Application troubleshooting process
Troubleshooting applications requires a general methodology or process. This guide describes a general troubleshooting process, involving applications, logs, DNS and related areas.
In general, application troubleshooting involves these areas:
- Application resources: Can the applications URL be reached externally, by customers and internally by Access Gateway?
- Application configuration: Does the application have the correct resources and attributes?
- Policy: Does the application have required policy to protect specific URI/URLs, does the policy behave as expected?
When working with Okta support, an exact log of the problem or issue can be helpful. To generate a HAR archive of a set of operations see Generate HTTP Archive files.
The following tasks describe examining and validating each of these areas.
Task |
Description |
---|---|
Core application requirements |
Verify application requirements, specifically:
Related references: Manage groups: verify that the application is assigned appropriate groups Manage application essentials: verify public domain and protected web resource. |
Application headers |
Examine application header fields. Verify:
Related references: Manage application attributes: verify header attributes. Troubleshoot applications: test header applications to verify header content. |
Verify DNS mappings |
Verify that the Public Domain and Protected Web Resource fields resolve to expected DNS entries. Related references: Manage DNS settings: validate primary, secondary and tertiary DNS servers. Ping: validate a specific DNS address is reachable. Proxy settings: validate proxy settings are correct, where required. |
Intermediates |
Verify that any intermediate servers (between Access Gateway and protected web resource) are property configured. Common intermediates are load balancers, Oracle HTTP server, and similar servers. Related references: See documentation for intermediate server. |
Application debug mode |
Enable application debug mode and verify logs Related references: Managing applications: enable debug mode. |
HTTP return values |
Troubleshoot HTTP return codes. Related references: Troubleshoot miscellaneous issues: Examine and verify expected HTTP return code. |
Access Gateway and application logs |
Know location of and verify Access Gateway and application logs. Related references: Monitor Access Gateway logs: Monitor logs as applications are being executed using the command line console. Download Access Gateway logs: After a test run download all Access Gateway log files for offline review. Configure and monitor log forwarders: Configure a log forwarded to forward log events to systems such as Splunk or Graylog. Monitor protected application logs: Review protected application logs as appropriate. See protected application documentation to determine where application logs are stored. |
URI policy |
Examine and verify application policy - Do specific URIs have policies? Related references: Manage application policies: examine defined application policy. Troubleshoot application policy: enable and troubleshoot application policy. |