Genero SAML log file

The Genero SAML Single sign-on (SSO) implementation produces a log file that helps to identify issues.

The log file of the Genero SAML implementation is called SAML.log and is located in $FGLDIR/web_utilities/saml/bin by default. This log file contains all incoming and outgoing requests. It can help to debug SAML issues.

Standard information regarding access and errors are logged by default.

You can specify the level of detail recorded to the log with the -debug category option of the SAML server program. There are two categories that can be logged individually or together:
  • MSG - Standard information regarding access and errors. By default, only access and error information are logged.
  • DEBUG - Traces the entire process of single sign-on (SSO).

To add debugging information to SAML.log, modify SAMLServiceProvider.xcf to include the -debug DEBUG option in the command defined by the MODULE element. You can also specify a different location for the log file in the -logPath option, but be aware that the path you set must exist; otherwise, the log file is not created.

In the following example line breaks are added for readability:

<APPLICATION Parent="ws.default" >
  <RESOURCE Id="res.saml.db" Source="INTERNAL"/>
  <EXECUTION>
    <ENVIRONMENT_VARIABLE Id="FGLPROFILE" Concat="APPEND">
        $(res.path.fgldir.services)/saml/res/fglprofile
        $(res.path.separator)$(res.path.fgldir.services)/saml/res/configuration
    </ENVIRONMENT_VARIABLE>
    <PATH>$(res.path.fgldir.services)/saml/bin</PATH>
    <MODULE>SAMLServer -logPath $(res.appdata.path) -debug DEBUG</MODULE>
    <POOL>
      <START>0</START>
      <MIN_AVAILABLE>0</MIN_AVAILABLE>
      <MAX_AVAILABLE>10</MAX_AVAILABLE>
    </POOL>          
  </EXECUTION>    
</APPLICATION>
Note: Logging is based on the FGL ERRORLOG() function. As several instances of the same SAML server can write to a single log file, the PID of the server is written to the log file as well.