Version

    SAML troubleshooting

    Configuring SAML authentication might be a quite challenging task. Sometimes it does not work but there is no clear reason why. To detect problems we can configure Log4j 2 to intercept communication between CloverDX Server and Identity Provider, write it to a log file and examine the log to find the problems.

    How to configure Log4j 2 to log SAML authentication

    1. Create a copy of [clover.war]/WEB-INF/log4j2.xml file.

    2. Uncomment fragments in the file with samlAppender and loggers referring to the appender. 

      <RollingFile name="samlAppender"
       fileName="${sys:clover.clover.home}/cloverlogs/saml.log"
       filePattern="${sys:clover.clover.home}/cloverlogs/saml.log.%i">
       <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p %X{IP} %m%n" charset="UTF-8" />
       <Policies>
       <SizeBasedTriggeringPolicy size="5MB" />
       </Policies>
       <DefaultRolloverStrategy max="10" />
</RollingFile>

      <Logger name="com.cloveretl.server.auth.SamlServlet" level="debug" additivity="false">
       <AppenderRef ref="samlAppender" />
</Logger>

<Logger name="com.onelogin.saml2" level="debug" additivity="false">
       <AppenderRef ref="samlAppender" />
</Logger>

    3. Define a new system property log4j.configurationFile with the full path to the file:

      -Dlog4j.configurationFile=file:///C:/path/to/log4j2.xml

    4. Start the CloverDX Server.

    5. The communication is logged into saml.log file (located (by default) in the directory specified by the java.io.tmpdir system property in the cloverlogs subdirectory).