Close popover

Table of Contents

Testing an authentication service


You can test and debug an authentication service in a development or staging environment by setting the appropriate log level.

  1. Set the logger to debug. For performance and security reasons, do not use this setting in a production environment.

    • For a SAML authentication service, the logger is com.pega.pegarules.integration.engine.internal.util.PRSAMLv2Utils.
    • For an OIDC authentication service, the loggers are:
      • com.pega.pegarules.integration.engine.internal.auth.oidc.NimbusOIDCClientHandler
      • com.pega.pegarules.integration.engine.internal.auth.oidc.OIDCClientHandler
  2. Optional:

    For an OIDC authentication service, get the claim values by using remote tracing.

    1. Open a browser window to the application login screen and proceed to the login screen for your identity provider. Do not log in yet.

    2. In a separate browser window for Dev Studio, do the following steps:

      1. In the developer toolbar, click Tracer.
      2. From the Tracer dialog, click Settings, and under Pages to Trace, enter D_pzSSOAttributes. Click Add, and then click OK.
      3. From the Tracer dialog, click Remote Tracer, select the ID of the unauthenticated requestor, and click OK.
  3. Attempt to log in by authenticating with the identity provider.

  4. Examine the console log by clicking Configure System Operations Logs Log files and selecting the Pega log.

  5. Use a third-party tool to decode the Base64-encoded assertion from the log.

  • Logging Level Settings tool

    You can use the Logging Level Settings tool to temporarily override the severity settings in the prlog4j2.xml file for the current node and control which logging events are displayed in the Pega log. For example, you can change the logging level for activities in the Work- class from FATAL to DEBUG for troubleshooting purposes.

  • Selecting a session to trace

    By default, the Tracer traces your own requestor session. You can trace another session by using the Remote Tracer. The Remote Tracer lists every requestor that is connected to your Pega Platform server.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.