into the properties list of the first login module of the stack in the login context (JAAS configuration):

useLog="true"
logLevel="debug"
logFile="<path_to_the_log_file>"

Thus, you enable DEBUG severity logging on all modules that are included in the JAAS configuration context. The result file contains the entire debug information generated during the login process, role management and user repository management.

When you specify the path to the log file, make sure that the directory is not write-protected for the user who executes the Java Virtual Machine. On Unix based operating systems it is recommended to use /tmp directory.

It is recommended that you switch off the logging after you collect sufficient information about the issues. If you do not change these logging settings, the system keeps logging information in the file which leads to greater file size and reduced overall performance. Alternatively, instead of configuring external logging on Security Infrastructure, you can also check the system logging.

Top of page

Using a Specific log4j for Logging Information

Setting the log4j configuration can be tricky in an Apache context. Tomcat uses log4j but it is possible you deploy other web applications that also use log4j configuration files. Usually, the log4j of the web application that is loaded first is the one that is used. In such cases, you must configure your system to use a specific log4j configuration.

Following is a sample development scenario that is valid for webMethods products (for example, CentraSite):

Start of instruction setTo use a specific log4j configuration

  1. Provide the log4j you want to use.

    For example, use the following:

    <?xml version="1.0" encoding="UTF-8" ?>
    <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
    
    <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
    
      <appender name="Console" class="org.apache.log4j.ConsoleAppender"> 
        <param name="Target" value="System.out"/> 
        <layout class="org.apache.log4j.PatternLayout"> 
          <param name="ConversionPattern" value="%d{ABSOLUTE} [%t] %-5p %c %x - %m%n"/> 
        </layout> 
      </appender> 
    
      <root> 
        <priority value ="INFO" /> 
        <appender-ref ref="Console" /> 
      </root>
      
      <!-- Infos for the security - set level to DEBUG if needed. -->
      <logger name="com.softwareag.security">
        <level value="DEBUG"/> 
      </logger>
      
    </log4j:configuration>
    
    
  2. Put the file in your Tomcat installation directory under common/classes.

  3. Modify the path names to the log directories according to your installation.

  4. Search in your Tomcat webapps to see if there are log4j.xml configuration files you do not need.

  5. Rename them temporarily.

  6. Restart Tomcat.

Note:
Debug logging takes time and fills your log files. Remember to switch the logging level back to INFO once you are done.

Top of page

Verifying the JAAS Configuration in Tomcat

SIN uses JAAS to determine which LoginModules to call. The configuration of the JAAS environment may be done by a configuration file that is located in the conf directory in the standard installation.

Start of instruction setTo verify the JAAS configuration

  1. Check the file to verify that all paths and URL in it are valid.

  2. For UNIX platforms, check if the path to the ssx auth daemon is correct and if the executable it points to has the S-bit set.

  3. CentraSite uses the PluggableUI LoginContext. Ensure that it is set up correctly.

Top of page

Running the Test Servlet

If the previous steps did not help you to solve your issues with a web application using SIN for authentication and role management, install the testjaas web application.

Start of instruction setTo verify the JAAS configuration using the Testjaas web application

  1. Download testjaas.war from the Software AG Community Website > Suite Downloads at http://techcommunity.softwareag.com/ecosystem/communities/public/webmethods/products/suite/downloads/.

  2. Install the testjaas.war in your tomcat webapps.

  3. Point your browser to http://yourhost:yourport/testjaas/testjaas and save the output in a file. You can manually verify the working of the different LoginContexts by pointing your browser to http://yourhost:yourport/testjaas/InputForm.html and by providing the LoginContext and the logon credentials.

  4. Save the output in a file.

  5. Send the saved files to Software AG Customer Support.

Top of page

If All Other Things Fail...

If things are still not working for you, send the following information to Software AG Customer Support:

Top of page