Debug xmlsec

OpenSSO uses xmlsec API to verify digital signature. In case the API returns a false, but you have no idea about the cause when just looking at the XML doc, you may want see debug messages printed out from the xmlsec APIs.

Since xmlsec uses standard java.util.logging packages to log debug messages. So you can pass a jvm option -Djava.util.logging.config.file=log.properties in web container config file with content in log.properties looks like following

handlers = java.util.logging.FileHandler
.level = INFO
java.util.logging.FileHandler.pattern = %h/java%u.log
java.util.logging.FileHandler.limit = 50000
java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
java.util.logging.ConsoleHandler.level = INFO
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
com.sun.org.apache.xml.internal.level = FINEST

All of the above except the last line are original from "lib/logging.properties" in the JRE directory. You can modify java.util.logging.FileHandler.pattern to be set to a desired location, otherwise, the log will be written to a file java0.log in the user's home directory. Also you need to make sure log.properties stored under a directory in the classpath.

Note, OpenSSO uses xmlsec.jar/webservices-rt.jar of Sun's own implementation. When you work on other project using xmlsec packages download on apache site, you need set
org.jcp.xml.dsig.internal.level = FINEST

Comments:

Post a Comment:
Comments are closed for this entry.
About

gc

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today