Application troubleshooting process
Troubleshooting applications requires a general methodology or process. This guide describes a general troubleshooting process, involving applications, logs, DNS and related areas.
In general application troubleshooting involves these areas:
- Application resources - Can the applications URL be reached externally, by customers and internally by Access Gateway?
- Application configuration - Does the application have the correct resources and attributes?
- Policy - Does the application have required policy to protect specific URI/URLs, does the policy behave as expected?
When working with Okta support, an exact log of the problem or issue can be extremely helpful. To generate a HAR archive of a set of operations see Generating HAR files.
The following tasks describe examining and validating each of these areas.
|Core application requirements||
Verify application requirements, specifically:
Manage groups - verify application is assigned appropriate groups
Manage application essentials - verify public domain and protected web resource.
Examine application header fields. Verify:
Manage application attributes - verify header attributes.
Troubleshoot applications-test header applications to verify header content.
|Verify DNS mappings||
Verify that the Public Domain and Protected Web Resource fields resolve to expected DNS entries.
Manage DNS settings - validate primary, secondary and tertiary DNS servers.
Ping - validate a specific DNS address is reachable.
Proxy - validate proxy settings are correct, where required.
Verify that any intermediate servers (between Access Gateway and protected web resource) are property configured. Common interemediates are load balanacers, Oracle HTTP server and similar servers.
See documentation for intermediate server.
|Application debug mode||
Enable application debug mode and verify logs
Managing applications - enable debug mode.
|HTTP return values||
Troubleshoot HTTP return codes.
HTTP return codes - Examine and verify expected HTTP return code.
|Access Gateway and application logs||
Know location of and verify Access Gateway and application logs.
Monitor Access Gateway logs - Monitor logs as applications are being executed using the command line console.
Download Access Gateway logs - After a test run download all Access Gateway log files for offline review.
Configure and monitor log forwarders - Configure a log forwarded to forward log events to systems such as Splunk or Graylog.
Monitor protected application logs - Review protected application logs as appropriate. See protected application documentation to determine where application logs are stored.
Examine and verify application policy - Do specific URIs have policies?
Manage application policy - examine defined application policy.
Troubleshoot application policy - enable and troubleshoot application policy.