Your master server's SSO log messages can help you troubleshoot SSO configuration and authentication issues. This article describes how to find SSO log messages and how to increase the level of detail included in SSO log messages.
The following log message is normal: “Not syncing SSO metadata at this moment due to rate limiting." Rate limiting prevents syncing with your identity provider more than once per minute.
Finding SSO log messages
SSO log messages are written to the master server's com_backup42_app.log.* file.
Step 1: View the log file
There are two ways to view enterprise server log files.
View the log file in the administration console
View the log file in a text editor
- Sign in to the server that hosts your master server.
- Use the text editor of your choice to open the com_backup42_app.log.0 file, which is located in your master server's logs directory:
- Linux: /var/log/proserver
Applies to enterprise servers installed as root on Ubuntu
- Windows: C:\Program Files\CrashPlan PROe Server\logs
- OS X: /Library/Logs/PROServer
- Linux: /var/log/proserver
Step 2: Search the log file for SSOauth
To find SSO-related activity in the log file, search for SsoAuth.
In the following example, adding an identity provider to the master server failed because the mappings between the Code42 platform user attributes and identity provider SSO assertion attributes were improperly configured.
[04.09.15 13:53:14.894 INFO jetty-web-2727 com.code42.ssoauth.saml.SamlResponse ] Attribute not found; attributeName=givenName [04.09.15 13:53:14.894 INFO jetty-web-2727 com.code42.ssoauth.saml.SamlResponse ] Attribute not found; attributeName=sn [04.09.15 13:53:14.894 INFO jetty-web-2727 com.code42.ssoauth.saml.SamlResponse ] Attribute not found; attributeName=mail [04.09.15 13:53:14.894 ERROR jetty-web-2727 m.code42.ssoauth.saml.SamlSsoAuthService] AUTH:: SsoAuth:: IdP user attribute mapping failed, triggering system alert; ssoIdentityProviderId=1 [04.09.15 13:53:14.894 INFO jetty-web-2727 com.backup42.history.CpcHistoryLogger ] HISTORY:: SysAlert:: Adding: SystemAlert[name='SSO identity provider failed user attribute mapping: Centrify, nodeGuid:683985806754695484, nonIdObjs:[ displayName=Centrify, originatingNodeName=CrashPlan PROe Server ]', occurrences=1, lastOccurrence=Thu Apr 09 13:53:14 CDT 2015]
Increasing SSO log detail
If you need to see more details in SSO log messages for troubleshooting purposes, you can use the administration console CLI to increase the logging detail for SSO.
SSO log detail levels
The following detail levels can be set for SSO logging (listed in order of most detailed to least detailed):
- INFO (default)
We recommend using log level DEBUG when troubleshooting SSO configuration and authentication.
Change the SSO log detail level
You can see more detail by increasing the logging level for SSO errors.
- Enter the administration console CLI by double-clicking the logo in the upper-left corner.
- Enter the following command:
log com.code42.ssoauth DEBUG
- After debugging is complete, restart the enterprise server or reset the debugging level to INFO with the command:
log com.code42.ssoauth INFO