Enable logging for authorization mapper

For troubleshooting purposes, you should enable logging for the authorization mapper.

This can be done in the Admin Client UI or in the XSLT transformation (XML template).

In the Admin Client UI

First, the logging needs to be activated and then you can set/change the log level.

In the Admin Client, go to Configuration → Modules → Administration → Logger Manager
Enable it and save your changes
Update the server configuration (using the server action)
- Now you will see Logger Manager among server actions
Click on it, find the entry for com.censhare.manager.apiservice.ApiServiceImpl
- By default, this is already set to LOG . You may want to change it to FINE which is more granular.

In the XSLT transformation (XML template)

The logging can also be enabled in the transformation. The first line enables the logs and the second line allows to set a specific log level.

XML

<xsl:variable name="debug" as="xs:boolean" select="false()"/>
<xsl:variable name="logLevel" select="if ($debug) then 'info' else 'fine'"/>

Where to find the logs

The logs for authorization mapping will be written to censhare-Server/work/logs/server-0.0.log file as any other logs.

Authorization mapper sample logs

XML

2022.04.26-09:39:26.980 FINE   : T012: APIServiceImpl: no-context: Opened session 6
2022.04.26-09:39:27.364 FINE   : T004: APIServiceImpl: no-context: Input to party mapping XSLT:
<root>
  <exp>
    1650959066
  </exp>
  <iat>
    1650958766
  </iat>
  <auth_time>
    1650958766
  </auth_time>
  <jti>
    2de46e5e-5bad-4e8f-9fb7-bda0d941dae9
  </jti>
  <iss>
    http://localhost:8080/auth/realms/censhare
  </iss>
  <aud>
    account
  </aud>
  <sub>
    74061d78-beca-4721-92cb-583883babdc0
  </sub>
  <typ>
    Bearer
  </typ>
  <azp>
    censhare5
  </azp>
  <nonce>
    CQbx2gj0bvY1q_JhuU12zz4JGqx2Ud0fqZoPwe7A3qA
  </nonce>
  <session_state>
    14777266-a44b-4846-9d8b-16c11c0747be
  </session_state>
  <acr>
    1
  </acr>
  <allowed-origins>
    [http://localhost:9000]
  </allowed-origins>
  <realm_access>
    {roles=[offline_access, uma_authorization]}
  </realm_access>
  <resource_access>
    {account={roles=[manage-account, manage-account-links, view-profile]}}
  </resource_access>
  <scope>
    openid email profile
  </scope>
  <email_verified>
    true
  </email_verified>
  <name>
    My User
  </name>
  <preferred_username>
    myuser
  </preferred_username>
  <given_name>
    My
  </given_name>
  <family_name>
    User
  </family_name>
  <email>
    ar@censhare.com
  </email>
  <attributes>
    <attr name="login" value="myuser"/>
    <attr name="email" value="ar@censhare.com"/>
    <attr name="firstname" value="My"/>
    <attr name="name" value="User"/>
    <attr name="group" value="mygroup"/>
    <attr name="tma-check-user-attr" value="blue-yellow"/>
    <attr name="tma" value="blue"/>
    <attr name="cs_locale" value="fr"/>
  </attributes>
</root>
 
2022.04.26-09:39:27.373 FINE   : T004: APIServiceImpl: no-context: Result of party mapping XSLT:
  <party auth_extern="1" email_notification="1" login="myuser" firstname="My" name="User" display_name="My User" email="ar@censhare.com" locale="fr" main_role="no-permissions" main_domain="root.global-share." main_domain2="root." auth_standard="0" sync_extern="1" isgroup="0">
    <party_role enabled="1" role="no-permissions" domain="root.global-share." domain2="root."/>
  </party>
 
2022.04.26-09:39:27.374 FINE   : T004: APIServiceImpl: no-context: Input to party master data import:
  <party auth_extern="true" email_notification="1" login="myuser" firstname="My" name="User" display_name="My User" email="ar@censhare.com" locale="en" main_role="admin" main_domain="root." main_domain2="root." auth_standard="false" sync_extern="1" isgroup="false" id="100" isactive="1" isvisible="1" issystem="0" party_asset_id="15301" count_invalid_logins="0">
    <party_role enabled="1" role="no-permissions" domain="root.global-share." domain2="root."/>
  </party>
 
2022.04.26-09:39:27.388 INFO   : T004: DataObjectUpdater: no-context: Changed: <party corpus:dto_flags="ptm" id="100" isgroup="0" new-val:isgroup="false" display_name="My User" name="User" login="myuser" main_role="admin" main_domain="root." main_domain2="root." locale="en" isactive="1" isvisible="1" issystem="0" email="ar@censhare.com" firstname="My" count_invalid_logins="0" email_notification="1" auth_standard="0" new-val:auth_standard="false" auth_extern="1" new-val:auth_extern="true" sync_extern="1" party_asset_id="15301" tcn="152" rowid="7"/>
 
2022.04.26-09:39:27.388 INFO   : T004: APIServiceImpl: no-context: cached table update on: party
2022.04.26-09:39:27.410 INFO   : T026: CommandExecutor: master.20220426.093927.409[system]: system.event.forward completed all in 2ms
2022.04.26-09:39:27.410 INFO   : T027: CommandExecutor: master.20220426.092621.771[system]: admin.user_administration.javaadmin.send-new-password-automatic completed all in 4ms
2022.04.26-09:39:27.411 INFO   : T003: CommandExecutor: master.20220426.092621.748[system]: system.event.forward completed all in 3ms
2022.04.26-09:39:27.447 INFO   : T004: APIServiceImpl: no-context: Created or updated party entry for login: myuser
2022.04.26-09:39:27.451 INFO   : T004: APIServiceImpl: no-context: New login session created: [id=3400A2B911DCDB807849E0E30CDFF9E0, login=myuser, host=null, user-agent=]
2022.04.26-09:39:27.451 FINE   : T004: APIServiceImpl: no-context: No host found for login session with TransactionContext.
2022.04.26-09:39:27.452 INFO   : T004: APIServiceImpl: no-context: Created login session: [id=3400A2B911DCDB807849E0E30CDFF9E0, login=myuser, host=master[1], user-agent=]