Version

    SAML troubleshooting

    Configuring SAML authentication might be a quite challenging task. Sometimes it does not work but there is no clear reason why. To detect problems we can configure Log4j 2 to intercept communication between CloverDX Server and Identity Provider, write it to a log file and examine the log to find the problems.

    How to configure Log4j 2 to log SAML authentication
    1. Create a copy of [clover.war]/WEB-INF/log4j2.xml file.

    2. Uncomment fragments in the file with samlAppender and loggers referring to the appender.

      <RollingFile name="samlAppender"
             fileName="${sys:clover.clover.home}/cloverlogs/saml.log"
             filePattern="${sys:clover.clover.home}/cloverlogs/saml.log.%i">
             <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p %X{IP} %m%n" charset="UTF-8" />
             <Policies>
             <SizeBasedTriggeringPolicy size="5MB" />
             </Policies>
             <DefaultRolloverStrategy max="10" />
      </RollingFile>

      <Logger name="com.cloveretl.server.auth.SamlServlet" level="debug" additivity="false">
             <AppenderRef ref="samlAppender" />
      </Logger>
      
      <Logger name="com.onelogin.saml2" level="debug" additivity="false">
             <AppenderRef ref="samlAppender" />
      </Logger>

    3. Define a new system property log4j.configurationFile with the full path to the file:

      -Dlog4j.configurationFile=file:///C:/path/to/log4j2.xml

    4. Start the CloverDX Server.

    5. The communication is logged into saml.log file (located (by default) in the directory specified by the java.io.tmpdir system property in the cloverlogs subdirectory).