View single sign-on logs
Who is this article for?
Instructor, no.
Incydr Professional, Enterprise, Gov F2, and Horizon, no.
Incydr Basic, Advanced, and Gov F1, no.
CrashPlan Cloud, no.
Retired product plans, yes.
CrashPlan for Small Business, no.
Overview
Your authority server's SSO log messages can help you troubleshoot SSO configuration and authentication issues. This article describes how to find SSO log messages and how to increase the level of detail included in SSO log messages.
Considerations
The following log message is normal: “Not syncing SSO metadata at this moment due to rate limiting." Rate limiting prevents syncing with your identity provider more than once per minute.
Find SSO log messages
SSO log messages are written to the authority server's com_backup42_app.log.* file.
Step 1: View the log file
There are two ways to view Code42 server log files.
View the log file in the Code42 console
- Sign in to the Code42 console on your authority server.
- Navigate to Settings > Logs
The Logs view appears. - Select com_backup42_app.log.0 from the menu.
View the log file in a text editor
- Sign in to the server that hosts your authority server.
- Use the text editor of your choice to open the com_backup42_app.log.0 file, which is located in your authority server's logs directory:
- Linux: /var/log/proserver
Applies to Code42 servers installed as root on Ubuntu - Windows: C:\Program Files\CrashPlan PROe Server\logs
- Linux: /var/log/proserver
Step 2: Search the log file for SSOauth
To find SSO-related activity in the log file, search for SsoAuth.
In the following example, adding an identity provider to the authority server failed because the mappings between the Code42 platform user attributes and identity provider SSO assertion attributes were improperly configured.
[04.09.15 13:53:14.894 INFO jetty-web-2727 com.code42.ssoauth.saml.SamlResponse ] Attribute not found; attributeName=givenName [04.09.15 13:53:14.894 INFO jetty-web-2727 com.code42.ssoauth.saml.SamlResponse ] Attribute not found; attributeName=sn [04.09.15 13:53:14.894 INFO jetty-web-2727 com.code42.ssoauth.saml.SamlResponse ] Attribute not found; attributeName=mail [04.09.15 13:53:14.894 ERROR jetty-web-2727 m.code42.ssoauth.saml.SamlSsoAuthService] AUTH:: SsoAuth:: IdP user attribute mapping failed, triggering system alert; ssoIdentityProviderId=1 [04.09.15 13:53:14.894 INFO jetty-web-2727 com.backup42.history.CpcHistoryLogger ] HISTORY:: SysAlert:: Adding: SystemAlert[name='SSO identity provider failed user attribute mapping: MySSO, nodeGuid:683985806754695484, nonIdObjs:[ displayName=MySSO, originatingNodeName=CrashPlan PROe Server ]', occurrences=1, lastOccurrence=Thu Apr 09 13:53:14 CDT 2015]
Increase SSO log detail
If you need to see more details in SSO log messages for troubleshooting purposes, you can use the Code42 console CLI to increase the logging detail for SSO.
SSO log detail levels
The following detail levels can be set for SSO logging (listed in order of most detailed to least detailed):
- ALL
- TRACE
- DEBUG
- INFO (default)
- WARN
- ERROR
- FATAL
- OFF
We recommend using log level DEBUG when troubleshooting SSO configuration and authentication.
Change the SSO log detail level
You can see more detail by increasing the logging level for SSO errors.
- Enter the Code42 console CLI by double-clicking the logo in the upper-left corner.
- Enter the following command:
log com.code42.ssoauth DEBUG
- After debugging is complete, restart the Code42 server or reset the debugging level to INFO with the command:
log com.code42.ssoauth INFO