This website uses cookies to ensure you get the best experience. Learn More.
How to trace the Liferay SAML 2.0 Provider EE plugin
The article outlines configuration for tracing the Liferay SAML 2.0 Provider EE plugin (SAML plugin). The SAML plugin enables Liferay Portal 6.2 EE to act as a SAML Service Provider (SP) or Identity Provider (IdP).
It is common to experience some bumps when initially configuring the SAML plugin for the role of SP or IdP.
The following logging configuration may assist with tracing SAML protocol (behaviour) and/or SAML XML requests and responses between the SP and IdP.
The author has used this logging configuration to assist with tracing SAML XML messages in these scenarios:
S1/ Tracing between F5 BIG-IP Policy Access Manager (PAM) (acting as SAML IdP) and Liferay Portal (acting as SAML SP).
S2/ Tracing between Microsoft Active Directory Federation Services (ADFS) (acting as SAML IdP) and Liferay Portal (acting as SAML SP). NOTE: Configuring the Liferay SAML 2.0 Provider EE plugin is outside the scope of this article. NOTE: The Liferay SAML EE plugin uses the OpenSAML framework to process messages.
The following log4j logging configuration enables verbose logging of the SAML plugin and SAML XML request and response messages.
The log levels can be configured using the portal-log4j-ext.xml file and/or portal control panel.
NOTE: The log4j logging level ALL can result in very verbose log entries and large log files. Scale the logging level back to DEBUG or INFO to reduce the volume of log entries.
FILE: LIFERAY_HOME/tomcat/lib/ext/META-INF/portal-log4j-ext.xml
<?xml version="1.0"?> <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd"> <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="true"> . . . <!-- Enable verbose logging for Liferay SAML EE plugin -> <category name="com.liferay.saml"> <priority value="ALL" /> </category> <!-- Enable verbose logging for OpenSAML framework -> <category name="org.opensaml"> <priority value="ALL" /> </category> <!-- Enable verbose logging for OpenSAML XML parsing --> <category name="PROTOCOL_MESSAGE"> <priority value="ALL" /> </category> . . . </log4j:configuration>
Sign into portal as admin user.
Navigate to Control Panel > (Configuration) Server Administration > Log Levels
Add or update the following log entries
com.liferay.saml = ALL org.opensaml = ALL PROTOCOL_MESSAGE = ALL
Assuming we are using a Liferay Portal + Apache Tomcat bundle, we can monitor the SAML plugin (deployed to Liferay Portal) as follows:
% cd LIFERAY_HOME % tail -f tomcat/logs/catalina.out