SAML troubleshooting

    Configuring SAML authentication might be a quite challenging task. Sometimes it does not work but there is no clear reason why. To detect problems we can configure Log4j 2 to intercept communication between CloverDX Server and Identity Provider, write it to a log file and examine the log to find the problems.

    How to configure Log4j 2 to log SAML authentication
    1. Create a copy of [clover.war]/WEB-INF/log4j2.xml file.

    2. Uncomment fragments in the file with samlAppender and loggers referring to the appender.

      <RollingFile name="samlAppender"
             <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p %X{IP} %m%n" charset="UTF-8" />
             <SizeBasedTriggeringPolicy size="5MB" />
             <DefaultRolloverStrategy max="10" />

      <Logger name="com.cloveretl.server.auth.SamlServlet" level="debug" additivity="false">
             <AppenderRef ref="samlAppender" />
      <Logger name="com.onelogin.saml2" level="debug" additivity="false">
             <AppenderRef ref="samlAppender" />

    3. Define a new system property log4j.configurationFile with the full path to the file:


    4. Start the CloverDX Server.

    5. The communication is logged into saml.log file (located (by default) in the directory specified by the system property in the cloverlogs subdirectory).