Logging-Authentication

Um bei den Login-Problemen, vor allem bei einer aktiven LDAP-Authentifizierung wird es mit den unten stehenden Blocks das Debugging aktiviert.

ATTENTION: Setting the following lines is unsecure because details of the authentication are logged. If you use it, don’t forget to remove it later.

Add this snippets to verinice server log4j configuration: /usr/share/tomcat6/webapps/veriniceserver/WEB-INF/classes/log4j.xml or /usr/share/tomcat/webapps/veriniceserver/WEB-INF/classes/log4j.xml on CentOS 7.
And restart tomcat afterward:
CentOS 6:

service tomcat6 restart

CentOS 7:

systemctl restart tomcat

AD / LDAP (verinice >= 1.6.2):

<logger name="sernet.gs.server.security.LdapAuthenticatorImpl">
  <level value="DEBUG" />
</logger>

AD / LDAP / SSO / PreAuth:

<logger name="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
  <level value="DEBUG" />
</logger>
<logger name="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter"> <level value="DEBUG" />
</logger>

Log details of the authentication process (Spring) ‚‘’(verinice < 1.6.2)’’’:

<logger name="org.springframework.security.ui.digestauth">
  <level value="DEBUG" />
</logger>
<logger name="sernet.gs.server.security.DbUserDetailsService">
  <level value="DEBUG" />
</logger>

SSL

To log information about SSL connections set VM start parameter:

-Djavax.net.debug=all 

This logs output to command line without setting other parameters. SSL output is not logged by log4j.

For the case of using windows, STDOUT on console stays silent. Please call verinice.exe via

verinice.exe > sslLogFile.log 2>&1

to redirect output of javax.net.debug to specified logfile (sslLogFile.log).