Trace / Debug logging

Enable debug logging | Bitbucket Data Center 9.3 | Atlassian Documentation See also: Audit logging and Kerberos diagnostics logging

General DEBUG logging

In rare cases, you may sometimes want to enable TRACE or DEBUG logging for Kantega SSO, usually while working with support. Usually, the DEBUG log level gives a higher level of detail for a certain configuration, while the TRACE level log is needed to monitor all details of a login flow.

Jira and Confluence both provide a user interface for temporarily adding TRACE log categories. For the other Atlassian applications you will need to edit the log configuration files and restart the instance, or use a third party addon, for example Advanced Logging for Bitbucket.

Bitbucket

Read about logging in Bitbucket how to enable runtime here:

Enable debug logging | Bitbucket Data Center 9.3 | Atlassian Documentation

One example following the guide above to create curl call to enable logging runtime for org.kantega.atlaskerb is (remember to replace username/password and server-name to your values):

curl -u adminusername:password -v -X PUT -d "" -H "Content-Type: application/json" https://bitbucketserver.example.com/rest/api/latest/logs/logger/org.kantega.atlaskerb/trace

Most of the K-SSO debug logging you get by logging the package: org.kantega.atlaskerb

If you want audit logging for Kantega SSO enabled add: com.kantegasso.AuditLog
To enable debug logging for SCIM also add Class/Package Name: com.ksso.scim
To enable debug logging for SAML, add no.kantega.saml

 

Alternatively if you want this more permanent, add the following line three your bitbucket.properties file:

logging.logger.org.kantega.atlaskerb=TRACE logging.logger.com.ksso.scim=TRACE logging.logger.no.kantega.saml=TRACE

Also audit logging (see above) may be relevant to enable to get details on all activities. The debug output will be written to the atlassian-bitbucket.log file.

 

Confluence

Go to the page Logging and Profiling https://<your-confluence-address>/admin/viewlog4j.action

Then input in Class/Package Name value: org.kantega.atlaskerb
If you want audit logging enabled that also gives some details also add Class/Package Name: com.kantegasso.AuditLog

To enable debug logging for SCIM also add Class/Package Name: com.ksso.scim
To enable debug logging for SAML, add no.kantega.saml

For New Level select: TRACE

 

Press the Add entry button.

Then you can perform the activity you experience to not work as expected. The TRACE logging will stay on until the next restart of Confluence or until you turn it off again manually on the page. The debug output will be written to the atlassian-confluence.log file.

Jira

Go to the URL https://<your-jira-address>/secure/admin/ViewLogging.jspa

On this page press the link: Logging and profiling.

Then add the following logging (see image below).

Package name: org.kantega.atlaskerb
If you want audit logging enabled that also gives some details also add Package Name: com.kantegasso.AuditLog

If you want debug logging for SCIM also add Package Name: com.ksso.scim

To enable debug logging for SAML, add no.kantega.saml

Logging level: TRACE

 

Then you can perform the activity you experience to not work as expected. The TRACE logging will stay on until the next restart of Jira or until you turn it off again manually on the page. Turn off logging after troubleshooting to avoid noise in the logs. The debug output will be written to the atlassian-jira.log file.

If you need additional help understanding the logs, please post us a support query and attach the log file.

Bamboo

Go to Bamboo administration > System -> Log settings. Then add a new entry with the package name org.kantega.atlaskerb for "Classpath" and choose TRACE as "Type". You should then see log messages of Kantega SSO with severity TRACE either in your Bamboo Server log (BAMBOO_HOME/logs/atlassian-bamboo.log) or in the Remote Agent server log.