Troubleshooting WSO2 Identity Server – Part 1

WSO2 Identity Server is an open source identity and entitlement management server that you can find lot cross cutting features including technologies like SAML, XACML, OAuth, SCIM, WS* and so on.  Sometime, It would be little bit hard to work with Identity Server, specially when you encounter with issues without much descriptions.  As Identity Server is an identity product the may be deal with end consumer, It uses exception shielding pattern heavily. As an example, If you can not authenticate with Identity Server,  It just show you an error saying  “Authentication failure”.  If you just see the log file of  Identity Server which can be found at  <IS_HOME>/repository/logs/wso2carbon.log,  It also contains a simple warn message of authentication failure. As an developer,  It is difficult to find the actual error.  But there is some option for this.  You can enable debug logs of Identity Server and can see more comprehensive logs that help developers to understand the actual problem.

Enable Debug logs in All components

Step1.  Locate  log4j.properties file which can be found at <IS_HOME>/repository/conf directory.

Step2. Enable debug logs for all WSO2 related components by configuring following parameter in to debug.

By default,  you can find this

log4j.logger.org.wso2=INFO

To enable debug logs,  You can change it as following

log4j.logger.org.wso2=DEBUG

Step3.  Restart the server.

Enable debug logs in specified component

It is not practical to enable debug logs all component in the server, Therefore we need to know enable it specific components…

Say,  If it is authentication failure or user store related issue, Please add following entry to log4j.properties file

log4j.logger.org.wso2.carbon.user.core=DEBUG

Say, If issue is with XACML components and you need to see the XACML request and response messages

log4j.logger.org.wso2.carbon.identity.entitlement=DEBUG

Say,  If issue is with OAuth 2.0

log4j.logger.org.wso2.carbon.identity.oauth2=DEBUG

Say, If issue is with SAML2 SSO

log4j.logger.org.wso2.carbon.identity.sso.saml=DEBUG

Basically,  If you need to enable debug logs in identity and entitlement components, Please use following general configuration…

log4j.logger.org.wso2.carbon.user=DEBUG
log4j.logger.org.wso2.carbon.identity=DEBUG
log4j.logger.org.wso2.carbon.claim.mgt=DEBUG
log4j.logger.org.wso2.carbon.idp.mgt=DEBUG
log4j.logger.org.wso2.carbon.claim.mgt=DEBUG

I guess this would help you a lot…..