Blog Viewer

Tech Tip - CA Single Sign-On:Policy Server:Custom Authentication scheme Debug Logging

By Ujwol posted Aug 25, 2016 02:18 AM



How to enable debug logging for custom authentication scheme?


Policy Server Version : R12.0SP3 and above


There are couple of ways to enable debug logging for Java based custom authentication scheme.


Option 1: Write the debug log into Policy Server Trace logs

For this, you can simply call SmAuthenticationContext.getAPIContext().trace() API from your Custom Authentication scheme as below :


void logInPSTrace(SmAuthenticationContext context, String msg) {
//Log message into Policy Server Trace Log
context.getAPIContext().trace(getClass().getSimpleName(), "AuthApiSample:: ['" + msg +"']");


and use Policy server trace profiler something like this :

components: AgentFunc, Server, IsProtected, Login_Logout, IsAuthorized,

Tunnel_Service, JavaAPI, Directory_Access, ODBC, LDAP, IdentityMinder, TXM, Fed_Server


data: Date, PreciseTime, Realm, Rule, Policy, AuthStatus, AuthReason, User,

Action, Resource, Directory, ErrorValue, ErrorString, AgentName, Message,

Data, SrcFile, Pid, Tid, PreciseTime, Function, ReturnValue, Group, Domain,

AgentType, TransactionID, ObjectClass, DomainOID, SearchKey, ObjectOID,

Property, IPAddr, IPPort, AuthScheme, CertSerial, SubjectDN, IssuerDN,

SessionSpec, SessionID, CertDistPt, UserDN, RealmOID, State, ClusterID,

HandleCount, FreeHandleCount, BusyHandleCount, ResponseTime, Throughput,

MaxThroughput, MinThroughput, Threshold, TransactionName, HexadecimalData,

Query, ActiveExpr, CallDetail


Sample Policy Server trace log :


[08/25/2016][15:48:50.300][15:48:50][3420][3232][SmAuthUser.cpp:700][ServerTrace][][][][][][][][][][][][][][][][][][][][AuthApiSample:: ['Authenticating User']][AuthApiSample: AuthApiSample:: ['Authenticating User']][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[08/25/2016][15:48:50.300][15:48:50][3420][3232][SmAuthUser.cpp:700][ServerTrace][][][][][][][][][][][][][][][][][][][][AuthApiSample:: ['User Successfully Authenticated']][AuthApiSample: AuthApiSample:: ['User Successfully Authenticated']][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]



Option 2 : Write the debug log into a separate log file using java.util.logging.Logger. 


Step 1: Configure java util logging using file located at  : <PS_Install_directory>/config/properties as below:

handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler

.level= ALL


# default file output is in user's home directory.
java.util.logging.FileHandler.pattern = C:/Program Files (x86)/CA/siteminder/log/javafile.log
java.util.logging.FileHandler.limit = 50000
java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.SimpleFormatter


Step 2 : Initialize java util logging and invoke the log method from the custom authentication scheme as below :

//Initialize logger

private static Logger theLogger =


//Logger method to log the debug message

void logInJavaUtilLogger(String msg) {
//Log message into JavaUtil Logger
theLogger.fine("AuthApiSample::FileLogger::"+ msg);


//Invoke Logger Log method

 logInJavaUtilLogger("User Successfully Authenticated :"+context.getUserCredentialsContext().getUserName());


Sample log using java.util.logging.logger:


Aug 25, 2016 3:48:50 PM com.netegrity.sdk.javaauthapi.AuthApiSample log
FINE: AuthApiSample::FileLogger::Authenticating User
Aug 25, 2016 3:48:50 PM com.netegrity.sdk.javaauthapi.AuthApiSample log
FINE: AuthApiSample::FileLogger::User Successfully Authenticated



  • Sample
  • Sample Custom Authentication scheme utilizing both the above option to log debug message. 


Additional Information: