Sun OpenSSO Enterprise 8.0 Technical Overview

OpenSSO Enterprise Component Logs

The log files record a number of events for each of the OpenSSO Enterprise components using the Logging Service. Administrators typically review these log files on a regular basis. Table 15–3 provides a brief description of the log files produced by each OpenSSO Enterprise component.

Table 15–3 OpenSSO Enterprise Component Logs


Log Filename 

Information Logged 

Session Service 

  • amSSO.access

Session management attributes values such as login time, logout time, and time out limits. Also session creations and terminations. 

Administration Console 

  • amConsole.access

  • amConsole.error

User actions performed through the administration console such as creation, deletion and modification of identity-related objects, realms, and policies. amConsole.access logs successful console events while amConsole.error logs error events.

Authentication Service 

  • amAuthentication.access

  • amAuthentication.error

User logins and log outs, both successful and failed. 

Federation Services 

  • amFederation.access

  • amFederation.error

  • amLiberty.access

  • amLiberty.error

Federation-related events such as the creation of an authentication domain or the creation of a hosted provider entity. 

Policy Service (Authorization) 

  • amPolicy.access

  • amPolicy.error

  • amAuthLog

Events related to authorization such as policy creation, deletion, or modification, and policy evaluation. amPolicy.access logs policy allows, amPolicy.error logs policy error events, and amAuthLog logs policy denies.

Policy Agents 


Exceptions regarding resources that were either accessed by a user or denied access to a user. amAgent logs reside on the server where the policy agent is installed. Agent events are logged on the OpenSSO Enterprise machine in the Authentication logs.

SAML v1.x 

  • SAML.access

  • SAML.error

SAML v1.x-related events such as assertion and artifact creation or removal, response and request details, and SOAP errors. 

SAML v2 

  • SAML2.access

  • SAML2.error

SAML v2-related events such as assertion and artifact creation or removal, response and request details, and SOAP errors. 

Command Line 

  • amAdmin.access

  • amAdmin.error

Event successes and errors that occur during operations using the command line tools. Loading a service schema, creating policy, and deleting users are some examples of command line operations. 

Password Reset 

  • amPasswordReset.access

Password reset events. 

For detailed reference information about events recorded in each type of OpenSSO Enterprise log, see Chapter 14, Logging Service, in Sun OpenSSO Enterprise 8.0 Administration Guide.