App troubleshooting process
Troubleshooting apps requires a general methodology or process. This guide describes a general troubleshooting process, involving apps, logs, DNS and related areas.
In general, app troubleshooting involves these areas:
- App resources: Can the app's URL be reached externally, by customers and internally by Access Gateway?
- App configuration: Does the app have the correct resources and attributes?
- Policy: Does the app have the required policy configured to protect specific URIs and URLs, and does the policy behave as expected?
When working with Okta Support, an exact log of the problem or issue can be helpful. To generate a HAR archive of a set of operations, see Generate HTTP Archive files.
The following tasks describe examining and validating each of these areas.
Task |
Description |
---|---|
Core application requirements |
Verify application requirements, specifically:
Related references: Manage groups: verify that the application is assigned appropriate groups Manage application essentials: verify public domain and protected web resource. |
Application headers |
Examine application header fields. Verify:
Related references: Manage application attributes: verify header attributes. Troubleshoot apps: test header applications to verify header content. |
Verify DNS mappings |
Verify that the Public Domain and Protected Web Resource fields resolve to expected DNS entries. Related references: Manage DNS settings: validate primary, secondary and tertiary DNS servers. Ping: validate a specific DNS address is reachable. Proxy settings: validate proxy settings are correct, where required. |
Intermediates |
Verify that any intermediate servers (between Access Gateway and protected web resource) are property configured. Common intermediates are load balancers, Oracle HTTP server, and similar servers. Related references: See documentation for intermediate server. |
Application debug mode |
Enable application debug mode and verify logs Related references: Managing applications: enable debug mode. |
HTTP return values |
Troubleshoot HTTP return codes. Related references: Troubleshoot miscellaneous issues: Examine and verify expected HTTP return code. |
Access Gateway and application logs |
Know location of and verify Access Gateway and application logs. Related references: Monitor Access Gateway logs: Monitor logs as applications are being executed using the command line console. Download Access Gateway logs: After a test run download all Access Gateway log files for offline review. Configure and monitor log forwarders: Configure a log forwarded to forward log events to systems such as Splunk or Graylog. Monitor protected application logs: Review protected application logs as appropriate. See protected application documentation to determine where application logs are stored. |
URI policy |
Examine and verify application policy - Do specific URIs have policies? Related references: Manage app policies: examine defined application policy. Troubleshoot application policy: enable and troubleshoot application policy. |