Enable debugging for user authentication issues

Enable debugging for platform-auth-service Liberty to get trace logs for debugging user authentication issues.

The configuration parameter is LIBERTY_DEBUG_ENABLED. The default value is LIBERTY_DEBUG_ENABLED: false.

Set the LIBERTY_DEBUG_ENABLED parameter value to true or false.

Following are the steps to change the value:

Changing the parameter value by using kubectl

  1. Set up the kubectl CLI. For more information, see Installing the Kubernetes CLI (kubectl).

  2. Edit the platform-auth-idp configmap.

    kubectl -n kube-system edit configmap platform-auth-idp

  3. Set LIBERTY_DEBUG_ENABLED to true or false.

  4. Save and close the configmap.

  5. Restart the auth-idp pods

    kubectl -n kube-system delete pod -l k8s-app=auth-idp

  6. Wait for some time. Then, check the status of the auth-idp pods. The status must show as 4/4 Running for all the pods.

    kubectl -n kube-system get pods | grep auth-idp

Changing the parameter values by using the management console

  1. Log in to the console as a user with cluster administrator access.
  2. From the navigation menu, click Configuration > ConfigMaps.
  3. Search for platform-auth-idp.
  4. Click ... > Edit.
  5. Change the LIBERTY_DEBUG_ENABLED parameter value to true or false.
  6. Click Submit.
  7. From the navigation menu, click Workloads > DaemonSets.
  8. Locate auth-idp.
  9. Click ... > Edit. A Edit DaemonSet window opens.
  10. Click Submit without making any change. This step is to reload the auth-idp pods with the most recent configmap values.
  11. Click auth-idp.
  12. Wait for some time. Then, check the status of the auth-idp pods in the Pods pane. The status of all the pods must show as 4/4 under the Ready field name.

Getting the logs

Log in to your IBM® Cloud Private cluster by using the management console or the IBM Cloud Private CLI a few times to generate logs. For more information about installing the IBM Cloud Private CLI, see Installing the IBM® Cloud Private CLI.

Complete the following steps to get all auth-idp pod's platform-auth-service container Liberty logs:

  1. Set up the kubectl CLI. For more information, see Installing the Kubernetes CLI (kubectl).

  2. Create a script, for example, get_auth_service_logs.sh and add the following code.

      #!/bin/bash
  for pod in $(kubectl -n kube-system get pods -l component=auth-idp --no-headers -o custom-columns=name:.metadata.name); do
    echo "===== $pod ====="
    sudo mkdir $pod
    kubectl -n kube-system cp $pod:/logs -c platform-auth-service ./$pod/
    kubectl -n kube-system cp $pod:/opt/ibm/auth-service/logs -c platform-auth-service ./$pod/
  done
  tar czf auth_service_liberty_logs.tgz ./auth-idp*
  rm -rf ./auth-idp*

  3. Set the execution permissions and run the script to get logs. For example,

      chmod +x get_auth_service_logs.sh
  ./get_auth_service_logs.sh

    An archive file named, auth_service_liberty_logs.tgz is created.