Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: How to enable Verbose Debugging for SSO/SAML

EDR: How to enable Verbose Debugging for SSO/SAML

Environment

  • EDR Server: All Versions
  • SSO/SAML

Question

  • How can verbose debugging for SSO/SAML be enabled?

Answer

  • Verbose Debugging can be enabled with the following steps:
    1. Make a copy of the coreservices-logger.conf
      cp /etc/cb/coreservices-logger.conf /etc/cb/coreservices-logger.orig
    2. Open the /etc/cb/coreservices-logger.conf file
    3. Append cb.flask.blueprints.api_routes_saml to the list of keys under [loggers] section: 
      [loggers]
      keys=root, gunicorn.access, cb.flask.blueprints.api_routes_saml, saml2
    4. Copy/paste the following snippet anywhere below in the logger configuration file: 
      [logger_cb.flask.blueprints.api_routes_saml] 
      level=DEBUG 
      handlers=debug_syslog 
      qualname=cb.flask.blueprints.api_routes_saml 
      propagate=1
      
    5. Then copy and past the following below that: 
      [logger_saml2]
      level=DEBUG
      handlers=debug_syslog
      propagate=0
      qualname=saml2
    6. Save the file. cb-coreservices will automatically re-read the logger configuration after a few minutes (no need to restart). You can verify the change in /var/log/cb/coreservices/debug.log when you swap over to debug level: 
      tail -f /var/log/cb/coreservices/debug.log
      2017-02-28 09:04:36 [2420] <warning> cb.utils.cb_logging - Detected new logger config, '/etc/cb/coreservices-logger.conf'. reloading...
    7. Reproduce your authentication issue. Subsequent attempts to login via SSO/SAML (either IdP or SP initiated) will now be logged with increased verbosity.
    8. Restore the original file
      mv /etc/cb/coreservices-logger.conf /etc/cb/coreservices-logger.conf.sso ; mv /etc/cb/coreservices-logger.conf.orig /etc/cb/coreservices-logger.conf

Additional Notes

  • Restart is NOT required. cb-coreservices will automatically re-read the logger configuration after a few minutes
  • If copying and pasting, verify there are no hidden characters at the end of the added lines by running "cat -A /etc/cb/coreservices-logger.conf"

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎01-15-2019
Views:
1022
Contributors