View single sign-on logs

Last updated
Save as PDF

Who is this article for?

CrashPlan Cloud

CrashPlan for Small Business

CrashPlan On-Premises

Find your product plan in the Code42 console on the Account menu.
Not a CrashPlan On-Premises customer? Search or browse Incydr and Instructor, CrashPlan Cloud, or CrashPlan for Small Business.

Instructor, no.

Incydr Professional, Enterprise, Gov F2, and Horizon, no.

Incydr Basic, Advanced, and Gov F1, no.

CrashPlan Cloud, no.

Retired product plans, yes.

CrashPlan for Small Business, no.

Overview

Your authority server's SSO log messages can help you troubleshoot SSO configuration and authentication issues. This article describes how to find SSO log messages and how to increase the level of detail included in SSO log messages.

Considerations

The following log message is normal: “Not syncing SSO metadata at this moment due to rate limiting." Rate limiting prevents syncing with your identity provider more than once per minute.

Find SSO log messages

SSO log messages are written to the authority server's com_backup42_app.log.* file.

Step 1: View the log file

There are two ways to view Code42 server log files.

View the log file in the Code42 console

Sign in to the Code42 console on your authority server.
Navigate to Settings > Logs
The Logs view appears.
Select com_backup42_app.log.0 from the menu.

View the log file in a text editor

Sign in to the server that hosts your authority server.
Use the text editor of your choice to open the com_backup42_app.log.0 file, which is located in your authority server's logs directory:
- Linux: /var/log/proserver
  Applies to Code42 servers installed as root on Ubuntu
- Windows: C:\Program Files\CrashPlan PROe Server\logs

Step 2: Search the log file for SSOauth

To find SSO-related activity in the log file, search for SsoAuth.

In the following example, adding an identity provider to the authority server failed because the mappings between the Code42 platform user attributes and identity provider SSO assertion attributes were improperly configured.

[04.09.15 13:53:14.894 INFO    jetty-web-2727       com.code42.ssoauth.saml.SamlResponse    ] Attribute not found; attributeName=givenName
[04.09.15 13:53:14.894 INFO    jetty-web-2727       com.code42.ssoauth.saml.SamlResponse    ] Attribute not found; attributeName=sn
[04.09.15 13:53:14.894 INFO    jetty-web-2727       com.code42.ssoauth.saml.SamlResponse    ] Attribute not found; attributeName=mail
[04.09.15 13:53:14.894 ERROR   jetty-web-2727       m.code42.ssoauth.saml.SamlSsoAuthService] AUTH:: SsoAuth:: IdP user attribute mapping failed, triggering system alert; ssoIdentityProviderId=1
[04.09.15 13:53:14.894 INFO    jetty-web-2727       com.backup42.history.CpcHistoryLogger   ] HISTORY:: SysAlert:: Adding: SystemAlert[name='SSO identity provider failed user attribute mapping: MySSO, nodeGuid:683985806754695484, nonIdObjs:[ displayName=MySSO, originatingNodeName=CrashPlan PROe Server ]', occurrences=1, lastOccurrence=Thu Apr 09 13:53:14 CDT 2015]

Increase SSO log detail

If you need to see more details in SSO log messages for troubleshooting purposes, you can use the Code42 console CLI to increase the logging detail for SSO.

SSO log detail levels

The following detail levels can be set for SSO logging (listed in order of most detailed to least detailed):

ALL
TRACE
DEBUG
INFO (default)
WARN
ERROR
FATAL
OFF

Log level for troubleshooting
We recommend using log level DEBUG when troubleshooting SSO configuration and authentication.

Change the SSO log detail level

You can see more detail by increasing the logging level for SSO errors.

Enter the Code42 console CLI by double-clicking the logo in the upper-left corner.
Enter the following command:
```
log com.code42.ssoauth DEBUG
```
For extra detail, use TRACE or ALL.
After debugging is complete, restart the Code42 server or reset the debugging level to INFO with the command:
```
log com.code42.ssoauth INFO
```