Adding Logs for Tokens¶
Entries in the
<IS_HOME>/repository/conf/security/identity_log_tokens.properties
file can determine whether tokens are added to system logs or not. By
default, these are enabled in the file. The following are the entries in
this file that represent different types of tokens. The tokens can be
disabled from appearing in the logs by setting each token to
false
.
UserClaims=true
UserIdToken=true
XACML_Request=true
XACML_Response=true
NTLM_Token=true
SAML_Assertion=true
SAML_Request=true
AccessToken=true
RefreshToken=true
AuthorizationCode=true
In addition to this, you need to ensure that the logs in the
<IS_HOME>/repository/conf/log4j2.properties
file are
enabled as well. To do this, please follow the following instructions.
Change log level from INFO
to DEBUG
in org.wso2.carbon.identity
logger as follows.
logger.org-wso2-carbon-identity.name=org.wso2.carbon.identity
logger.org-wso2-carbon-identity.level=DEBUG
In order to log the tokens defined in the
identity_log_tokens.properties
file, you need to add
the Read_Log_Token_Properties
system property. This
can be done either by starting WSO2 Identity Server with the system
property or by adding the parameter to JAVA_OPTS
as
an environment variable.
Tip
JAVA_OPTS
are optional runtime options that can be set.
To start the server and pass the parameter, navigate to the
<IS_HOME>/bin
folder in the command line and run the
following command.
sh wso2server.sh -DRead_Log_Token_Properties=true
To add the parameter to the environment variable, use the following command and then start the server.
export JAVA_OPTS=-DRead_Log_Token_Properties=true