In the previous versions of Access Manager servers, to enable the server to debug message mode from the default error mode, one needs to set the in the
That is not it, the webcontainer on which the Access Manager is
deployed needs to be restarted. This is almost impossible in a
production scenario, customers do not want to stop the server or
sometimes the anamoly that is being experienced by the customer may not
show up if the server is restarted. So there has to be a mechanism to
dynamically enable/disable the server’s debug level.

In the Latest version of the Java ES Access Manager release
7.1(Java ES 5)(some of the Access Manager 7.0 patches also provide this
option in a limited manner), it provides a JSP Debug.jsp utility to configure the component level debug level(error,warning and message) message
is the most verbose mode. This JSP is deployed right under the services
deploy URI. For eg:

To invoke this JSP you need to have toplevel admin privileges. Authenticate as amadmin user then access this page,
it will show you the list of Access Manager components and the usage on
how to set the individual components in to debug mode.

The format of the invocation URL is(it is different in OpenSSO) <protocol>://amhost.fqdn:port/service_deploy_uri/Debug.jsp?category=CATEGORY&level=LEVEL

CATEGORY could be any one of the following

LEVEL should be one of the following

  • 1 (error)
  • 2 (warning)
  • 3 (message) 


\* amSession
\* amSSOProvider
\* amSDK
\* amSessionEncodeURL
\* amCookieUtils


\* amPolicy


\* amProfileListener
\* amSMSEvent
\* amEventService


\* amConsole
\* amProfile
\* amSDK
\* AMLFilterLog


\* amSAML


\* amJSS
\* amJSSE


\* amFederation
\* amIntroduction


\* amComm


\* amAuth
\* amAuthApplication
\* amAuthConfig
\* amAuthContext
\* amAuthContextLocal
\* amAuthInternal
\* amAuthLDAP
\* amLoginLogoutMapping
\* amLoginModule
\* amLoginServlet
\* amLoginViewBean
\* amAuthsvc
\* amClientSchema
\* amAuthInternalSMModule


\* amSDK


\* amSMS
\* amSMSLdap
\* amSMSEvent
\* amAuthInternalSMModule


\* amIdm
\* amProfile
\* amProfile_ldap
\* amProfileListener
\* amSpecialRepo
\* amSDK
\* amFileLookup
\* amResourceLookup


\* amProfile
\* amProfile_ldap
\* amProfileListener
\* amSDK
\* amDelegation


\* amAuthSvc
\* amLibertyLogUtil
\* amLibertyDST
\* amInteraction
\* amMeta
\* amPAOS
\* amLibertySecurity
\* amWSSecurity
\* amSOAPBinding
\* amBinarySecurityToken
\* amDisco
\* amLibertyIDPP


For example if you want to set the session components in to warning mode then you need to supply the following url parameters


         Whatever mode you set using this JSP Debug.jsp is valid only for the current JVM, once the JVM is restarted then the value in the
property will take in to effect, note that this property is global for
all the components in the Access Manager server. Unlike the Debug.jsp, this property is not supporting
the component level debug enable/disable.


How to do in the OpenSSO

In the opensso case, configuring the debug level  is sophisticated and simple. All you need to do is to login as top level administrator of OpenSSO system, When you access the Debug.jsp it will showup  a screen with pulldown menu to select the debug level and the opensso component to be set to that debug level, hit submit that  is it! It is that simple.


opensso debug config