Troubleshoot applications

Configure

To configure an application for header or simulation testing:

To configure an application for policy simulation testing:

  1. Navigate to the Access Gateway Admin UI console
  2. From the Topology tab or the Applications tab, open the application.
  3. Select the Settings pane.
  4. Expand the Essentials tab.
  5. Note the current value of Protected Web Resource.
  6. Change the Protected Web Resource field to:
    ValueBehavior
    http://header.service.spgwWhen running a test, this displays information about the header, cookie, session, and other information.
    http://policy.service.spgwWhen running a test, this displays information about the application policy.

    Copy and save the original back-end Protected Web Resource value.

  7. Clear the Customize checkbox to disable the post-login URL.
  8. Expand the Advanced tab.
  9. Enable Debug mode.

    When enabling Debug mode, ensure that the download log has also been set to level debug. Application debug events aren't visible in downloadable logs unless download logs are also configured to emit Debug level log events. See Manage log verbosity

  10. Click Done.

    When debugging header-based applications, consider testing attributes with static known good values. For example, change dynamic IDP-based fields to static with known good values.

    When debugging policy-based applications, test with no policy or open policy first.

Monitor using the Access Gateway Management console

  1. Use SSH to connect to the Access Gateway Management console. For example. ssh oag-mgmt@gw-admin.<domain.tld>
  2. Login using the default or a previously set password.
  3. Go to the log monitoring page:
    1. Enter 4 - Monitoring.
    2. Enter 2 - Enable Debug.
    3. Enter 1 - Monitor logs.

    The console starts a running display of all log messages. Return to the Access Gateway Admin UI console console and exercise the application being examined.
    See command line Access Gateway Management console/monitoring for a complete list of all monitoring and related commands.

  4. Enter [ctrl][c] to exit the log display.
  5. Enter 2 - Disable debug.

The debug logging level rapidly generates log message. Be sure to always disable debug logging when you have finished examining logging.
Failure to disable debug logging could result in rapid log file growth and out of disk errors.

Test - Policy

  1. Select the Applications tab.
  2. On the row containing the application, click Goto applicationSP Initiated.
  3. If required, sign in. The displayed results depend on the selected application type.
  4. For policy-based testing, update the URL to add an appropriate path and resend the request. The following example adds the /public path:
  5. This displays the result of applying the current user and policy.

Test - Header

  1. Select the Applications tab.
  2. On the row containing the header application, click Goto applicationSP Initiated.
  3. If required, sign in.
  4. Examine Access Gateway Management console window for errors, or log events.
  5. Examine the result of the test.

When the Debug mode is activated on production applications, it can impact the performance. When complete, always reset the Protected Web Resource field and deactivate the Debug mode toggle.

Disable debug

If displaying debug statements at the command line:

  1. Return to the Access Gateway Management console.
  2. Enter [ctrl][c] to exit the log display.
  3. Enter 3 - Disable debug.
  4. Exit the command line console

If application debug is enabled:

  1. Return to the Access Gateway Admin UI console
  2. Navigate to the application being tested
  3. Expand the Setting sub tab.
  4. Expand the Essentials sub tab.
  5. Return the Protected Web Resource field back to its original value.
  6. Expand the Advanced sub tab.
  7. Set the Debug toggle to Disable.
  8. Save your changes.