Page tree

The Shibboleth 2.x software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 and SP3 wiki spaces for current documentation on the supported versions.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Customizing Identity provider Logs

The Identity Provider uses the Logback logging system. The Logback manual provides an exhaustive set of directions and available options that may be configured. This document does not attempt to replicate this information but instead provides Shibboleth specific information, as it pertains to logging, and instructions for performing simple, common, tasks.

Logging Configuration

The logging configuration for the IdP is located at $IDP_HOME/conf/logging.xml. This file is checked for changes every 5 minutes and is reloaded if changes have been made. This means a deployer can keep the logging level at WARN until a problem occurs and then change the logging to DEBUG to get more information if the problem persists, all without restarting the IdP.

Useful Loggers

The following, coarse grained, loggers provide useful information in most situations:




The logger to which shibboleth access messages (think HTTP access logs) are written


The logger to which shibboleth audit messages are written


Messages related only to receiving, parsing, evaluating security of, producing, and encoding SAML messages.


Messages related to all the non-SAML message parsing/encoding work; profile handling, authentication, attribute resolution and filtering


IdP messages related only to authentication


IdP messages related only to attribute resolution and filtering

  • No labels