Activating the Authentication Logging
The logging of authentication messages is controlled by properties you can set in the CentraSitemodule in the file jaas.config.
The CentraSitemodule consists of one or more actions, and each action introduced by a specification such as:
com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule ...
This is the top-level authentication component, and any logging properties that you specify here apply to the logging for all SIN authentication components that the login module applies to. Note that the logging properties need only be applied to the first occurring login module.
The properties that you can specify for the top-level SIN component are:
useLog. Specify
true to switch logging on, or
false to switch logging off.
logLevel. Specify the level of logging information required. Possible values are:
error - log only error messages
info - log error and information messages
debug - log all messages with additional debug information
logFile. Specify the path and file name of the log file.
The properties that you can specify for the individual authentication components are:
nativeLogLevel. Specify the level of logging information required. You can specify a number from 0 to 6, with 6 providing the most logging information and 0 the least.
nativeLogFile. Specify the path and file name of the log file.
Here is an example showing logging switched on for SIN and SSX:
CentraSite {
com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule required
useLog="true"
logFile="/opt/softwareag/profiles/CTP/logs/sin-SAG-LDAP.log"
logLevel="DEBUG"
domain="SAG"
alias="SAG"
applyDomain="true"
url="ldap://daeqarh01.eur.ad.sag:10389"
prin="cn=LdapUser4CSAdmin,ou=people,ou=gdm,o=sag"
cred="manage"
usecaching="false"
useaf="true"
dnprefix="cn="
dnsuffix=",ou=people,ou=gdm,o=sag"
userrootdn="ou=people,ou=gdm,o=sag"
uidprop="cn"
personobjclass="inetOrgPerson"
mattr="uniqueMember"
memberinfoingroups="true"
grouprootdn="ou=groups,ou=gdm,o=sag"
gidprop="cn"
groupobjclass="groupOfUniqueNames"
creategroups="true"
createGroupProperties="true"
createUserProperties="true";
};
This configuration creates the log file: /opt/softwareag/profiles/CTP/logs/sin-SAG-LDAP.log
The log shows whether login attempts are successful or not, and indicates the user domain where CentraSiteattempted to find the login user credentials, for example:
...Authenticator (<domain>, ...) was created successfully
...login of user <username> (domain: <domain>) was successful.
If the authentication was not successful, a message such as the following is displayed:
Login of user <username> (host: <hostname>, port:<portnumber>) failed.