Available trace components
The following table contains all trace components that are common to all Verify Identity Access servers:
| Component | Description |
|---|---|
| pd.bst.general | Used to trace the Kerberos authentication process. |
| pd.acl.general | The general trace for the authorization API. |
| pd.acl.client | Used to trace the plug-in services for the authorization server. |
| pd.acl.authzn | Used to trace the authorization decision. |
| pd.acl.adminsvc | Used to trace the interface into the administration service plug-in. |
| pd.acl.remsvc | Used to trace the authorization decision during remote mode operation. |
| pd.acl.aznapi | Used to trace the usage of the Verify Identity Access authorization API. |
| pd.acl.aznsvc | Used to trace the plug-in services that are provided by the authorization server. |
| pd.idb.database | Used to trace access to the Verify Identity Access policy database. |
| pd.ivc.ira | The IRA is the Verify Identity Access interface into the LDAP server. This trace component is used to trace the Verify Identity Access communication with the LDAP server. |
| pd.mgr.general | Used to trace the Verify Identity Accessr administration commands in the Policy Server. |
| pd.mgr.svrmgmt | Used to trace the management of the authorization servers within the policy server. |
| pd.ias.general | User to trace the Verify Identity Access supplied authentication mechanisms, otherwise known as CDASs. |
| pd.ras.exception.trace | Used to trace any exceptions that might be caught by the server. |
The following table contains all available pdadmin trace components:
| Component | Description |
|---|---|
| pdweb.bca.general | Used to trace the client side of the Verify Identity Access authorization API. |
| pdweb.bca.user | Used to trace the client side of user pdadmin command. |
| pdweb.bca.group | Used to trace the client side of group pdadmin command. |
| pdweb.bca.acl | Used to trace the client side of acl pdadmin command. |
| pdweb.bca.protobj | Used to trace the client side of object pdadmin command. |
| pdweb.bca.protobjspace | Used to trace the client side of objectspace pdadmin command. |
| pdweb.bca.appsvrcfg | Used to trace the client side of user config command. |
| pdweb.bca.ssoresource | Used to trace the client side of user rsrc command. |
| pdweb.bca.ssoresourcegroup | Used to trace the client side of rsrcgroup pdadmin command. |
| pdweb.bca.ssocred | Used to trace the client side of rscrcred pdadmin command. |
| pdweb.bca.action | Used to trace the client side of action pdadmin command. |
| pdweb.bca.server | Used to trace the client side of server pdadmin command. |
| pdweb.bca.pop | Used to trace the client side of pop pdadmin command. |
| pdweb.bca.domain | Used to trace the client side of domain pdadmin command. |
| pdweb.bca.authzrule | Used to trace the client side of authzrule pdadmin command |
The following table contains all available Reverse Proxy trace components:
| Component | Description |
|---|---|
| pdweb.wan.ssl | Used to trace the SSL connection between Reverse Proxy and junctioned web servers. |
| pdweb.wns.session | Used to trace the Reverse Proxy sessions, as they are stored within the session cache and retrieved or removed from the session cache. |
| pdweb.wns.authn | Used to trace the authentication processing. Note: This trace component
includes the header information that Reverse Proxy uses for header-based authentication. This header
might contain sensitive information. For example, a BA header. |
| pdweb.adm.config | Used to trace the configuration for e-community SSO. |
| pdweb.wan.bool | Used to trace the Reverse Proxy processing of Verify Identity Access authorization rules. Additional trace for Verify Identity Access authorization rules can be enabled with the pd.acl.authzn trace component. |
| pdweb.wns.compress | Used to trace the Reverse Proxy compression of HTTP messages. |
| pdweb.cas.general | Used to trace the interface between Reverse Proxy and a custom-written CDAS shared library. |
| pdweb.wco.azn | Used to trace the entitlements service, which manages the maximum concurrent web session policy. The policy is used with SMS to limit the number of times a particular user can create a session concurrently. |
| pdweb.debug | Used to trace the HTTP headers sent between Reverse Proxy and the client.
Note: The pdweb.debug trace could contain sensitive information. |
| pdweb.snoop.client | Used to trace the HTTP packets that are transmitted between Reverse Proxy and
the client. Note: This component traces each request and response in its entirety as it is read off
the socket. This trace might contain sensitive information. |
| pdweb.snoop.jct | Used to trace the HTTP packets that are transmitted between Reverse Proxy and
the junctioned back-end web server. Note: This component traces each request and response in its
entirety as it is read off the socket. This trace might contain sensitive information.
|
| pdweb.url | Used to trace the creation and parsing of the URL. |
| pdweb.wan.azn | Used to trace the Reverse Proxy authorization decision. |
| pdweb.wan.ltpa | Used to trace the management of LTPA cookies. |
| pdweb.oauth | Used to trace OAuth EAS authorization decisions. Note: This component traces
the data that passes into the EAS, which is governed by the [azn-decision-info]
stanza. This trace might contain sensitive information. |
| pdweb.http.transformation | Used to trace HTTP transformation processing. Note: This component traces the
header information in the request, which might contain sensitive information. For example, a Basic
Authentication header. |
| pdweb.http2.client | Used to trace HTTP/2 client connections. |
| pdweb.http2.jct | Used to trace HTTP/2 junction server and proxy connections. |
| pdweb.redis | Used to trace communication with Redis servers for remote session storage. |