SSO Trace Log rule set

The rules in the Trace Log rule set build an SSO trace log entry and write it to the SSO trace log file. The trace log is more detailed than the access log and is intended for debugging the SSO feature.

Note: The Trace Log rule set is disabled by default. When you enable trace logging, we recommend that you set the log level to Full. To locate the log level setting, select PolicySettingsEnginesSingle Sign OnDefaultAdvanced Settings.
Nested library rule set – Trace Log
Criteria – Always
Cycles – Requests (and IM), Responses, Embedded Objects

This rule set contains the following rules.

Web reporter timestamp

Rule element Definition
Criteria Always
Action Continue
Events Set User-Defined.logLine = DateTime.ToWebReporterString

This rule sets the SSO trace log entry equal to the date and time stamp in Web Reporter format.

Add all sso attributes

Rule element Definition
Criteria Always
Action Continue
Events

Set User-Defined.logLine = User-Defined.logLine

 + " '"

 + JSON.ToString (SSO.LogAttributes)

 + "'"

This rule adds the SSO log attributes in string format to the existing SSO trace log entry.

Add firstline for outward requests

Rule element Definition
Criteria JSON.AsBool (JSON.GetByName (SSO.LogAttributes, "outward")) equals true
Action Continue
Events

Set User-Defined.logLine = User-Defined.logLine

 + " '"

 + Request.Header.FirstLine

 + "'"

If the SSO request is handled by an external web server, this rule adds the first line of the request header to the SSO trace log entry.

Add firstline

Rule element Definition
Criteria Always
Action Continue
Events

Set User-Defined.logLine = User-Defined.logLine

 + " '"

 + Request.Header.FirstLine

 + "'"

This rule is disabled by default. When enabled, it adds the first line of the SSO request header to the SSO trace log entry for external and internal requests.

Write sso_trace.log

Rule element Definition
Criteria Always
Action Continue
Events FileSystemLogging.WriteLogEntry (User-Defined.logLine)<SSO Trace Log>

This rule writes the SSO trace log entry to the SSO trace log file. To open and configure the file system log settings, click <SSO Trace Log>.