Logging

You can get more information by turning the logging level up to DEBUG while you're configuring the IdP. To get details for many of the important processes in the IdP, add the following four properties to %{idp.home}/conf/idp.properties and set them to DEBUG. To change any of them back to default values add a # symbol to the beginning of the line to comment out the property in question (the properties and their default values are declared in the %{idp.home}/conf/logback.xml file).

Note that LDAP logging can be very verbose, so the default level is WARN, and INFO level may be sufficient to troubleshoot LDAP issues.

 # Logging
 # idp.loglevel.idp - log level for the IdP proper - default level INFO
 idp.loglevel.idp=DEBUG
 # idp.loglevel.ldap - log level for LDAP events - default level WARN
 idp.loglevel.ldap=DEBUG
 # idp.loglevel.messages - set to DEBUG for protocol message tracing - default level INFO
 idp.loglevel.messages=DEBUG
 # idp.loglevel.encryption - set to DEBUG to log encrypted content in cleartext - default level INFO
 idp.loglevel.encryption=DEBUG

The IdP writes log messages to the %{idp.home}/logs/idp-process.log file. Reference documentation for logging configuration is available in the Shibboleth IdP v4 wiki.