By default Security Token Service and Identity Federation messages are logged into the OAM Server's log files.
You can view and configure these logs in Fusion Middleware Control. However, you can also edit logging.xml
and direct Security Token Service and Identity Federation information to a separate log file, as described in this section. The files involved in this procedure are:
Logging Configuration File: Provides logger names and other configuration information for logging. This file is stored in: $DOMAIN_HOME/config/fmwconfig/servers/SERVER-NAME/logging.xml.
Log File: $DOMAIN_HOME/ostslogs/SERVER-NAME-diagnostics.log, for example.
Security Token Service and Identity Federation do not categorize log handlers as Access Manager does. Instead, there is only one logger that affects the log levels for Security Token Service and Identity Federation. Table 7-7 provides details for this logger, which are required in the WLST command.
Table 7-7 Oracle Security Token Service and Identity Federation Loggers
Component Name | Logger Name | Log Handler Name | Log Class |
---|---|---|---|
Security Token Service or Identity Federation |
oracle.security.fed |
stsfed-handler |
class=oracle.core.ojdl.logging.ODLHandlerFactory |
For details, see:
Configuring Logging for Security Token Service or Identity Federation
Defining Log Level and Log Details for Security Token Service or Identity Federation
See Also:
Monitoring Performance and Logs with Fusion Middleware Control for details about how you can configure and view logs using Fusion Middleware Control
Logging information in the Securing Applications with Oracle Platform Security Services
Administrators can separate Security Token Service or Identity Federation log messages from OAM Server message logs.
To configure:
Administrators can use custom WLST commands for Oracle Access Management to change logger settings for Security Token Service as described here. This specifies an independent output file for only Security Token Service log messages.
Use the WLST command help("fmw diagnostics")
.
Skip steps 1 through 3 if the following items are true:
The OAM Server is running
You have the WLST script
You have connected to the server and logged in
This sample procedure for Security Token Service logging is very similar to the one for Access Manager. However, there are a few differences. Your deployment choices will be different.