/
Logging migration guide - SSO

Logging migration guide - SSO

Owned by John Jellema
2023-05-05
17 min read

This document highlights the differences between the logging solution since version 9.1 and before it, and offers some advises how to adapt to the new solution.

If you have not customised any logging features or implemented any tools for parsing the diagnostic logs, then the logging update provided will function similarly to prior releases with only simplifications in the location of the diagnostics logs for all applications installed on the same Tomcat server. Please ensure you review at least the Password reset and Password application sections as logging location and formatting has been updated.

Differences

The main differences between the new and old logging system are described below :

  • All SSO diagnostic log events by different web applications are written to the same log file and rotated on a daily basis

    • the file has been renamed from uas3_diag.<YYYY-MM-DD>.log to sso_diag.<YYYY-MM-DD>.log

  • In addition these log files are written to the ubilogin/logs folder and rotated on a daily basis

    • uas3_audit.<YYYY-MM-DD>.log - SSO authentication server audit log

      • events are created by default

      • no changes in v. 9.1

    • uas3_statistics.<YYYY-MM-DD>.log - Statistics log

    • management_audit.<YYYY-MM-DD>.log - Management audit log

    • password_audit.<YYYY-MM-DD>.log - Password applications audit log

  • Diagnostic level format has been slightly changed:

    • new column after the timestamp has been inserted and there the web application name producing the log event is printed, the name is one of the following

      • uas - SSO authentication server

      • ubilogin - SSO management UI

      • logviewer - SSO management UI Logviewer application

      • search - SSO management UI LDAP Search application

      • sso-api - SSO management API

      • totp - TOTP API

      • password - Password application

      • password-reset - Password reset application

      • cdc - Common Domain Cookie (CDC) discovery service

      • otpserver - OTP list server

    • next column used to be only a specific entry type from the predefined list (init, tech, environment, method etc.) but now it may print a fully qualified class name instead depending on the application or library producing the output

    • new column has been inserted to print the log level of the event

    • in case of sso-api originated log events the following columns have been added next

      • remote IP address of the caller

      • name of the authenticated user calling the API (sub)

    • the error message which is printed instead of the full stack trace in case of an exception contains more parts of the stack trace and is thus more verbose

Examples

Expand the elements below, by clicking the caret symbol, to see examples comparing the historical logging format and the updated logging format.

Before 9.1

Since 9.1

Before 9.1

Since 9.1

Old format

2022-09-30 07:49:31,398 tech ping: the system is alive

New format

2022-10-06 09:49:33,476 uas tech INFO ping: the system is alive

Applications printed startup events to various log files or did not print them at all - SSO diagnostic log sample (uas3_diag)

2022-09-30 07:49:28,163 init Ubilogin Authentication Server 9.0.0 starting
...
2022-09-30 07:49:31,304 init Ubilogin Authentication Server 9.0.0 started
2022-09-30 07:49:31,398 tech ping: the system is alive

All the applications are printing about their startup to the same SSO diagnostic log file (depends on the applications you have configured, and the order may vary)

2022-10-06 09:45:24,570 password init INFO Ubilogin Password 9.1.0 starting
...
2022-10-06 09:45:36,119 password init INFO Ubilogin Password 9.1.0 started

2022-10-06 09:45:55,937 sso-api init INFO ServletContainerApplication version 9.1.0 starting
...
2022-10-06 09:45:59,636 sso-api com.globalsign.iam.sso.api.message.ObjectMessageFeature INFO ObjectMessageFeature enabled

2022-10-06 09:46:17,067 cdc init INFO DiscoveryService starting
2022-10-06 09:46:17,097 cdc init INFO DiscoveryService started [cdc.cookie.domain= cdc.cookie.secure=true cdc.entityid.pattern=.* cdc.returnurl.pattern=^https?://.*$ cdc.p3p.policy=CP="CAO PSA OUR"]

2022-10-06 09:46:32,259 otpserver init INFO Ubilogin OTP Service 9.1.0 starting
...
2022-10-06 09:46:33,613 otpserver init INFO Ubilogin OTP Service 9.1.0 started

2022-10-06 09:46:45,089 search init INFO Ubilogin Search 9.1.0 started

2022-10-06 09:47:55,731 totp init INFO TOTP application 9.1.0 started

2022-10-06 09:48:19,934 ubilogin init INFO Ubilogin Server Management 9.1.0 started

2022-10-06 09:48:43,840 password-reset init INFO Ubilogin OTP Password Reset 9.1.0 starting
...
2022-10-06 09:48:52,556 password-reset init INFO Ubilogin OTP Password Reset 9.1.0 started

2022-10-06 09:49:17,632 uas init INFO Ubilogin Authentication Server 9.1.0 starting
...
2022-10-06 09:49:32,879 uas init INFO Ubilogin Authentication Server 9.1.0 started
2022-10-06 09:49:33,476 uas tech INFO ping: the system is alive

2022-10-06 09:49:41,382 logviewer init INFO Ubilogin Log Viewer 9.1.0 started

The old output (v 9.0.0)

2022-09-30 07:49:28,163 init Ubilogin Authentication Server 9.0.0 starting
2022-09-30 07:49:28,195 tech JLDAP: url=ldap://localhost/cn=Ubilogin,dc=localhost,servers=[ldap://localhost/cn=Ubilogin,dc=localhost],tls=false,confConnectTimeout=15000,confReadTimeout=15000,confMaxAge=120000,confAuthPool=8,failoverType=multi-master
2022-09-30 07:49:28,288 init Ubilogin Directory: ldap://localhost/cn=Ubilogin,dc=localhost: connected
2022-09-30 07:49:28,320 environment JVM Input Arguments:
...
2022-09-30 07:49:28,413 environment VersionInfo:
2022-09-30 07:49:28,445 environment activemq-client-5.17.1.jar
2022-09-30 07:49:28,445 environment animal-sniffer-annotations-1.17.jar
2022-09-30 07:49:28,445 environment bcmail-jdk15on-1.70.jar
2022-09-30 07:49:28,445 environment bcpkix-jdk15on-1.70.jar
2022-09-30 07:49:28,445 environment bcprov-jdk15on-1.70.jar
2022-09-30 07:49:28,445 environment bcutil-jdk15on-1.70.jar
2022-09-30 07:49:28,445 environment checker-qual-2.5.2.jar
2022-09-30 07:49:28,445 environment cid-model-6.0.0.jar 6.0.0
2022-09-30 07:49:28,445 environment cid-sso-adapter-6.0.0.jar 6.0.0
2022-09-30 07:49:28,445 environment cid-util-6.0.0.jar 6.0.0
2022-09-30 07:49:28,445 environment common-lcrypt-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment common-log4j-ubi-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment common-ubiutil-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment commons-codec-1.9.jar
2022-09-30 07:49:28,445 environment commons-compress-1.9.jar
2022-09-30 07:49:28,445 environment commons-dbutils-1.7.jar
2022-09-30 07:49:28,445 environment commons-io-2.11.0.jar
2022-09-30 07:49:28,445 environment commons-lang3-3.12.0.jar
2022-09-30 07:49:28,445 environment error_prone_annotations-2.2.0.jar
2022-09-30 07:49:28,445 environment failureaccess-1.0.jar
2022-09-30 07:49:28,445 environment geronimo-j2ee-management_1.1_spec-1.0.1.jar
2022-09-30 07:49:28,445 environment geronimo-jms_1.1_spec-1.1.1.jar
2022-09-30 07:49:28,445 environment gson-2.9.0.jar
2022-09-30 07:49:28,445 environment guava-27.0-jre.jar
2022-09-30 07:49:28,445 environment hawtbuf-1.11.jar
2022-09-30 07:49:28,445 environment ids-accounting-common-2.0.0.jar
2022-09-30 07:49:28,445 environment istack-commons-runtime-3.0.12.jar
2022-09-30 07:49:28,445 environment j2objc-annotations-1.1.jar
2022-09-30 07:49:28,445 environment jakarta.activation-2.0.1.jar
2022-09-30 07:49:28,445 environment jakarta.activation-api-1.2.2.jar
2022-09-30 07:49:28,445 environment jakarta.xml.bind-api-2.3.3.jar
2022-09-30 07:49:28,445 environment jakarta.xml.soap-api-2.0.1.jar
2022-09-30 07:49:28,445 environment javax.json-1.1.4.jar
2022-09-30 07:49:28,445 environment jaxb-runtime-2.3.6.jar
2022-09-30 07:49:28,445 environment jquery-3.6.0.jar
2022-09-30 07:49:28,445 environment json-20180813.jar
2022-09-30 07:49:28,445 environment json-simple-1.1.1.jar
2022-09-30 07:49:28,445 environment jsr305-3.0.2.jar
2022-09-30 07:49:28,445 environment jstl-api-1.2.jar
2022-09-30 07:49:28,445 environment jstl-impl-1.2.jar
2022-09-30 07:49:28,445 environment ldap-5.0.0.jar 5.0.0
2022-09-30 07:49:28,445 environment lettuce-core-5.3.7.RELEASE.jar
2022-09-30 07:49:28,445 environment listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
2022-09-30 07:49:28,445 environment log4j-1.2.17.jar
2022-09-30 07:49:28,445 environment netty-buffer-4.1.63.Final.jar
2022-09-30 07:49:28,445 environment netty-codec-4.1.63.Final.jar
2022-09-30 07:49:28,445 environment netty-common-4.1.63.Final.jar
2022-09-30 07:49:28,445 environment netty-handler-4.1.63.Final.jar
2022-09-30 07:49:28,445 environment netty-resolver-4.1.63.Final.jar
2022-09-30 07:49:28,445 environment netty-transport-4.1.63.Final.jar
2022-09-30 07:49:28,445 environment org.apache.oltu.oauth2.authzserver-1.0.2.jar
2022-09-30 07:49:28,445 environment org.apache.oltu.oauth2.client-1.0.2.jar
2022-09-30 07:49:28,445 environment org.apache.oltu.oauth2.common-1.0.2.jar
2022-09-30 07:49:28,445 environment org.apache.oltu.oauth2.resourceserver-1.0.2.jar
2022-09-30 07:49:28,445 environment reactive-streams-1.0.3.jar
2022-09-30 07:49:28,445 environment reactor-core-3.3.16.RELEASE.jar
2022-09-30 07:49:28,445 environment reload4j-1.2.19.jar
2022-09-30 07:49:28,445 environment saaj-impl-2.0.1.jar
2022-09-30 07:49:28,445 environment slf4j-api-1.7.36.jar
2022-09-30 07:49:28,445 environment slf4j-reload4j-1.7.36.jar
2022-09-30 07:49:28,445 environment sso-directory-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-directory-spi-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-etsimss-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-etsimss-jaxb-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-mepin-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-pkipolicy-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-restclient-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-session-manager-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-uas-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-uas-web-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-ubioauth2-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-ubiopenid-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-ubisaml2-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-ubisaml2-jaxb-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-ubiutil-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-ui-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment sso-ws-federation12-9.0.0.jar 9.0.0
2022-09-30 07:49:28,445 environment stax-ex-2.0.1.jar
2022-09-30 07:49:28,445 environment txw2-2.3.6.jar
2022-09-30 07:49:28,445 environment ubixmlsec-2.0.0.jar 2.0.0
2022-09-30 07:49:28,445 environment validation-api-2.0.1.Final.jar
2022-09-30 07:49:28,445 environment webjars-locator-core-0.30.jar
2022-09-30 07:49:28,445 environment webjars-taglib-0.3.jar
...
2022-09-30 07:49:28,507 environment Contents of KeyStore:
2022-09-30 07:49:28,507 environment No keystore defined
2022-09-30 07:49:28,976 init UbiloginKeyService: Updates to server keys detected at 2022-09-30T07:49:28.648Z
2022-09-30 07:49:28,976 init UbiloginKeyService: Found 1 key(s):
[enabled] [valid] CN=key-initial,OU=ServerKeyContainer,OU=System,CN=Ubilogin,DC=localhost (defaultKeyId="iZqmSdMDiIpWCBM6YW6blp-mnjg")
2022-09-30 07:49:28,976 init UbiloginKeyService: Signing key: CN=key-initial,OU=ServerKeyContainer,OU=System,CN=Ubilogin,DC=localhost
2022-09-30 07:49:28,976 init UbiloginKeyService: Decryption key(s) (1): [CN=key-initial,OU=ServerKeyContainer,OU=System,CN=Ubilogin,DC=localhost]
2022-09-30 07:49:28,976 init UbiloginKeyService: Published signature validation key(s) (1): [CN=key-initial,OU=ServerKeyContainer,OU=System,CN=Ubilogin,DC=localhost]
2022-09-30 07:49:28,976 init UbiloginKeyService: Published encryption key: CN=key-initial,OU=ServerKeyContainer,OU=System,CN=Ubilogin,DC=localhost
2022-09-30 07:49:29,601 init MessageQueueSender initialised with connection to Accounting Service broker URL: tcp://localhost:36161?connectionTimeout=10
2022-09-30 07:49:29,601 init UbiloginFactory: started
2022-09-30 07:49:29,601 init AuthenticationMethodAccess: started
...
2022-09-30 07:49:31,288 init AddressTracker: disabled
2022-09-30 07:49:31,304 init ScheduledLogLevelUpdater: started
2022-09-30 07:49:31,304 init Ubilogin Authentication Server 9.0.0 started

The output is basically the same except the format change

2022-10-06 09:49:17,632 uas init INFO Ubilogin Authentication Server 9.1.0 starting
2022-10-06 09:49:17,853 uas tech INFO JLDAP: url=ldap://ubilogin-directory:1389/cn=Ubilogin,dc=test,servers=[ldap://ubilogin-directory:1389/cn=Ubilogin,dc=test],tls=false,confConnectTimeout=15000,confReadTimeout=15000,confMaxAge=120000,confAuthPool=8,failoverType=multi-master
2022-10-06 09:49:18,588 uas init INFO Ubilogin Directory: ldap://ubilogin-directory:1389/cn=Ubilogin,dc=test: connected
2022-10-06 09:49:18,675 uas environment INFO JVM Input Arguments:
...
2022-10-06 09:49:19,024 uas environment INFO VersionInfo:
2022-10-06 09:49:19,095 uas environment INFO activemq-client-5.17.2.jar
2022-10-06 09:49:19,095 uas environment INFO animal-sniffer-annotations-1.17.jar
2022-10-06 09:49:19,095 uas environment INFO bcmail-jdk15on-1.70.jar
2022-10-06 09:49:19,095 uas environment INFO bcpkix-jdk15on-1.70.jar
2022-10-06 09:49:19,095 uas environment INFO bcprov-jdk15on-1.70.jar
2022-10-06 09:49:19,096 uas environment INFO bcutil-jdk15on-1.70.jar
2022-10-06 09:49:19,096 uas environment INFO checker-qual-2.5.2.jar
2022-10-06 09:49:19,096 uas environment INFO cid-model-5.9.1.jar 5.9.1
2022-10-06 09:49:19,096 uas environment INFO cid-sso-adapter-5.9.1.jar 5.9.1
2022-10-06 09:49:19,096 uas environment INFO cid-util-5.9.1.jar 5.9.1
2022-10-06 09:49:19,096 uas environment INFO common-lcrypt-9.0.1.jar 9.0.1
2022-10-06 09:49:19,096 uas environment INFO common-ubiutil-9.1.0.jar 9.1.0
2022-10-06 09:49:19,097 uas environment INFO commons-codec-1.9.jar
2022-10-06 09:49:19,097 uas environment INFO commons-compiler-3.1.8.jar
2022-10-06 09:49:19,097 uas environment INFO commons-compress-1.9.jar
2022-10-06 09:49:19,097 uas environment INFO commons-dbutils-1.7.jar
2022-10-06 09:49:19,097 uas environment INFO commons-io-2.11.0.jar
2022-10-06 09:49:19,097 uas environment INFO commons-jexl3-3.2.1.jar
2022-10-06 09:49:19,097 uas environment INFO commons-lang3-3.12.0.jar
2022-10-06 09:49:19,097 uas environment INFO commons-logging-1.2.jar
2022-10-06 09:49:19,098 uas environment INFO error_prone_annotations-2.2.0.jar
2022-10-06 09:49:19,098 uas environment INFO failureaccess-1.0.1.jar
2022-10-06 09:49:19,098 uas environment INFO geronimo-j2ee-management_1.1_spec-1.0.1.jar
2022-10-06 09:49:19,098 uas environment INFO geronimo-jms_1.1_spec-1.1.1.jar
2022-10-06 09:49:19,098 uas environment INFO gson-2.9.1.jar
2022-10-06 09:49:19,098 uas environment INFO guava-27.1-jre.jar
2022-10-06 09:49:19,098 uas environment INFO hawtbuf-1.11.jar
2022-10-06 09:49:19,098 uas environment INFO ids-accounting-common-2.1.0.jar
2022-10-06 09:49:19,099 uas environment INFO ids-common-logging-2.0.1.jar 2.0.1
2022-10-06 09:49:19,099 uas environment INFO istack-commons-runtime-3.0.12.jar
2022-10-06 09:49:19,099 uas environment INFO j2objc-annotations-1.1.jar
2022-10-06 09:49:19,099 uas environment INFO jakarta.activation-2.0.1.jar
2022-10-06 09:49:19,099 uas environment INFO jakarta.activation-api-1.2.2.jar
2022-10-06 09:49:19,099 uas environment INFO jakarta.xml.bind-api-2.3.3.jar
2022-10-06 09:49:19,099 uas environment INFO jakarta.xml.soap-api-2.0.1.jar
2022-10-06 09:49:19,099 uas environment INFO janino-3.1.8.jar
2022-10-06 09:49:19,099 uas environment INFO javax.json-1.1.4.jar
2022-10-06 09:49:19,100 uas environment INFO jaxb-runtime-2.3.6.jar
2022-10-06 09:49:19,100 uas environment INFO jquery-3.6.1.jar
2022-10-06 09:49:19,100 uas environment INFO json-20180813.jar
2022-10-06 09:49:19,100 uas environment INFO json-simple-1.1.1.jar
2022-10-06 09:49:19,100 uas environment INFO jsr305-3.0.2.jar
2022-10-06 09:49:19,100 uas environment INFO jstl-api-1.2.jar
2022-10-06 09:49:19,101 uas environment INFO jstl-impl-1.2.jar
2022-10-06 09:49:19,101 uas environment INFO ldap-5.0.1.jar 5.0.1
2022-10-06 09:49:19,101 uas environment INFO lettuce-core-5.3.7.RELEASE.jar
2022-10-06 09:49:19,101 uas environment INFO listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
2022-10-06 09:49:19,101 uas environment INFO logback-classic-1.2.11.jar
2022-10-06 09:49:19,102 uas environment INFO logback-core-1.2.11.jar
2022-10-06 09:49:19,102 uas environment INFO netty-buffer-4.1.63.Final.jar
2022-10-06 09:49:19,102 uas environment INFO netty-codec-4.1.63.Final.jar
2022-10-06 09:49:19,103 uas environment INFO netty-common-4.1.63.Final.jar
2022-10-06 09:49:19,103 uas environment INFO netty-handler-4.1.63.Final.jar
2022-10-06 09:49:19,103 uas environment INFO netty-resolver-4.1.63.Final.jar
2022-10-06 09:49:19,103 uas environment INFO netty-transport-4.1.63.Final.jar
2022-10-06 09:49:19,103 uas environment INFO org.apache.oltu.oauth2.authzserver-1.0.2.jar
2022-10-06 09:49:19,104 uas environment INFO org.apache.oltu.oauth2.client-1.0.2.jar
2022-10-06 09:49:19,104 uas environment INFO org.apache.oltu.oauth2.common-1.0.2.jar
2022-10-06 09:49:19,104 uas environment INFO org.apache.oltu.oauth2.resourceserver-1.0.2.jar
2022-10-06 09:49:19,105 uas environment INFO reactive-streams-1.0.3.jar
2022-10-06 09:49:19,105 uas environment INFO reactor-core-3.3.16.RELEASE.jar
2022-10-06 09:49:19,105 uas environment INFO saaj-impl-2.0.1.jar
2022-10-06 09:49:19,105 uas environment INFO slf4j-api-1.7.36.jar
2022-10-06 09:49:19,105 uas environment INFO sso-directory-9.1.0.jar 9.1.0
2022-10-06 09:49:19,105 uas environment INFO sso-directory-spi-9.1.0.jar 9.1.0
2022-10-06 09:49:19,106 uas environment INFO sso-etsimss-9.1.0.jar 9.1.0
2022-10-06 09:49:19,106 uas environment INFO sso-etsimss-jaxb-9.1.0.jar 9.1.0
2022-10-06 09:49:19,106 uas environment INFO sso-mepin-9.1.0.jar 9.1.0
2022-10-06 09:49:19,107 uas environment INFO sso-pkipolicy-9.1.0.jar 9.1.0
2022-10-06 09:49:19,107 uas environment INFO sso-restclient-9.1.0.jar 9.1.0
2022-10-06 09:49:19,107 uas environment INFO sso-session-manager-9.1.0.jar 9.1.0
2022-10-06 09:49:19,107 uas environment INFO sso-uas-9.1.0.jar 9.1.0
2022-10-06 09:49:19,107 uas environment INFO sso-uas-web-9.1.0.jar 9.1.0
2022-10-06 09:49:19,107 uas environment INFO sso-ubioauth2-9.1.0.jar 9.1.0
2022-10-06 09:49:19,107 uas environment INFO sso-ubiopenid-9.1.0.jar 9.1.0
2022-10-06 09:49:19,107 uas environment INFO sso-ubisaml2-9.1.0.jar 9.1.0
2022-10-06 09:49:19,107 uas environment INFO sso-ubisaml2-jaxb-9.1.0.jar 9.1.0
2022-10-06 09:49:19,107 uas environment INFO sso-ubiutil-9.1.0.jar 9.1.0
2022-10-06 09:49:19,107 uas environment INFO sso-ui-9.1.0.jar 9.1.0
2022-10-06 09:49:19,107 uas environment INFO sso-ws-federation12-9.1.0.jar 9.1.0
2022-10-06 09:49:19,107 uas environment INFO stax-ex-2.0.1.jar
2022-10-06 09:49:19,107 uas environment INFO txw2-2.3.6.jar
2022-10-06 09:49:19,109 uas environment INFO ubixmlsec-2.0.1.jar 2.0.1
2022-10-06 09:49:19,109 uas environment INFO validation-api-2.0.1.Final.jar
2022-10-06 09:49:19,110 uas environment INFO webjars-locator-core-0.30.jar
2022-10-06 09:49:19,110 uas environment INFO webjars-taglib-0.3.jar
...
2022-10-06 09:49:19,370 uas environment INFO Contents of KeyStore:
2022-10-06 09:49:19,370 uas environment INFO No keystore defined
2022-10-06 09:49:22,353 uas init INFO UbiloginKeyService: Updates to server keys detected at 2022-10-06T09:49:20.495Z
2022-10-06 09:49:22,354 uas init INFO UbiloginKeyService: Found 1 key(s):
[enabled] [valid] cn=key-initial,ou=ServerKeyContainer,ou=System,cn=Ubilogin,dc=test (defaultKeyId="iy3WH8ba0yg359j2AXJ6pPnKux4")
2022-10-06 09:49:22,354 uas init INFO UbiloginKeyService: Signing key: cn=key-initial,ou=ServerKeyContainer,ou=System,cn=Ubilogin,dc=test
2022-10-06 09:49:22,354 uas init INFO UbiloginKeyService: Decryption key(s) (1): [cn=key-initial,ou=ServerKeyContainer,ou=System,cn=Ubilogin,dc=test]
2022-10-06 09:49:22,354 uas init INFO UbiloginKeyService: Published signature validation key(s) (1): [cn=key-initial,ou=ServerKeyContainer,ou=System,cn=Ubilogin,dc=test]
2022-10-06 09:49:22,354 uas init INFO UbiloginKeyService: Published encryption key: cn=key-initial,ou=ServerKeyContainer,ou=System,cn=Ubilogin,dc=test
2022-10-06 09:49:23,871 uas init INFO MessageQueueSender initialised with connection to Accounting Service broker URL: tcp://ubisecure-accounting:36161?connectionTimeout=10
2022-10-06 09:49:23,871 uas init INFO UbiloginFactory: started
2022-10-06 09:49:23,872 uas init INFO AuthenticationMethodAccess: started
...
2022-10-06 09:49:32,878 uas init INFO AddressTracker: disabled
2022-10-06 09:49:32,879 uas init INFO ScheduledLogLevelUpdater: started
2022-10-06 09:49:32,879 uas init INFO Ubilogin Authentication Server 9.1.0 started

Applications printed stopped events to various log files or did not print them at all - SSO diagnostic log sample (uas3_diag)

2022-09-28 07:48:20,252 init Ubilogin Authentication Server 9.0.0 stopped

Most of the applications are printing about their stopping (depends on the applications you have configured, and the order may vary, TOTP API does not have a stopped message)

2022-10-07 12:05:38,624 password init INFO Ubilogin Password 9.1.0 stopped
2022-10-07 12:05:38,993 otpserver init INFO Ubilogin OTP Service 9.1.0 stopped
2022-10-07 12:05:39,351 ubilogin init INFO Ubilogin Server Management 9.1.0 stopped
2022-10-07 12:05:39,439 cdc init INFO DiscoveryService stopped
2022-10-07 12:05:39,559 logviewer init INFO Ubilogin Log Viewer 9.1.0 stopped
2022-10-07 12:05:39,676 search init INFO Ubilogin Search 9.1.0 stopped
2022-10-07 12:05:40,179 password-reset init INFO Ubilogin OTP Password Reset 9.1.0 stopped
2022-10-07 12:05:40,709 sso-api init INFO ServletContainerApplication version 9.1.0 stopped
2022-10-07 12:05:40,952 uas init INFO Ubilogin Authentication Server 9.1.0 stopped

SSO API used to have a dedicated log file name sso-api.log and specific log format.

10.0.2.2 cn=Administrator,ou=System,cn=Ubilogin,dc=localhost [2022-10-03T11:36:26,499] [INFO] application.AccessLog PUT /site/release-testing-site
10.0.2.2 cn=Administrator,ou=System,cn=Ubilogin,dc=localhost [2022-10-03T11:36:26,528] [INFO] application.AccessLog GET /site/release-testing-site
10.0.2.2 cn=Administrator,ou=System,cn=Ubilogin,dc=localhost [2022-10-03T11:36:26,558] [INFO] application.AccessLog PUT /method/release.testing.method
10.0.2.2 cn=Administrator,ou=System,cn=Ubilogin,dc=localhost [2022-10-03T11:36:26,567] [INFO] application.AccessLog GET /method/release.testing.method
10.0.2.2 cn=Administrator,ou=System,cn=Ubilogin,dc=localhost [2022-10-03T11:36:26,589] [INFO] application.AccessLog PUT /method/release.testing.method/$link/site/release-testing-site

SSO API log format has been unified with other SSO diagnostic log events but the IP and authenticated user name fields have been retained. The logger names are different in the new solution e.g. application.AccessLog => com.globalsign.iam.sso.api.resource.node.directory.AbstractDirectoryObjectLeaf (depends on the request).

2022-09-30 06:42:00,086 sso-api com.globalsign.iam.sso.api.resource.node.directory.AbstractDirectoryObjectLeaf INFO 10.0.2.2 cn=Administrator,ou=System,cn=Ubilogin,dc=localhost PUT /site/release-testing-site 2022-09-30 06:42:00,111 sso-api com.globalsign.iam.sso.api.resource.node.directory.AbstractDirectoryObjectLeaf INFO 10.0.2.2 cn=Administrator,ou=System,cn=Ubilogin,dc=localhost GET /site/release-testing-site 2022-09-30 06:42:00,190 sso-api com.globalsign.iam.sso.api.resource.node.directory.AbstractDirectoryObjectLeaf INFO 10.0.2.2 cn=Administrator,ou=System,cn=Ubilogin,dc=localhost PUT /method/release.testing.method 2022-09-30 06:42:00,197 sso-api com.globalsign.iam.sso.api.resource.node.directory.AbstractDirectoryObjectLeaf INFO 10.0.2.2 cn=Administrator,ou=System,cn=Ubilogin,dc=localhost GET /method/release.testing.method 2022-09-30 06:42:00,225 sso-api com.globalsign.iam.sso.api.resource.link.reference.AbstractReferenceLinkLeaf INFO 10.0.2.2 cn=Administrator,ou=System,cn=Ubilogin,dc=localhost PUT /method/release.testing.method/$link/site/release-testing-site

TOTP API used to have a dedicated log file name totp.log and specific log format.

2022-09-22 07:28:43.485 totp DEBUG ApiController: PUT
/api/v1/methods/non.existing.method called with
TotpMethodSettings(user=User(login=any.user, uniqueId=null), method=null,
enabled=null, secret=null, generateSecret=null)

TOTP API log format has been unified with other SSO diagnostic log events. Field order change and fully qualified class name instead of the simple class name

2022-09-23 08:31:13,473 totp com.ubisecure.sso.totp.api.ApiController DEBUG PUT
/api/v1/methods/non.existing.method called with
TotpMethodSettings(user=User(login=any.user, uniqueId=null), method=null,
enabled=null, secret=null, generateSecret=null)

Password Reset application log events were in the Tomcat log (catalina) and had a Tomcat specific format.

Oct 05, 2022 1:20:36 PM org.apache.catalina.core.ApplicationContext log
SEVERE: [WARN] password BeginResetServlet.prepareNextPhase(): error.account.not-found ; username=asko
com.ubisecure.ubilogin.directory.spi.StatusException: INVALID: NOTFOUND: javax.naming.NameNotFoundException
at com.ubisecure.ubilogin.directory.spi.ldap.UbiloginDirectory.findAccount(UbiloginDirectory.java:212)
at com.ubisecure.sso.password.reset.BeginResetServlet.prepareNextPhase(BeginResetServlet.java:77)
at com.ubisecure.sso.password.reset.ResetBaseServlet.doPost(ResetBaseServlet.java:159)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:681)
at com.ubisecure.sso.password.reset.ResetBaseServlet.service(ResetBaseServlet.java:325)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
...

Password Reset application log format has been unified with other SSO diagnostic log events. Stack traces are no more printed for exceptions unless DEBUG level has been specified.

2022-10-04 16:15:31,775 password-reset com.ubisecure.sso.password.reset.BeginResetServlet WARN BeginResetServlet.prepareNextPhase(): error.account.not-found ; username=asko INVALID: NOTFOUND: javax.naming.NameNotFoundException: com.ubisecure.ubilogin.directory.spi.StatusException: INVALID: NOTFOUND: javax.naming.NameNotFoundException: javax.naming.NameNotFoundException

 

Password Reset application audit events were in the Tomcat log (catalina) and had a Tomcat specific format.

Oct 05, 2022 5:25:38 PM org.apache.catalina.core.ApplicationContext log
INFO: [INFO] Audit 2022-10-05T14:25:38.518Z [127.0.0.1] mail-fail syste error.account.not-found
Oct 05, 2022 5:26:41 PM org.apache.catalina.core.ApplicationContext log
INFO: [INFO] Audit 2022-10-05T14:26:41.369Z [127.0.0.1] reset-success CN=Administrator,OU=System,CN=Ubilogin,DC=localhost

Password Reset application audit events are in password_audit.<YYYY-MM-DD>.log file with the intended audit event format.

2022-10-05T14:25:39.883Z [127.0.0.1] mail-fail syste error.account.not-found
2022-10-05T14:26:47.928Z [127.0.0.1] reset-success CN=Administrator,OU=System,CN=Ubilogin,DC=localhost

Password application log events were in the Tomcat log (catalina) and had a Tomcat specific format.

Oct 05, 2022 9:20:04 AM org.apache.catalina.core.ApplicationContext log
SEVERE: [WARN] password CredentialsChange.change
com.ubisecure.ubilogin.directory.spi.StatusException: INVALID: VALIDATE
at com.ubisecure.ubilogin.directory.spi.ldap.password.UbiloginDirectoryProtocol.validate(UbiloginDirectoryProtocol.java:51)
at com.ubisecure.ubilogin.directory.spi.ldap.password.UbiloginDirectoryProtocol.change(UbiloginDirectoryProtocol.java:60)
at com.ubisecure.ubilogin.directory.spi.ldap.UbiloginDirectoryPasswordChange.change(UbiloginDirectoryPasswordChange.java:96)
at com.ubisecure.ubilogin.password.change.ChangeServlet.doPost(ChangeServlet.java:204)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:681)
at com.ubisecure.ubilogin.password.ControllerServlet.service(ControllerServlet.java:82)
at com.ubisecure.ubilogin.password.change.ChangeServlet.service(ChangeServlet.java:65)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
...

Password application log format has been unified with other SSO diagnostic log events. Stack traces are no more printed for exceptions unless DEBUG level has been specified.

2022-10-04 16:15:31,775 password com.ubisecure.ubilogin.password.change.ChangeServlet WARN CredentialsChange.change INVALID: VALIDATE: com.ubisecure.ubilogin.directory.spi.StatusException: INVALID: VALIDATE

 

Password application audit events were in the Tomcat log (catalina) and had a Tomcat specific format.

Oct 05, 2022 9:18:28 AM org.apache.catalina.core.ApplicationContext log
INFO: [INFO] Audit 2022-10-05T06:18:28.977Z [127.0.0.1] login-success CN=Administrator,OU=System,CN=Ubilogin,DC=localhost
Oct 05, 2022 9:20:04 AM org.apache.catalina.core.ApplicationContext log
INFO: [INFO] Audit 2022-10-05T06:20:04.973Z [127.0.0.1] change-fail CN=Administrator,OU=System,CN=Ubilogin,DC=localhost com.ubisecure.ubilogin.directory.spi.StatusException: INVALID: VALIDATE
Oct 04, 2022 12:46:47 PM org.apache.catalina.core.ApplicationContext log
INFO: [INFO] Audit 2022-10-04T09:46:47.062Z [127.0.0.1] change-fail CN=Administrator,OU=System,CN=Ubilogin,DC=localhost com.ubisecure.ubilogin.directory.spi.StatusException: INVALID: NEWCREDENTIALS
Oct 04, 2022 12:47:00 PM org.apache.catalina.core.ApplicationContext log
INFO: [INFO] Audit 2022-10-04T09:47:00.957Z [127.0.0.1] change-success CN=Administrator,OU=System,CN=Ubilogin,DC=localhost

Password application audit events are in password_audit.<YYYY-MM-DD>.log file with the intended audit event format.

2022-10-04T09:41:00.680Z [127.0.0.1] login-success CN=Administrator,OU=System,CN=Ubilogin,DC=localhost
2022-10-04T09:44:47.403Z [127.0.0.1] change-fail CN=Administrator,OU=System,CN=Ubilogin,DC=localhost com.ubisecure.ubilogin.directory.spi.StatusException: INVALID: VALIDATE
2022-10-04T09:44:55.709Z [127.0.0.1] change-fail CN=Administrator,OU=System,CN=Ubilogin,DC=localhost com.ubisecure.ubilogin.directory.spi.StatusException: INVALID: NEWCREDENTIALS
2022-10-04T09:45:23.537Z [127.0.0.1] change-success CN=Administrator,OU=System,CN=Ubilogin,DC=localhost

If DEBUG level is not set stack trace is not printed but the exception message is build from the actual information and the cause

2022-09-26 09:37:18,477 tech Error in opening Accounting Service JMS connection, event cannot be sent. Accounting Service is a required component of SSO that needs to be functioning when running SSO.: javax.jms.JMSException: Could not connect to broker URL: tcp://localhost:36161?connectionTimeout=10. Reason: java.net.SocketTimeoutException: connect timed out: java.net.SocketTimeoutException: connect timed out

2021-06-16 07:42:01,812 protocol TokenServlet: protocol.oauth2.TicketProtocolOAuth2Exception: [application-clientid] Invalid ticket request: code_verifier

If DEBUG level is not set stack trace is not printed but the exception message is build from the actual information and the cause but the result is more verbose than earlier and has redundant information. We may revisit this in a future release.

2022-09-26 09:37:25,233 uas tech WARN Error in opening Accounting Service JMS connection, event cannot be sent. Accounting Service is a required component of SSO that needs to be functioning when running SSO. Could not connect to broker URL: tcp://localhost:36161?connectionTimeout=10. Reason: java.net.SocketTimeoutException: connect timed out: javax.jms.JMSException: Could not connect to broker URL: tcp://localhost:36161?connectionTimeout=10. Reason: java.net.SocketTimeoutException: connect timed out: java.net.SocketTimeoutException: connect timed out

2022-10-06 09:04:28,145 uas protocol ERROR AuthorizationServlet [oauth2-application] Invalid ticket request: code_challenge: protocol.oauth2.TicketProtocolOAuth2Exception: [oauth2-application] Invalid ticket request: code_challenge

 

In uas3_diag

2016-09-20 13:33:17,465 init CustomerID Authorizer started
2016-09-20 13:33:17,465 authz eidm.authorizer: CidAuthorizer init started.
2016-09-20 13:33:17,606 init CustomerID SQL: customeriddb PostgreSQL x.x.x
2016-09-20 13:33:17,632 authz eidm.authorizer: CidAuthorizer init done.
2016-09-20 13:33:17,632 init eidm: com.ubisecure.customerid.authorizer.CidAuthorizer: started

In sso_diag format change

2022-10-06 07:25:25,711 uas init INFO CustomerID Authorizer started
2022-10-06 07:25:25,711 uas authz INFO eidm.authorizer: CidAuthorizer init started.
2022-10-06 07:25:26,083 uas init INFO CustomerID SQL: customeriddb PostgreSQL 12.8
2022-10-06 07:25:26,130 uas authz INFO eidm.authorizer: CidAuthorizer init done.
2022-10-06 07:25:26,130 uas init INFO eidm: com.ubisecure.customerid.authorizer.CidAuthorizer: started

SSO library log events were not seen or they were inside Wildfly stdout or server logs. Only info (or higher) level log events were visible. The log levels could not be controlled from CID side.

08:19:25,692 INFO [io.undertow.servlet] (ServerService Thread Pool -- 84) [INFO] ServiceProviderServlet ServiceProviderServlet starting

 

Log events by the SSO libraries CustomerID is using are in the CustomerID diagnostics log. The logging level can be controlled from CustomerID side, see Logging configuration - CustomerID

INFO level

2022-10-04 08:19:08,447;INFO ;node1;ServerService Thread Pool -- 103;com.ubisecure.util.ldap.jldap.JLDAP;JLDAP: url=ldap://localhost/cn=Ubilogin,dc=localhost,servers=[ldap://localhost/cn=Ubilogin,dc=localhost],tls=false,confConnectTimeout=15000,confReadTimeout=15000,confMaxAge=120000,confAuthPool=8,failoverType=multi-master;
2022-10-04 08:19:08,572;INFO ;node1;ServerService Thread Pool -- 103;com.ubisecure.saml2.sp.servlet.ServiceProviderServlet;ServiceProviderServlet starting;
2022-10-04 08:19:08,588;INFO ;node1;ServerService Thread Pool -- 112;com.ubisecure.saml2.sp.servlet.ServiceProviderServlet;ServiceProviderServlet starting;
...
2022-10-04 08:19:12,088;INFO ;node1;ServerService Thread Pool -- 112;com.ubisecure.saml2.sp.servlet.ServiceProviderServlet;- Attribute Authority [];
2022-10-04 08:19:12,088;INFO ;node1;ServerService Thread Pool -- 112;com.ubisecure.saml2.sp.servlet.ServiceProviderServlet;ServiceProviderServlet started;
2022-10-04 08:19:17,854;INFO ;node1;ServerService Thread Pool -- 82;com.ubisecure.customerid.worker.beans.InvitationWorker;;SYSTEM_INITIALIZATION ;SUCCESS ; N/A ; N/A ;Scheduled the invitation worker with a delay set to: 3600000 milliseconds.;N/A;N/A;

DEBUG level

2022-10-04 09:19:18,238;DEBUG;node1;EJB default - 1;com.ubisecure.customerid.worker.beans.InvitationWorker;;SYSTEM_INTERNAL_PROCESSING ;IN_PROGRESS;Ubisecure CustomerID Worker process.; N/A ;Invitation worker started handling pending user expirations.;N/A;N/A;
2022-10-04 09:19:18,269;DEBUG;node1;EJB default - 1;com.ubisecure.util.ldap.jldap.FailoverConnection;FailoverConnection.open: ldap://localhost/cn=Ubilogin,dc=localhost;
2022-10-04 09:19:18,300;DEBUG;node1;EJB default - 1;com.ubisecure.customerid.logic.services.RegistrationServiceImpl;;SYSTEM_INITIALIZATION ;SUCCESS ;Ubisecure CustomerID Worker process.; N/A ;com.ubisecure.customerid.logic.services.RegistrationServiceImpl$Proxy$_$$_WeldSubclass started;N/A;N/A;

These kind of harmless exceptions by SSO SAML2 library can be perceived

2022-10-05 11:21:43,194;WARN ;node1;EE-ManagedScheduledExecutorService-default-Thread-1;com.ubisecure.saml2.metadata.URLMetadataLocator;Refreshing metadata failed (entityId=https://localhost:8443/uas/saml2/names/ac/saml.ap.custid url=https://localhost:8443/uas/saml2/names/ac/saml.ap.custid/metadata.xml);: java.io.FileNotFoundException: https://localhost:8443/uas/saml2/names/ac/saml.ap.custid/metadata.xml

2022-10-05 13:06:50,588;INFO ;node1;default task-11;com.ubisecure.saml2.sp.servlet.ServiceProviderServlet;Logout request error;: com.ubisecure.saml2.metadata.SAMLEndpointNotFoundException: Endpoint not found: entity https://localhost:8443/uas: service SingleLogoutService: binding null: urn:oasis:names:tc:SAML:2.0:status:Responder, urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized

Migration notes

If you have customised default levels for Diagnostic log entry types

Before 9.1

Since 9.1

Before 9.1

Since 9.1

In webapps/uas/WEB-INF/log4j.properties

log4j.logger.ubilogin.tech = INFO, Diag, C log4j.logger.ubilogin.diag = INFO, Diag log4j.logger.ubilogin.diag.init = INFO, C

In ubilogin-sso/ubilogin/custom/logging/include-logback.xml the DefaultLevels value

<!-- (1) Default levels for Diagnostic logs entry types --> <turboFilter class="com.ubisecure.common.logging.MarkerBasedLogFilter"> <DefaultLevels>audit=info;tech=info;diag.*=info</DefaultLevels> </turboFilter>

If you have enabled Management audit log

Before 9.1

Since 9.1

Before 9.1

Since 9.1

In webapps/ubilogin/WEB-INF/log4j.properties

log4j.logger.com.ubisecure.ubilogin.management = INFO, ManagementAudit

In ubilogin-sso/ubilogin/custom/logging/include-logback.xml the logger element level attribute

<!-- (6) SSO management audit log. --> <!-- Set the level to INFO if you desire to have SSO Management audit file log --> <logger name="com.ubisecure.ubilogin.management" level="INFO"> <appender-ref ref="MANAGEMENT_AUDIT_FILE" /> </logger>

If you have enabled Statistics log

Before 9.1

Since 9.1

Before 9.1

Since 9.1

In webapps/ubilogin/WEB-INF/log4j.properties

log4j.logger.ubilogin.statistics = INFO, Statistics

In ubilogin-sso/ubilogin/custom/logging/include-logback.xml add ;statistics=info to DefaultLevels value

<!-- (1) Default levels for Diagnostic logs entry types --> <turboFilter class="com.ubisecure.common.logging.MarkerBasedLogFilter"> <DefaultLevels>audit=info;tech=info;diag.*=info;statistics=info</DefaultLevels> </turboFilter>

If you have customised Logviewer configuration

See Configuring Log Viewer - SSO, the original filesource.properties file in the installation package has been changed.

Before 9.1

Since 9.1

Before 9.1

Since 9.1

In webapps/logviewer/WEB-INF/filesource.properties

... logsource.FileSource.filetype.1.name = UAS Diag logsource.FileSource.filetype.1.type = diag logsource.FileSource.filetype.1.path = /usr/local/ubisecure/ubilogin-sso/ubilogin/logs logsource.FileSource.filetype.1.filename = uas3_diag.%YYYY-%MM-%DD.log ...

In webapps/logviewer/WEB-INF/filesource.properties new default definitions and check the index for the custom filetype definitions

... # Context properties from web app specific logback.xml files used in diagnostic log logsource.DiagContextNames.pattern = (uas|ubilogin|search|logviewer|totp|sso-api|password|password-reset|cdc|otpserver) ... logsource.FileSource.filetype.1.name = SSO Diag logsource.FileSource.filetype.1.type = diag logsource.FileSource.filetype.1.path = /usr/local/ubisecure/ubilogin-sso/ubilogin/logs logsource.FileSource.filetype.1.filename = sso_diag.%YYYY-%MM-%DD.log logsource.FileSource.filetype.2.name = UAS Diag (old) logsource.FileSource.filetype.2.type = diag logsource.FileSource.filetype.2.path = /usr/local/ubisecure/ubilogin-sso/ubilogin/logs logsource.FileSource.filetype.2.filename = uas3_diag.%YYYY-%MM-%DD.log ...

If you have parsed Diagnostic log (uas)

Before 9.1

Since 9.1

Before 9.1

Since 9.1

Only SSO authentication server (uas) events in the log file without logging level

Event sample:

2022-09-30 07:49:31,398 tech ping: the system is alive

If parsing notice the following:

  • file name change

  • filter uas events based on the column after timestamp

  • format change:

    • logger name is typically a diagnostic log entry type but especially in case of other applications than uas a fully qualified class name e.g. com.ubisecure.sso.totp.api.ApiController

    • logger level has been added after the logger name

Event sample:

2022-10-03 07:06:00,773 uas tech INFO ping: the system is alive

If you have specified custom log levels for libraries user by SSO authentication server (uas)

Before 9.1

Since 9.1

Before 9.1

Since 9.1

In webapps/uas/WEB-INF/log4j.properties

log4j.logger.org.notinteresting.package=WARN log4j.logger.com.some.package.InterestingClassThere=DEBUG

In ubilogin-sso/ubilogin/custom/logging/include-logback.xml

<!-- (10) Customise log levels --> <logger name="org.notinteresting.package" level="WARN" /> <logger name="comIn webapps\password\WEB-INF.some.package.InterestingClassThere" level="DEBUG" />

If you have specified formatting, log file folders or names for SSO authentication server (uas)

Before 9.1

Since 9.1

Before 9.1

Since 9.1

In webapps/uas/WEB-INF/log4j.properties

log4j.appender.Diag = com.ubisecure.log4j.DailyFileAppender log4j.appender.Diag.File = /usr/local/ubisecure/ubilogin-sso/ubilogin/logs/uas3_diag log4j.appender.Diag.layout = org.apache.log4j.PatternLayout log4j.appender.Diag.layout.ConversionPattern = %d{ISO8601} %c{1} %m%n

In ubilogin-sso/ubilogin/custom/logging/include-logback.xml, see Understanding SSO logger configuration for the following sections. NOTE: We do not recommend you to modify these settings in order to facilitate regular troubleshooting.

<!-- (3) SSO log format settings START --> ... <!-- (3) SSO log format settings END --> ... <!-- (4) SSO log folder and base file name --> ... <!-- (5) SSO installation log appenders START --> ... <!-- (5) SSO installation log appenders END -->

If you have specified custom log levels for Password applications (password, password-reset)

These applications used to log to the Tomcat log (ubilogin-sso/tomcat/logs/catalina.<YYYY-MM-DD>.log) but are now logging to the shared SSO diagnostics log (ubilogin-sso/ubilogin/logs/sso_diag.<YYYY-MM-DD>.log).

Before 9.1

Since 9.1

Before 9.1

Since 9.1

In webapps/password/WEB-INF/web.xml or webapps/password-reset/WEB-INF/web.xml e.g. for a more verbose level

<context-param> <param-name>log-level</param-name> <param-value>debug</param-value> </context-param>

In ubilogin-sso/ubilogin/custom/logging/include-logback.xml you should know the package or fully qualified class name of the component in interest. Ask advice from IDS support.

<!-- (10) Customise log levels --> <!-- Password reset application itself --> <logger name="com.ubisecure.sso.password" level="DEBUG" /> <!-- Password application itself --> <logger name="com.ubisecure.ubilogin.password" level="DEBUG" /> <!-- Library routine used by password application to e.g. refresh metadata --> <logger name="com.ubisecure.saml2.metadata.URLMetadataLocator" level="DEBUG" />

If you have specified custom log levels or formatting for TOTP API, or parsed the events (totp)

This SpringBoot application used to log to a dedicated log (ubilogin-sso/ubilogin/logs/totp.log) but is now logging to the shared SSO diagnostics log (ubilogin-sso/ubilogin/logs/sso_diag.<YYYY-MM-DD>.log).

Being a SpringBoot application, the log levels can still be configured via application.yaml or actuator end-point as advised in TOTP API configuration.

Before 9.1

Since 9.1

Before 9.1

Since 9.1

In webapps/totp/WEB-INF/application.yaml

# Enable debug logging logging.level.com.ubisecure.sso.totp: DEBUG (possibility to add own definitions for format and file names)

 

Event sample:

2022-09-22 07:17:39.054 totp DEBUG ApiController: PUT /api/v1/methods/non.existing.method called with TotpMethodSettings(user=User(login=any.user, uniqueId=null), method=null, enabled=null, secret=null, generateSecret=null)

Log levels:

Either webapps/totp/WEB-INF/application.yaml or ubilogin-sso/ubilogin/custom/logging/include-logback.xml

  • application.yaml overrides include-logback.xml

In include-logback.xml

<!-- (10) Customise log levels --> <logger name="com.ubisecure.sso.totp" level="DEBUG" />

Regarding formatting, see Understanding SSO logger configuration for the following sections. NOTE: We do not recommend you to modify these settings in order to facilitate regular troubleshooting.

<!-- (3) SSO log format settings START --> ... <!-- (3) SSO log format settings END --> ... <!-- (4) SSO log folder and base file name --> ... <!-- (5) SSO installation log appenders START --> ... <!-- (5) SSO installation log appenders END -->

If parsing notice the following:

  • file name change

  • filter totp events based on the column after timestamp

  • format changes:

    • simple class name like ApiController is replaced with the fully qualified class name: com.ubisecure.sso.totp.api.ApiController

    • logger level has been moved from before the logger name to after it

Event sample:

2022-09-23 08:31:13,473 totp com.ubisecure.sso.totp.api.ApiController DEBUG PUT /api/v1/methods/non.existing.method called with TotpMethodSettings(user=User(login=any.user, uniqueId=null), method=null, enabled=null, secret=null, generateSecret=null)

 

If you have specified custom log levels or formatting for SSO Management API, or parsed the events (sso-api)

This web application used to log to a dedicated log (ubilogin-sso/ubilogin/logs/sso-api.log) but is now logging to the shared SSO diagnostics log (ubilogin-sso/ubilogin/logs/sso_diag.<YYYY-MM-DD>.log).

Being a SpringBoot application, the log levels can still be configured via application.yaml or actuator end-point as advised in TOTP API configuration.

Before 9.1

Since 9.1

Before 9.1

Since 9.1

In ubilogin/webapps/sso-api/WEB-INF/log4j2.xml

<Configuration status="WARN"> <Appenders> <Console name="Console" target="SYSTEM_ERR"> <PatternLayout pattern="$${ctx:remote-addr:--} $${ctx:sub:--} [%d{ISO8601}{UTC}] [%p] %c{2} %msg%n" /> </Console> <RollingFile name="File" fileName="C:\Program Files\Ubisecure\ubilogin-sso\ubilogin/logs/sso-api.log" filePattern="C:\Program Files\Ubisecure\ubilogin-sso\ubilogin/logs/sso-api-%d{yyyy-MM-dd}.%i.log"> <PatternLayout pattern="$${ctx:remote-addr:--} $${ctx:sub:--} [%d{ISO8601}{UTC}] [%p] %c{2} %msg%n" /> <Policies> <OnStartupTriggeringPolicy /> <TimeBasedTriggeringPolicy /> </Policies> <DefaultRolloverStrategy /> </RollingFile> </Appenders> <Loggers> <Logger name="com.globalsign.iam.sso.api" level="info"> <AppenderRef ref="File" /> </Logger> <Logger name="com.globalsign.iam.sso.api.directory.util.SearchUtil" level="info" /> <Root level="info"> <AppenderRef ref="Console" /> </Root> </Loggers> </Configuration>

Event:

10.0.2.2 cn=Administrator,ou=System,cn=Ubilogin,dc=localhost [2022-10-03T11:36:26,746] [INFO] application.AccessLog PUT /user/example-site/example-user

 

In ubilogin-sso/ubilogin/custom/logging/include-logback.xml

Log levels

<!-- (10) Customise log levels --> <logger name="com.globalsign.iam.sso.api" level="DEBUG" />

Regarding formatting, see Understanding SSO logger configuration for the following sections. NOTE: We do not recommend you to modify these settings in order to facilitate regular troubleshooting.

<!-- (3) SSO log format settings START --> ... <!-- (3) SSO log format settings END --> ... <!-- (4) SSO log folder and base file name --> ... <!-- (5) SSO installation log appenders START --> ... <!-- (5) SSO installation log appenders END -

If parsing notice the following:

  • file name change

  • filter sso-api events based on the column after timestamp

  • format changes:

    • standard SSO diagnostic log event column order: date, time, sso-api, logging class, log level

    • logging class is now the actual class like com.globalsign.iam.sso.api.resource.node.directory.AbstractDirectoryObjectLeaf and not a logger wrapper class application.AccessLog

      • note that controlling log level is based on this logger name

    • remote IP address and authenticated user name (sub) are inserted before the actual message

Event:

2022-09-30 06:42:00,373 sso-api com.globalsign.iam.sso.api.resource.node.directory.AbstractDirectoryObjectLeaf INFO 10.0.2.2 cn=Administrator,ou=System,cn=Ubilogin,dc=localhost PUT /user/example-site/example-user

 

 

 

Related content

Ubisecure Privacy Policy & Cookie Statement