Indira's blog

 
In the previous versions of Access Manager servers, to enable the server to debug message mode from the default error mode, one needs to set the com.iplanet.services.debug.level=message in the AMConfig.properties. That is not it, the webcontainer on which the Access Manager is deployed needs to be restarted. This is almost impossible in a production scenario, customers do not want to stop the server or sometimes the anamoly that is being experienced by the customer may not show up if the server is restarted. So there has to be a mechanism to dynamically enable/disable the server's debug level.

In the Latest version of the Java ES Access Manager release 7.1(Java ES 5)(some of the Access Manager 7.0 patches also provide this option in a limited manner), it provides a JSP Debug.jsp utility to configure the component level debug level(error,warning and message) message is the most verbose mode. This JSP is deployed right under the services deploy URI. For eg: http://amhost.example.com:8080/amserver/Debug.jsp

To invoke this JSP you need to have toplevel admin privileges. Authenticate as amadmin user then access this page http://amhost.example.com:8080/amserver/Debug.jsp, it will show you the list of Access Manager components and the usage on how to set the individual components in to debug mode.

The format of the invocation URL is(it is different in OpenSSO) <protocol>://amhost.fqdn:port/service_deploy_uri/Debug.jsp?category=CATEGORY&level=LEVEL

CATEGORY could be any one of the following

• SESSION

• POLICY

• EVENTLISTENERS

• CONSOLE

•  SAML

•  SECURITY

• FEDERATION

• PLL

• AUTHENTICATION

• SMS

• SDK

• IDREPO

• PROFILE

• LIBERTY 

LEVEL should be one of the following

• 1 (error)
  
• 2 (warning)
• 3 (message) 

SESSION

    * amSession
    * amSSOProvider
    * amSDK
    * amSessionEncodeURL
    * amCookieUtils

POLICY

    * amPolicy

EVENTLISTENERS

    * amProfileListener
    * amSMSEvent
    * amEventService

CONSOLE

    * amConsole
    * amProfile
    * amSDK
    * AMLFilterLog

 SAML

    * amSAML

SECURITY

    * amJSS
    * amJSSE

FEDERATION

    * amFederation
    * amIntroduction

PLL

    * amComm

AUTHENTICATION

    * amAuth
    * amAuthApplication
    * amAuthConfig
    * amAuthContext
    * amAuthContextLocal
    * amAuthInternal
    * amAuthLDAP
    * amLoginLogoutMapping
    * amLoginModule
    * amLoginServlet
    * amLoginViewBean
    * amAuthsvc
    * amClientSchema
    * amAuthInternalSMModule

SDK

    * amSDK

SMS

    * amSMS
    * amSMSLdap
    * amSMSEvent
    * amAuthInternalSMModule

IDREPO

    * amIdm
    * amProfile
    * amProfile_ldap
    * amProfileListener
    * amSpecialRepo
    * amSDK
    * amFileLookup
    * amResourceLookup

PROFILE

    * amProfile
    * amProfile_ldap
    * amProfileListener
    * amSDK
    * amDelegation

LIBERTY

    * amAuthSvc
    * amLibertyLogUtil
    * amLibertyDST
    * amInteraction
    * amMeta
    * amPAOS
    * amLibertySecurity
    * amWSSecurity
    * amSOAPBinding
    * amBinarySecurityToken
    * amDisco
    * amLibertyIDPP

For example if you want to set the session components in to warning mode then you need to supply the following url parameters

http://amhost.example.com:8080/amserver/Debug.jsp?category=SESSION&level=2

NOTE

         Whatever mode you set using this JSP Debug.jsp is valid only for the current JVM, once the JVM is restarted then the value in the com.iplanet.services.debug.level property will take in to effect, note that this property is global for all the components in the Access Manager server. Unlike the Debug.jsp, this property is not supporting the component level debug enable/disable.

How to do in the OpenSSO

In the opensso case, configuring the debug level  is sophisticated and simple. All you need to do is to login as top level administrator of OpenSSO system, When you access the Debug.jsp it will showup  a screen with pulldown menu to select the debug level and the opensso component to be set to that debug level, hit submit that  is it! It is that simple.