Application troubleshooting process

Troubleshooting applications requires a general methodology or process. This guide describes a general troubleshooting process, involving applications, logs, DNS and related areas.

In general, application troubleshooting involves these areas:

  • Application resources: Can the applications URL be reached externally, by customers and internally by Access Gateway?
  • Application configuration: Does the application have the correct resources and attributes?
  • Policy: Does the application have required policy to protect specific URI/URLs, does the policy behave as expected?

When working with Okta support, an exact log of the problem or issue can be helpful. To generate a HAR archive of a set of operations see Generate HTTP Archive files.

The following tasks describe examining and validating each of these areas.

Task

Description

Core application requirements

Verify application requirements, specifically:

  • External and internal application resources: Are the Public Domain and Protected Web Resource fields correct?
  • Groups: Is the application assigned the correct groups.
  • Post login URL - Enabled?: Hostname in post login URL matches host name in public domain. Redirects to internal-only addresses will fail.

Related references:

Manage groups: verify that the application is assigned appropriate groups

Manage application essentials: verify public domain and protected web resource.

Application headers

Examine application header fields. Verify:

  • Application headers: what header fields does the application require?
  • Header fields: Are all expected header fields present? Do all header fields contain expected properties?

Related references:

Manage application attributes: verify header attributes.

Troubleshoot applications: test header applications to verify header content.

Verify DNS mappings

Verify that the Public Domain and Protected Web Resource fields resolve to expected DNS entries.

Related references:

Manage DNS settings: validate primary, secondary and tertiary DNS servers.

Ping: validate a specific DNS address is reachable.

Proxy settings: validate proxy settings are correct, where required.

Intermediates

Verify that any intermediate servers (between Access Gateway and protected web resource) are property configured. Common intermediates are load balancers, Oracle HTTP server, and similar servers.

Related references:

See documentation for intermediate server.

Application debug mode

Enable application debug mode and verify logs

Related references:

Managing applications: enable debug mode.

HTTP return values

Troubleshoot HTTP return codes.

Related references:

Troubleshoot miscellaneous issues: Examine and verify expected HTTP return code.

Access Gateway and application logs

Know location of and verify Access Gateway and application logs.

Related references:

Monitor Access Gateway logs: Monitor logs as applications are being executed using the command line console.

Download Access Gateway logs: After a test run download all Access Gateway log files for offline review.

Configure and monitor log forwarders: Configure a log forwarded to forward log events to systems such as Splunk or Graylog.

Monitor protected application logs: Review protected application logs as appropriate. See protected application documentation to determine where application logs are stored.

URI policy

Examine and verify application policy - Do specific URIs have policies?

Related references:

Manage application policies: examine defined application policy.

Troubleshoot application policy: enable and troubleshoot application policy.

Related topics

Application process flow

Troubleshooting tips and techniques

Generate HTTP Archive files