This document details on ways of troubleshooting SIN.
The information is organized under the following headings:
When you install CentraSite on a network file system (NFS) which is mapped to the local one, the local policies do not allow access rights, such as root or setuid to the remote installation. As a result, the sagssxauthd2 executable does not work properly despite the properly configured root and setuid rights.
To resolve the issues with the remote
sagssxauthd2 executables
Copy the sagssxauthd2 executable on the local file system.
Set its root and setuid rights.
To use the sagssxauthd2 on the remote installation of CentraSite, you must replace the remote executable files in the corresponding directories with symbolic hyperlinks that point to the locally copied executable.
SIN uses the log4j package for logging data.
Ensure that the log4j logging level for
com.softwareag.security is set to DEBUG. If this does
not help you to solve the problem yourself, contact Software AG Customer
Support.
To set the log level in log4j using the property
style file:
Use the following:
# Set log level for package com.softwareag.security to DEBUG: log4j.logger.com.softwareag.security=DEBUG
To set the log level in log4j using the XML
file:
Use the following:
<logger name="com.softwareag.security">
<level value="DEBUG"/>
</logger>
You can configure Security Infrastructure login modules to log information into an external file on the file system.
Note:
It is recommended to use these logging settings to resolve only
severe issues or system crashes. These logging settings have impact on the
system performance and if you configure the system to log information
constantly this leads to reduced overall performance.
To switch on logging, you must include the following properties into the properties list of the first login module of the stack in the login context (JAAS configuration):
useLog="true"
logLevel="debug"
logFile="<path_to_the_log_file>"
Thus, you enable DEBUG severity logging on all modules that are included in the JAAS configuration context. The result file contains the entire debug information generated during the login process, role management and user repository management.
When you specify the path to the log file, make sure that the directory is not write-protected for the user who executes the Java Virtual Machine. On Unix based operating systems it is recommended to use /tmp directory.
It is recommended that you switch off the logging after you collect sufficient information about the issues. If you do not change these logging settings, the system keeps logging information in the file which leads to greater file size and reduced overall performance. Alternatively, instead of configuring external logging on Security Infrastructure, you can also check the system logging.
SIN uses JAAS to determine which LoginModules to
call. The configuration of the JAAS environment may be done by a configuration
file that is located in the conf directory in the standard
installation.
To verify the JAAS configuration
Check the file to verify that all paths and URL in it are valid.
For UNIX platforms, check if the path to the ssx auth daemon is correct and if the executable it points to has the S-bit set.
CentraSite uses the PluggableUI LoginContext.
Ensure that it is set up correctly.
If the previous steps did not help you to solve your issues with a web application using SIN for authentication and role management, install the testjaas web application.
To verify the JAAS configuration using the
Testjaas web application
Download testjaas.war from the Software AG Community Website > Suite Downloads at http://techcommunity.softwareag.com/ecosystem/communities/public/webmethods/products/suite/downloads/.
Install the testjaas.war in your Software AG Runtime webapps.
Point your browser to
http://yourhost:yourport/testjaas/testjaas and save the output in a
file. You can manually verify the working of the different
LoginContexts by pointing your browser to
http://yourhost:yourport/testjaas/InputForm.html and by providing
the LoginContext and the logon credentials.
Save the output in a file.
Send the saved files to Software AG Customer Support.
If things are still not working for you, send the following information to Software AG Customer Support:
The jaas.config file
The output of the log4j that is set to DEBUG
logging level for com.softwareag.security
The output of the test servlet if this is applicable for your case.