Preparing JBoss for the Shibboleth Identity Provider

Version Requirements/Recommendations

Required Configuration Changes

Logging Configuration

The JBoss AS logging service is configured by means of the log4j.xml file located in the conf/ directory of your service configuration profile. To enable logging for the identity provider:

Add the following appender (log file location) definitions after the last </appender> line

<!-- IdP Audit Log -->
<appender name="IDP_AUDIT" class="org.jboss.logging.appender.DailyRollingFileAppender">
      <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
      <param name="File" value="${jboss.server.log.dir}/idp-audit.log"/>
      <param name="Append" value="true"/>
      <param name="DatePattern" value="'.'yyyy-MM-dd"/>

      <layout class="org.apache.log4j.PatternLayout">
         <param name="ConversionPattern" value="%d %-5p [%c] %m%n"/>
      </layout>
 </appender>


<!-- IdP Access Log -->
<appender name="IDP_ACCESS class="org.jboss.logging.appender.DailyRollingFileAppender">
      <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
      <param name="File" value="${jboss.server.log.dir}/idp-access.log"/>
      <param name="Append" value="true"/>
      <param name="DatePattern" value="'.'yyyy-MM-dd"/>

      <layout class="org.apache.log4j.PatternLayout">
         <param name="ConversionPattern" value="%d %-5p [%c] %m%n"/>
      </layout>
</appender>


<!-- IdP Process Log -->
<appender name="IDP_PROCESS" class="org.jboss.logging.appender.DailyRollingFileAppender">
      <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
      <param name="File" value="${jboss.server.log.dir}/idp-process.log"/>
      <param name="Append" value="true"/>
      <param name="DatePattern" value="'.'yyyy-MM-dd"/>

      <layout class="org.apache.log4j.PatternLayout">
         <param name="ConversionPattern" value="%d %-5p [%c] %m%n"/>
      </layout>
 </appender>

Add the following category definitions after the </category> line

<category name="Shibboleth-Audit">
      <priority value="CRITICAL" />
      <appender-ref ref="IDP_AUDIT"/>
 </category>


<category name="Shibboleth-Access">
        <priority value="CRITICAL" />
        <appender-ref ref="IDP_ACCESS"/>
</category>


<category name="edu.internet2.middleware.shibboleth">
        <priority value="INFO" />
        <appender-ref ref="IDP_PROCESS"/>
</category>