<RollingFile name="samlAppender"
fileName="${sys:clover.clover.home}/cloverlogs/saml.log"
filePattern="${sys:clover.clover.home}/cloverlogs/saml.log.%i">
<PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p %X{IP} %m%n" charset="UTF-8" />
<Policies>
<SizeBasedTriggeringPolicy size="5MB" />
</Policies>
<DefaultRolloverStrategy max="10" />
</RollingFile>
SAML troubleshooting
Configuring SAML authentication might be a quite challenging task. Sometimes it does not work but there is no clear reason why. To detect problems we can configure Log4j 2 to intercept communication between CloverDX Server and Identity Provider, write it to a log file and examine the log to find the problems.
How to configure Log4j 2 to log SAML authentication
-
Create a copy of
[clover.war]/WEB-INF/log4j2.xml
file. -
Uncomment fragments in the file with samlAppender and loggers referring to the appender.
<Logger name="com.cloveretl.server.auth.SamlServlet" level="debug" additivity="false"> <AppenderRef ref="samlAppender" /> </Logger> <Logger name="com.onelogin.saml2" level="debug" additivity="false"> <AppenderRef ref="samlAppender" /> </Logger>
-
Define a new system property log4j.configurationFile with the full path to the file:
-Dlog4j.configurationFile=file:///C:/path/to/log4j2.xml
-
Start the CloverDX Server.
-
The communication is logged into
saml.log
file (located (by default) in the directory specified by thejava.io.tmpdir
system property in thecloverlogs
subdirectory).