Configure apps for testing

Testing an app involves validating app headers, validating policy, and running other general tests. Simulation allows you to validate header fields and policy execution. Always perform complete testing to validate that the app is behaving as expected for all URIs.

Configure the app for header or policy simulation testing

  1. Go to the Access Gateway Admin UI console.
  2. From the Topology tab or the Applications tab, open the app.
  3. Click the Settings pane.
  4. Expand the Essentials tab.
  5. Note the current value of Protected Web Resource.
  6. Copy and save the value of the Protected Web Resource field in a secure location. You need this value when you turn debug mode off.
  7. Change the Protected Web Resource field to one of these values:
    ValueBehavior
    http://header.service.spgwThis displays information about the header, cookie, session, and other information.
    http://policy.service.spgwThis displays information about the app policy.
  8. Clear the Customize checkbox to disable the post-login URL.
  9. Expand the Advanced tab.
  10. Enable Debug mode. When you enable Debug mode, ensure that the downloadable log file has also been set to the Debug level. App debug events aren't visible in downloadable log files unless you configure them to emit debug-level log events. See Manage log verbosity
  11. Click Done.

    When debugging header-based apps, test attributes with static known good values. For example, change dynamic IdP-based fields to static ones with known good values. When debugging policy-based apps, test with no policy or an open policy first.

Monitor logs with the Access Gateway Management console

  1. Open a terminal. Use Secure Shell (SSH) to connect to the Access Gateway Management console. Here are some example commands:

    ssh oag-mgmt@gw-admin.<domain.tld>

    ssh oag-mgmt@gw-admin.mysite.myco.com

  2. Sign in to the Access Gateway Management console.
  3. Enter 4 - Monitoring.
  4. Enter 2 - Enable Debug.
  5. Enter 1 - Monitor logs. The log messages appear. See Monitor for a complete list of all monitoring and related commands.
  6. Return to the Access Gateway Admin UI console console and run the app that you want to examine logs for.
  7. Enter [Ctrl]-[c] to exit the log display.
  8. Enter 2 - Disable debug.

The debug logging level rapidly generates log messages. Always disable debug logging when you've finished examining logging. Otherwise, you may run out of disk space.

Test policies

  1. Select the Applications tab.
  2. On the row containing the app, click Go to applicationSP Initiated.
  3. Sign in if required.
  4. For policy-based testing, update the URL to add an appropriate path and resend the request. This example adds the /public path:

Test headers

  1. Select the Applications tab.
  2. On the row containing the header app, click Go to applicationSP Initiated.
  3. Sign in if required.
  4. Examine the Access Gateway Management console for errors or log events.

  5. Examine the result of the test.

Debug mode being active on production apps can impact performance. When complete, always reset the Protected Web Resource field and deactivate the Debug mode toggle.

Disable debug mode

Display debug statements at the command line

  1. Go to the Access Gateway Management console.
  2. Enter [Ctrl]-[c] to exit the log display.
  3. Enter 3 - Disable debug.
  4. Exit the command-line console.

App debug is enabled

  1. Go to the Access Gateway Admin UI console
  2. Go to the app you're testing.
  3. Expand the Setting tab.
  4. Expand the Essentials tab.
  5. Return the Protected Web Resource field back to its original value.
  6. Expand the Advanced tab.
  7. Set the Debug toggle to Disable.
  8. Save your changes.