Troubleshoot the Siteminder Agent for Sharepoint

Introduction

Siteminder Web Agent for Sharepoint is a quite complicated product to implement.

You will face many issues while installing it for the first time or even after. So it’s important to manage all the tools to debug and troubleshoot all the issues you will face.

The Agent For Sharepoint has many different products bundled together so you will have many places to take a look in order to find the black sheep.

Enable / Disable logs

Affwebservices logs

Edit $AGENTHOME/Tomcat/webapps/affwebservices/WEB-INF/classes/LoggerConfig.properties
Change the value of :
TracingOn to Y
LoggingOn to Y

Claims web services log

Edit $AGENTHOME/Tomcat/webapps/ClaimsWS/WEB-INF/classes/LoggerConfig.properties
Change the value of :
TracingOn to Y
LoggingOn to Y

Apache HTTP Server logs

Open $AGENTHOME/httpd/conf/httpd.conf
Change value of :
JkLogLevel to debug
LogLevel to debug

Tomcat logs

Open $AGENTHOME/proxy-engine/conf/server.conf and change the value of :
loglevel to 4
After all of these modifications, please restart Agent For Sharepoint in order to make the changes effective.

Path of logs

Affwebservices logs

$AGENTHOME/proxy-engine/logs/federation.log (and its trace in the same directory)

Claims Web Service logs

$AGENTHOME/proxy-engine/logs/claimswebservice.log (and its trace in the same directory)

Apache HTTP Server logs

$AGENTHOME/httpd/logs/error_log

Tomcat logs

$AGENTHOME/proxy-engine/logs/server.log


Source : http://guireg.com/2012/11/01/troubleshoot-the-siteminder-agent-for-sharepoint/

Authentication and Authorization events in Siteminder

Authentication Events
Authentication events occur when a user accesses a resource protected by a rule that includes an On-Auth event. Unlike Web Agent actions or authorization events, authentication events always apply to the entire realm. We can’t create an On-Auth rule that applies to a portion of a realm. Authentication events include the following:

On-Auth-Accept: Occurs if authentication was successful. This event may be used to redirect a user after a successful authentication.
On-Auth-Reject:Occurs if authentication failed for a user that is bound to a policy containing an On-Auth-Reject rule. This event may be used to redirect the user after a failed authentication.
On-Auth-Attempt: Occurs if the user was rejected because Siteminder does not know this user (an unregistered user, for example, can be redirected to register first).
On-Auth-Challenge: Occurs when custom challenge-response authentication schemes are activated (for example, a token code).
OnAuthUserNotFound – This event is only used to trigger Active Responses. This event should not be used to trigger any response other than an Active Response.


Authorization Events 
Authorization events will occur as Siteminder verifies whether or not a user is authorized to access a resource. As a rule action, an authorization event causes the Policy Server to fire a rule at a particular point in the authorization process. Authorization events include the following:

On-Access-Accept: Occurs when Siteminder successfully authorizes a user to access the resource.
On-Access-Reject: Occurs when Siteminder rejects a user because the user is not authorized to access the resource.

Source :http://vaibhav181.wordpress.com/2012/08/12/authentication-and-authorization-events-in-siteminder/

SAML 2.0 protocols
===============
Authentication Request Protocol
Assertion Query and Request Protocol
Artifact Resolution Protocol
Name Identifier Management Protocol
Name Identifier Mapping Protocol
Single Logout Protocol

The most important protocols of these are
Authentication Request Protocol
Artifact Resolution Protocol


The protocol is encoded in an XML schema as a set of request-response pairs. The protocols defined are.

Assertion Query and Request Protocol: Defines a set of queries by which existing SAML
assertions may be obtained. The query can be on the basis of a reference, subject or the
statement type.

Authentication Request Protocol: Defines a message that causes a
to be returned containing one of more assertions pertaining to a Principal.
Typically the is issued by a Service Provider with the Identity Provider
returning the message. Used to support the Web Browser SSO Profile.

Artifact Protocol: Provides a mechanism to obtain a previously created assertion by providing a reference. In SAML terms the reference is called an “artifact”. Thus a SAML protocol can refer to an assertion by an artifact, and then when a Service Provider obtains the artifact it can use the artifact Protocol to obtain the actual assertion using this protocol.

Name Identifier Management Protocol: Provides mechanisms to change the value or format
of the name of a Principal. The issuer of the request can be either the Service Provider or the
Identity Provider. The protocol also provides a mechanism to terminate an association of a
name between an Identity Provider and Service Provider.

Single Logout Protocol: Defines a request that allows near-simultaneous logout of all
sessions associated by a Principal. The logout can be directly initiated by the Principal or due
to a session timeout.

Name Identifier Mapping Protocol: Provides a mechanism to enable “account linking”.
Refer to the subsequent sections on Federation.

Source : saml

SAML Definitions

Definitions:
SAML 2.0 (Source : WIKIPEDIA )
========
Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML OASIS standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, that is an identity provider, and a web service, that is a service provider. SAML 2.0 enables web-based authentication and authorization scenarios including single sign-on (SSO).

What is SAML?  (Source : SLIDESHARE )

=============

Security Assertion Markup Language

XML based protocol

OASIS approved standardSAML 1.0 November 2002

SAML 1.1 September 2003

SAML 2.0 March 2005

Flexible and extensible protocol designed to be used by other standards

SAML (Security Assertion Markup Language)    (Source : TECHTARGET )

=========================================

SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) standard that allows a user to log on once for affiliated but separate Web sites. SAML is designed for business-to-business (B2B) and business-to-consumer (B2C) transactions.

SAML specifies three components: assertions, protocol, and binding. There are three assertions: authentication, attribute, and authorization. Authentication assertion validates the user's identity. Attribute assertion contains specific information about the user. And authorization assertion identifies what the user is authorized to do.

Protocol defines how SAML asks for and receives assertions. Binding defines how SAML message exchanges are mapped to Simple Object Access Protocol (SOAP) exchanges. SAML works with multiple protocols including Hypertext Transfer Protocol (HTTP), Simple Mail Transfer Protocol (SMTP), File Transfer Protocol (FTP) and also supports SOAP, BizTalk, and Electronic Business XML (ebXML). The Organization for the Advancement of Structured Information Standards (OASIS) is the standards group for SAML.

Siteminder WAM UI Troubleshooting

 Please follow the below mentioned steps to resolve the issue 

 1. Please stop your policy server and WAMUI services. 

 2. Please open a command prompt window and traverse to Siteminder\bin 
 folder. 

 3. Execute the XPSEXPLORER utility. 

 4. Please select the Admin option from the XPSEXPLORER and check for all 
 the Admin objects that have been added for WAMUI registration. 

 5. Please delete all the Admin objects that have been used to register with 
 WAMUI using the various options that are provided in the XPSEXPLORER. 

 For eg. If the object 1 has been selected for registration, please enter 1 
 and press enter.  Then select  D  to delete the object. Continue with this 
 process until all the objects related with the WAMUI registration have been 
 removed. 

 6. Please select the TrustedHosts option from the XPSEXPLORER and check for 
 all the objects that have been added for WAMUI registration 

 7. Please delete all the trusted hosts which refer to the WAMUI 
 registration using the same process as has been mentioned in the step 5 
 above. 

 8. Close this command prompt window. 

 9. Please open a new command prompt window and execute the XPSSECURITY 
 utility. 

 10. Please select the Administrators option (generally 1) from this 
utility. 

 11. Please delete the Administrator objects from here which are related to 
 the WAMUI registration. 

 12. Close this command prompt window. 

 13. Open a new command prompt window. 

 14. Start the Policy server service and check the connectivity with the 
 policy store. The connection attempt must be a success which would mean 
 that the policy store objects are accessible. 

 15. Execute:  smreg  -su . 

 16. Execute:  xpsregclient  -adminui-setup 
 siteminder>: 

 17. Close this command prompt window. 

 18. Start the WAMUI service. 

 19. Try to login using the username/password as  
 siteminder>/. 

Identity management Blogs

1.allidm.com 
2.http://identity-accessmanagement.blogspot.in   

SiteMinder Logging Overview

SiteMinder Troubleshooting:  SiteMinder Logging Overview

Contributed by:  Joshua Perlmutter - CA Technologies: Support Engineer

1.  Log Types Defined:

Log Type	Configuration	Default Name	Contains	Applicable Versions
Web Agent Error	ACO Parameters		General Information, Warnings and Errors	R6, R12, R12.5
Web Agent Trace	ACO Parameters		Detailed Information on what is happening	R6, R12, R12.5
Policy Server Audit	SM Console	SMAccess.log	Who did what when	R6, R12, R12.5
Policy Server Error	SM Console	SMPS.log	General Information, Warnings and Errors	R6, R12, R12.5
Policy Server Trace (aka Profiler)	SM Console	SMTraceDefault.log	Detailed Information on what is happening	R6, R12, R12.5
WAM UI Log	Properties File	Server.log	WAM UI Run Time Issues	R12, R12.5
WAM UI Log		Boot.log	WAM UI Start Up Information	R12, R12.5

2.  Policy Server Details

Controls
Type	Control Parameter	Applicable Versions	Default Value	Support Recommendation	Purpose
Policy Server Audit Log	SM Console>Data Tab>Audit> File Name	R6, R12, R12.5	\log\smaccess.log	\log\smaccess.log	Defines where to do audit logging
Policy Server Audit Log	SM Console>Data Tab>Audit>Rollover on Startup	R6, R12, R12.5	enabled	enabled	Specifies we make a new log on start up
Policy Server Audit Log	SM Console>Data Tab>Audit>Rollover on Size	R6, R12, R12.5	enabled @ 10 mb	enabled @ 10 mb	Specifies we make a new log when the current hits a chosen size
Policy Server Audit Log	SM Console>Data Tab>Audit>Rollover on Time	R6, R12, R12.5	disabled	disabled	Specifies roll over at a specific time
Policy Server Audit Log	SM Console>Data Tab>Audit> Retention	R6, R12, R12.5	set to 10	set to 10	Specifies how many old logs to keep
Policy Server Audit Log	SM Console>Logs Tab>Authentication Events	R6, R12, R12.5	None; Anonymous user unchecked	All; Anonymous Checked	Specifies auditing authentication events; including anonymous access
Policy Server Audit Log	SM Console>Logs Tab>Authorization Event	R6, R12, R12.5	None; Anonymous user unchecked	All; Anonymous Checked	Specifies auditing authorization events; including anonymous access
Policy Server Audit Log	SM Console>Logs Tab>Affiliate Events	R6, R12, R12.5	None	All	Specifies auditing affiliate requests
Policy Server Audit Log	SM Console>Logs Tab>Administration Access Events	R6, R12, R12.5	None	All	Specifies auditing administrative access
Policy Server Audit Log	SM Console>Logs Tab>Administrator Changes	R6, R12, R12.5	None	All	Specifies auditing administrative changes
Policy Server Error Log	SM Console>Logs Tab>LogFile	R6, R12, R12.5	\log\smps.log	\log\smps.log	Defines where to do error logging
Policy Server Error Log	SM Console>Logs Tab>Rollover on Startup	R6, R12, R12.5	enabled	enabled	Specifies we make a new log on start up
Policy Server Error Log	SM Console>Logs Tab>Rollover on Size	R6, R12, R12.5	enabled @ 10 mb	enabled @ 10 mb	Specifies we make a new log when the current hits a chosen size
Policy Server Error Log	SM Console>Logs Tab>Rollover on Time	R6, R12, R12.5	disabled	disabled	Specifies roll over at a specific time
Policy Server Error Log	SM Console>Logs Tab>Retention	R6, R12, R12.5	set to 10	set to 10	Specifies how many old logs to keep
Policy Server Trace Log	SM Console>Profiler Tab>Enabled	R6, R12, R12.5	disabled	on when a problem is being tracked	Determines if we trace
Policy Server Trace Log	SM Console>Profiler Tab>Configuration File	R6, R12, R12.5	\config\smtracedefault.txt	\config\smtracedefault.txt	Determines where trace configuration is stored
Policy Server Trace Log	SM Console>Profiler Tab>Console Output	R6, R12, R12.5	disabled	disabled	Specifies output to command prompt
Policy Server Trace Log	SM Console>Profiler Tab>File Output	R6, R12, R12.5	enabled	enabled	Specifies output to file
Policy Server Trace Log	SM Console>Profiler Tab>File Location	R6, R12, R12.5	\log\smtracedefault.log	\log\smtracedefault.log	Determines where we write the trace
Policy Server Trace Log	SM Console>Profiler Tab>Rollover on Startup	R6, R12, R12.5	enabled	enabled	Specifies we make a new log on start up
Policy Server Trace Log	SM Console>Profiler Tab>Rollover on Size	R6, R12, R12.5	enabled @ 10 mb	enabled @ 10 mb	Specifies we make a new log when the current hits a chosen size
Policy Server Trace Log	SM Console>Profiler Tab>Rollover on Time	R6, R12, R12.5	disabled	disabled	Specifies roll over at a specific time
Policy Server Trace Log	SM Console>Profiler Tab>Retention	R6, R12, R12.5	set to 10	set to 10	Specifies how many old logs to keep
Policy Server Trace Log	SM Console>Profiler Tab>Format/Delimiter	R6, R12, R12.5	SM Default ([])	SM Default ([])	Specifies how to separate fields
Profiler Components
Component	SubComponent	Information Captured
AgentFunc		Web Agent interaction
	Init	Agent initialization
	Uninit	un-initialization
	IsProtected	IsProtected calls
	Login	Login calls
	ChangePassword	ChangePassword call
	Validate	Validate Session spec or session ID
	Logout	Logout calls
	Authorize	Authorization calls
	Audit	Audit authorizations out of agent cache
	FreeAttributes	free the attributes
	UpdateAttributes	Update response attributes when authenticating or authorizing out of agent cache
	SGetSessionVariables	Fetch Session Server Variables
	SetSessionVariables	Set Session Server Variables
	DeleteSessionVariables	Delete Session Server Variables
	Tunnel	Tunnel API
	GetConfig	Get agent configuration
	DoManagement	Requests Agent Commands from Policy Server
	GetSingleUseCookie	Policy server retrieves session cookie stored in session store
	SetSingleUseCookie	Policy server creates a session cookie stored in session store
	DelSingleUseCookie	Policy server deletes session cookie stored in session store
Server		Policy Server activity
	Connectoin_Management	Policy Server connection creation and termination
	Policy_Object	Object Store changes, including creation, update, and deletion of objects in the Policy Store; and DoManagement messages
	Policy_Object_Cache	Watch the parameters of the Policy Object Cache as well as when the Cache is being updated
	Administration	Administrator session activity as well as user management activity initiated from Admin UI
	Audit_Logging	When a log record is created and when it is committed to a persistent storage.
	Policy_Server_General	Policy Server level general activity
IsProtected		Protection check events
	Function_Begin_End	Which parameters are passed to the Policy Server and what is returned to an Agent
	Resource_Protection	How the resource protection decision is made
Login_Logout		Users logging in or out
	Function_Begin_End	Which parameters are passed to the Policy Server and what is returned to an Agent
	Authentication	How the authentication decision is made
	Policy_Evaluation	Details of authentication event processing
	Active_Expression	Which parameters are passed to active expressions and what they return during the Authentication events processing
	Password_Service	Details of password policy processing
	Certificates	Details of certifivcate verification
	Session_Management	When a user session is created, verified, and terminated as well as the details of the management of persistent sessions
	Send_Request	Inspect the details of the Policy Server's request to the Agent.
	Receive_Request	Inspect the details of the Agent's request to the Policy Server
IsAuthorized		User authorization tracking
	Function_Begin_End	Which parameters are passed to the Policy Server and what is returned to an Agent
	Policy_Evaluation	The details of access control policies processing
	Active_Expression	Which parameters are passed to active expressions and what they return during the processing of access control policies and Authorization events
	Send_Response	Inspect the details of the Policy Server's response to the Agent
	Receive_Response	Inspect the details of the Agent's request to the Policy Server
	AzMapping	See details of Auth-Az directory mapping evaluation
Tunnel_Service		Details about tunnel calls from custom Web Agents
	Function_Begin_End	Which parameters are passed to the Policy Server and what is returned to an Agent
	User-Management_Api	Trace the internal calls of User Management API
JavaAPI		Details java api calls
	Function_Begin_End	Which parameters are passed to the Policy Server and what is returned to an the clients of DMS API and Java Policy Management API
Directory_Access		Access events on directories
	Access_Begin_End	High-level details of the requests sent by the Policy Server to a user directory
	Attribute_Cache	User attribute cache activity
ODBC		Details ODBC calls
	Sql_Statement_Begin_End	Each SQL statement being sent to a directory as well as the returned results
	Internal_Operation	Low level details of the database requests handling
	Connection_Management	When and how Policy Server creates and terminates database connection and detects failed servers
	SQl_Errors	Report all SQL errors
	Connection_Monitor	Connection Monitor Thread and Connection State Changes
LDAP		Details LDAP calls
	Ldap_Call_Begin_End	Details of each request sent to an LDAP directory as well as the returned results
	Internal_Operation	Low level details of the LDAP requests handling including referrals, paging and sorting, etc
	Connection_Management	When and how Policy Server creates and terminates LDAP connection and detects failed servers
	Performance_Measurement	Collect LDAP query performance data
	Ldap_Error_Message	Show the detailed error messages returned on failures
IdentityMinder		Details IDM interaction
	Function_Begin_End	Watch what methods in the extensions kit are called and the return values from those methods
	IM_Error	Error condition in extension kit
	IM_Info	General information
	IM_Internal	General IMS internal operations - Tracing
	IM_MetaData	General provider tracing of meta data
	IM_RDB_Sql	RDB provider tracing of sql
	IM_LDAP_Provider	Ldap Provider specific Tracing
	IM_RuleParser	IMS Policy Rule Parser - Tracing
	IM_RuleEvaluation	Rule evaluation information
	IM_MemberPolicy	Evaluation of member policies
	IM_AdminPolicy	Evaluation of admin policies
	IM_OwnerPolicy	Evaluation of owner policies
	IM_RoleMembership	Tracing role membership
	IM_RoleAdmins	Tracing role aministration
	IM_RoleOwners	Tracing role ownership
	IM_PolicyServerRules	Evaluation of policy server rules
	IM_LLSDK_Command	Tracing LLSDK command processing
	IM_LLSDK_Message	Traces directly sent from LLSDK
	IM_IdentityPolicy	Evaluation of Identity policies
	IM_PasswordPolicy	Evaluation of Identity policies
	IM_Version	Tracing client and server version information
	IM_CertificationPolicy	Evaluation of Certification policies
	IM_InMemoryEval	Top level trace of in-memory evaluation processing
	IM_InMemoryEvalDetail	Debug level traces of in-memory evaluation processing
TXM		Transaction Minder action details
	JNI	"Errors and messages associated with JNI code in tmservices
	License	Errors and messages associated with license check code in tmservices
	MetaData	Errors and messages associated with metadata code in tmservices
SharePointAgent		Sharepoint 2007 and 2010 Agent Interaction
	PlugIn	Sharepoint agent plugin module
	CfgModule	Configuration UI to select the webapplication(siteminder)
	CfgModuleNETWrapper	Wrapper to Config module
	MemberShipProvider	Authentication module for user ( siteminder)
	RoleProvider	Group information
	NativeAgentAPIWrapper	Agent API
	UserManagementAPI	Tunnel Calls
	ImportProfile	Importing userprofile for Sharepoint
	UserMigration	User migration from windows to siteminder
	SmWebModule	HttpModule and aspx pages
	Impersonation	user impersonation module(we authenticate the users using NTLM and convey them SharePoint)
Components
Policy Server Audit Log
Information Field	Field Purpose
Access Type	Type of access (eg: Authorization Accept (AzAccept))
Host Computer	Where the acess was from
Date and Time	When the access was done
IP Address	IP the access was from
Username	Who did the access
Agent Name	Agent the access was from
Acrion	Http method of access (ie: get, post, put)
Resource	What was accessed
TransactionID	Web Agent assigned transaction ID
Reason	Why the actoin taken was taken
Status Message	Any message associated with the access
Policy Server Error Log
Information Field	Field Purpose
Process/Thread ID	Process and Thread ID of message
Date and Time	Day and time of message
Source File and Line	Source file and line of message
Message Type	Type of Message; ie: Informational, Warning or Error
Message	What is happening
Policy Server Trace Log
Information Field	Field Purpose
Date	Day of message
Time	Time of Message
PreciseTime	Time of Message (with milliseconds)
Pid	Process ID
Tid	Thread ID
TransactonID	Transaction ID (S##/R## number)
AgentName	WebAgent name used
Resource	Resource of request
User	Complete DN of the iser making the request
SrcFile	File & line of code the request is on
Function	Function that is being executed
ReturnValue	Return value of an executed function
Group	Displays the type of group to which the object belongs in form of string variable. The group can be rule, response or agent group.
Domain	Associated SiteMinder domain
Realm	Associated SiteMinder realm
Policy	Associated SiteMinder policy
Rule	Associated SiteMinder rule
Directory	User directory the user is found in
AgentType	Displays an agent type in form of string variable.
ObjectClass	Displays the object classes for organizations in form of string variable. The object class defines the types of attributes that an entry can contain.
DomainOID	OID of the associated SiteMinder domain
RealmOID	OID of associated SiteMnder realm
ObjectOID	OID of the associated SiteMinder object
SearchKey	Displays the Searchkey in the form of string variable. The Searchkey indicates the key used during any searching operation done.
ErrorString	Displays the error string in the form of string variable. The error message is set in the ErrorString during the occurrence of error conditions in the code.
ErrorValue	Displays the error code returned by various functions as an integer value.
Property	Displays the name of the property of an object in form of string variable.
IPAddr	IP Address request is from
IPPort	Port in use
RequestIPAddr	Web Agent IP Address
AuthStatus	Displays the Authenticating status can be redirection, error message  and user message in form of string variable.
AuthReason	Displays authreason as an integer value. Authreason are the tokencodes transferred
AuthScheme	Displays the authentication scheme used in form of string variable.
CertSerial	Serial Number of the certificate (CertAuth only)
SubjectDn	Subject DN of the certificate (CertAuth only)
IssuerDN	Issuer DN of the certificate (CertAuth only)
SessionSpec	Displays the server side session spec in form of string variable. Session spec provides the specification of the whole session and is encrypted and decrypted at PS side.
SessionID	Displays the server side session specification identifiers in form of string variable .
CertDistPT	Displays the distribution point of the certificate.
UserDN	DN of the user
Action	Displays the requested action in form of string variable. It is generally of 3 types GET,POST and PUT.
State	Displays the server state in form of string variable. It can be "INIT", "INACTIVE", "ACTIVE", "DISABLED", "INTER", "FAILED"
ClusterID	Displays the cluster identifier as an integer value. Every cluster is assigned a unique integer identifier. This id is mainly used for logging purposes.
HandleCount	Displays the handle count as an integer value. Handle count is the connection count.
FreeHandleCount	Displays the free handle count as an integer value. FreeHandleCount is the free connection count.
BusyHandleCount	Displays the busy handle count as an integer value. BusyHandleCount is the busy connection count.
ResponseTime	Displays response time in milliseconds.
Throughput	Displays the throughput as an integer value. Throughput is transactions per seconds.
MaxThroughput	Displays the maximum throughput (transactions per seconds) as an integer value.
Minthroughput	Displays the minimum throughput (transactions per seconds) as an integer value.
Threshold	Displays the active servers threshold number as an integer value.
TransactionName	Displays the Transaction Name in form of string variable. Transaction name is extracted from the request packet.
HexadecimalData	Displays the hexadecimal data transferred (in response packet) in form of string variable.
Query	Displays the database access query, in form of string variable.
ActiveExpr	Displays the Active Expressions in form of string variable.
CallDetail	Displays the details of the call provided in form of string variable.
Returns	Reserved for future use (not currently used)
Expression	Reserved for future use (not currently used)
Result	Reserved for future use (not currently used)
CacheHits	Reserved for future use (not currently used)
CacheSize	Reserved for future use (not currently used)
RefCount	Reserved for future use (not currently used)
Message	Type of message
Data	Displays the data transferred (in response packet) in form of string variable.

3.  Web Agent Details

Controls
Type	Control Parameter	Applicable Versions	Default Value	Support Recommendation	Purpose
Web Agent Error Log	LogAppend	R6, R12, R12.5	No	No	Determines whether we append only logs or start a new one each LLAWP Start up
Web Agent Error Log	LogFile	R6, R12, R12.5	No	Yes	Determines If we create a log
Web Agent Error Log	LogFileName	R6, R12, R12.5			Is the location of the file we create when we create a log
Web Agent Error Log	LogFileSize	R6, R12, R12.5	0	10	Is the number, in MB the maximum size of the error log (0 = unlimited)
Web Agent Error Log	LogFilesToKeep	R6, R12, R12.5	0	10	Is the number of error logs aside form the current one that we keep (0 = unlimited)
Web Agent Error Log	LogLocalTime	R6, R12, R12.5	Yes	Yes	Determines timestamps; Yes = local time; No = GMT
Web Agent Error Log	LogFileName32	R12 (IIS 7/7.5 only)			Is the log file for the 32 bit process in the 64 bit IIS 7 and 7.5 Agents
Web Agent Trace Log	TraceAppend	R6, R12, R12.5	No	No	Determines whether or not we append the old trace files when tracing is reenabled
Web Agent Trace Log	TraceConfigFile	R6, R12, R12.5			Is the configuration file we use to determine what is traced  (not dynamic)
Web Agent Trace Log	TraceDelimiter	R6, R12, R12.5			Detemines the delimiter used between fields
Web Agent Trace Log	TraceFile	R6, R12, R12.5	No		Determines if we trace processes
Web Agent Trace Log	TraceFileName	R6, R12, R12.5			Is the location of the file we create when we create a trace log
Web Agent Trace Log	TraceFileSize	R6, R12, R12.5	0	100	Is the number, in MB the maximum size of the trace log (0 = unlimited)
Web Agent Trace Log	TraceFilesToKeep	R6, R12, R12.5	0	10	Is the number of trace logs aside form the current one that we keep (0 = unlimited)
Web Agent Trace Log	TraceFormat	R6, R12, R12.5	default	default	Determines the format of the file
Web Agent Trace Log	TraceConfigFile32	R12 (IIS 7/7.5 only)			Is the configuration file we use to determine what is traced for the 32 bit process in the 64 bit IIS 7 and 7.5 Agents (not dynamic)
Web Agent Trace Log	TraceFileName32	R12 (IIS 7/7.5 only)			Is the trace log file for the 32 bit process in the 64 bit IIS 7 and 7.5 Agents
Web Agent Trace Components
Component	SubComponent	Information Captured
AgentFramework		All Framework Related Messages
	Administration	Agent administration messages
	Filter	Filter messages; The filter interfaces with the
	HighLevelAgent	High level request processing messages
	LowLevelAgent	Low level (more detailed) request processing messages. Details regarding the interfacing with the Agent API
	LowLevelAgentWP	Worker process messages
AffiliateAgent		Web agent messages for 4.x affiliate agent
	RequestProcessing	Core Affiliate Agent request processing messages
SAMLAgent		Web agent messages for SAML affiliate support
	RequestProcessing	Core SAML request processing messages
HTTPAgent		Web agent messages for Framework Agents
	AdvancedAuthentication	Advanced authentication messages, such as Forms or Certificates
	RequestProcessing	Core request processing messages
	SingleSignOn	Messages related to single sign on
WebAgent		Web agent messages for all traditional agents
	AgentCore	Core messages to the agent
	Cache	Cache messages
	Authentication	Authentication messages
	Responses	Response messages
	Management	DoManagement messages
	SSO	single sign on messages
	Filter	filter messages
Agent_Functions		Agent API messages
	Init	Agent initialization
	Uninit	un-initialization
	IsProtected	IsProtected calls
	Login	Login calls
	ChangePassword	ChangePassword call
	Validate	Validate Session spec or session ID
	Logout	Logout calls
	Authorize	Authorization calls
	Audit	Audit authorizations out of agent cache
	FreeAttributes	free the attributes
	UpdateAttributes	Update response attributes when authenticating or authorizing out of agent cache
	GetSessionVariables	Fetch Session Server Variables
	SetSessionVariables	Set Session Server Variables
	DeleteSessionVariables	Delete Session Server Variables
	Tunnel	Tunnel API
	GetConfig	Get agent configuration
	DoManagement	Requests Agent Commands from Policy Server
Agent_Con_Manager		Agent to Policy Server Connection Messages
	RequestHandler	Process Request, Handle HCO updates
	Cluster	Trace the ClusterId, HandleCount
	Server	Trace the Server IP address, port, connection count
	WaitQueue	HandleCount, Free Handle count, Busy Handle count
	Management	Connection Service
	Statistics	Statistics of cluster, Request handler,waitque etc
Components
Web Agent Error Log
Information Field	Field Purpose
Process & Thread ID	Give the Process and Thread that generated the Message
Date and Time	Give the Date and Time of the Message
Source File and Line	Not the source file and line of the message
Type of Message	Note the Message type: Informational, Warning or Error
Message	What is Happening
Web Agent Trace
Information Field	Field Purpose
Date	Day of Message
Time	Time of Message
PreciseTime	Time of Message (with milliseconds)
PID	Process ID
TID	Thread ID
TransactionID	Transaction ID (shows in Profiler as Attribute 221)
SrcFile	Source file and line of message
Function	Function containing the trace message
User	Name of the user
UserDN	DN of the user this is for
Domain	SiteMinder Domain this is in
DomainOID	OID of Domain this is in
Realm	SiteMinder Realm this is in
RealmOID	OID of Realm this is in
AgentName	Agent name being used
IPAddr	IP Address of user
IPPort	Port on the user end
RequestIPAddr	IP Address of the Web Agent
CertSerial	Serial Number of the certificate (CertAuth only)
SubjectDN	Subject DN of the certificate (CertAuth only)
IssuerDN	Issuer DN of the certificate (CertAuth only)
SessionSpec	Session Spec for the user
SessionID	Sessoin ID for the user
Resource	Resource the query is on
Action	Action taken by the Web Agent
Message	The actual information of what is happening

4.  WAM UI Details

Controls
Log	Control File	Parameter	Valid Values	Control File Location
Server.log	log4j_jboss.properties SiteMinderLog4j.properties	log4j.category.ims	Info, Warn, Debug	\adminui\server\default\deploy\iam_siteminder.ear\config\com\netegrity\config
Server.log	log4j_jboss.properties SiteMinderLog4j.properties	log4j.category.im log4j.category.com.ca.siteminder.framework log4j.category.com.ca.siteminder.framework.action log4j.category.com.ca.siteminder.framework.tab log4j.category.com.ca.siteminder.framework.xps log4j.category.com.ca.siteminder.framework.xps.security log4j.category.com.ca.siteminder.webadmin	Info, Warn, Debug,ALL	\adminui\server\default\deploy\iam_siteminder.ear\config\com\netegrity\config However, the preferred logging settings modification method is made product specific \adminui\server\default\deploy\iam_siteminder.ear\/user-console/META-INF/SiteMinderLog4j.properties
Boot.log	Jboss-log4j.xml			\adminui\server\default\conf