Version 9.7
 —  Reference Guide to SIN  —

Troubleshooting

This document details on ways of troubleshooting SIN.

The information is organized under the following headings:


Troubleshooting sagssxauthd2

When you install CentraSite on a network file system (NFS) which is mapped to the local one, the local policies do not allow access rights, such as root or setuid to the remote installation. As a result, the sagssxauthd2 executable does not work properly despite the properly configured root and setuid rights.

Start of instruction setTo resolve the issues with the remote sagssxauthd2 executables

  1. Copy the sagssxauthd2 executable on the local file system.

  2. Set its root and setuid rights.

  3. To use the sagssxauthd2 on the remote installation of CentraSite, you must replace the remote executable files in the corresponding directories with symbolic hyperlinks that point to the locally copied executable.

Top of page

Turning on SIN Logging

SIN uses the log4j package for logging data. Ensure that the log4j logging level for com.softwareag.security is set to DEBUG. If this does not help you to solve the problem yourself, contact Software AG Customer Support.

Start of instruction setTo set the log level in log4j using the property style file:

Start of instruction setTo set the log level in log4j using the XML file:

You can configure Security Infrastructure login modules to log information into an external file on the file system.

Note:
It is recommended to use these logging settings to resolve only severe issues or system crashes. These logging settings have impact on the system performance and if you configure the system to log information constantly this leads to reduced overall performance.

To switch on logging, you must include the following properties into the properties list of the first login module of the stack in the login context (JAAS configuration):

useLog="true"
logLevel="debug"
logFile="<path_to_the_log_file>"

Thus, you enable DEBUG severity logging on all modules that are included in the JAAS configuration context. The result file contains the entire debug information generated during the login process, role management and user repository management.

When you specify the path to the log file, make sure that the directory is not write-protected for the user who executes the Java Virtual Machine. On Unix based operating systems it is recommended to use /tmp directory.

It is recommended that you switch off the logging after you collect sufficient information about the issues. If you do not change these logging settings, the system keeps logging information in the file which leads to greater file size and reduced overall performance. Alternatively, instead of configuring external logging on Security Infrastructure, you can also check the system logging.

Top of page

Verifying the JAAS Configuration in Software AG Runtime

SIN uses JAAS to determine which LoginModules to call. The configuration of the JAAS environment may be done by a configuration file that is located in the conf directory in the standard installation.

Start of instruction setTo verify the JAAS configuration

  1. Check the file to verify that all paths and URL in it are valid.

  2. For UNIX platforms, check if the path to the ssx auth daemon is correct and if the executable it points to has the S-bit set.

  3. CentraSite uses the PluggableUI LoginContext. Ensure that it is set up correctly.

Top of page

Running the Test Servlet

If the previous steps did not help you to solve your issues with a web application using SIN for authentication and role management, install the testjaas web application.

Start of instruction setTo verify the JAAS configuration using the Testjaas web application

  1. Download testjaas.war from the Software AG Community Website > Suite Downloads at http://techcommunity.softwareag.com/ecosystem/communities/public/webmethods/products/suite/downloads/.

  2. Install the testjaas.war in your Software AG Runtime webapps.

  3. Point your browser to http://yourhost:yourport/testjaas/testjaas and save the output in a file. You can manually verify the working of the different LoginContexts by pointing your browser to http://yourhost:yourport/testjaas/InputForm.html and by providing the LoginContext and the logon credentials.

  4. Save the output in a file.

  5. Send the saved files to Software AG Customer Support.

Top of page

If All Other Things Fail...

If things are still not working for you, send the following information to Software AG Customer Support:

Top of page