The session-based logging feature allows the administrator to enable file logging for an individual user. In production environments, this has the following value:
Debug logging can be turned on for an individual user rather than all users. The potential size of logged data usually prohibits an administrator from turning on debug logging for all users.
All logged messages for this user are directed to a single file. Administrators do not need to sort through the various log files to follow the activity of the user.
Isolating the problem and finding the cause is limited to the user who is experiencing the problem.
Enabling session-based logging does not require a configuration change to Identity Server, and thus does not require updating Identity Server.
The following user scenario explains how this feature could be used in a production environment
A user notices a problem and calls the help desk.
The help desk operator questions the users and concludes that the problem is caused by either a Access Manager Identity Server or an Embedded Service Provider.
The operator has been granted the rights to create logging tickets, and uses the User Portal to create a logging ticket for the user.
The operator sends the logging ticket password and the URL to access the logging ticket class to the user.
The user clicks the URL and enters the logging ticket password.
This marks the current session as “active for logging” and adds a small icon to the top right of the page, which makes the session logging feature visible to the user.
Using the same browser window, the user duplicates the problem behavior.
The operator can then access the data that was logged just for this user and analyze the cause of the behavior.
To enable session-based logging, the following tasks need to be completed: