Available trace components

Available trace components

The following table contains all trace components that are common to all ISAM servers:

Component Use to trace

pd.bst.general Kerberos authentication process.

pd.acl.general Authorization API.

pd.acl.client Plug-in services for the authorization server.

pd.acl.authzn Authorization decision.

pd.acl.adminsvc Interface into the administration service plug-in.

pd.acl.remsvc Authorization decision during remote mode operation.

pd.acl.aznapi Usage of the ISAM authorization API.

pd.acl.aznsvc Plug-in services provided by the authorization server.

pd.idb.database Access to the ISAM policy database.

pd.ivc.ira The IRA is the ISAM interface into the LDAP server. This trace component is used to trace the ISAM communication with the LDAP server.

pd.mgr.general ISAM administration commands in the Policy Server.

pd.mgr.svrmgmt Management of the authorization servers within the policy server.

pd.ias.general User to trace the ISAM supplied authentication mechanisms, otherwise known as CDASs.

pd.ras.exception.trace Exceptions that might be caught by the server.

pdadmin trace components:

Component Use the trace

pdweb.bca.general Client side of the ISAM authorization API.

pdweb.bca.user Client side of user pdadmin command.

pdweb.bca.group Client side of group pdadmin command.

pdweb.bca.acl Client side of acl pdadmin command.

pdweb.bca.protobj Client side of object pdadmin command.

pdweb.bca.protobjspace Client side of objectspace pdadmin command.

pdweb.bca.appsvrcfg Client side of user config command.

pdweb.bca.ssoresource Client side of user rsrc command.

pdweb.bca.ssoresourcegroup Client side of rsrcgroup pdadmin command.

pdweb.bca.ssocred Client side of rscrcred pdadmin command.

pdweb.bca.action Client side of action pdadmin command.

pdweb.bca.server Client side of server pdadmin command.

pdweb.bca.pop Client side of pop pdadmin command.

pdweb.bca.domain Client side of domain pdadmin command.

pdweb.bca.authzrule Client side of authzrule pdadmin command

WebSEAL trace components:

Component Used to trace

pdweb.wan.ssl SSL connection between WebSEAL and junctioned web servers.

pdweb.wns.session WebSEAL sessions, as they are stored within the session cache and retrieved or removed from the session cache.

pdweb.wns.authn Authentication processing. Includes header information WebSEAL uses for header-based authentication. This header might contain sensitive information. For example, a BA header.

pdweb.adm.config Configuration for e-community SSO.

pdweb.wan.bool WebSEAL processing ISAM authorization rules. Additional trace for ISAM authorization rules can be enabled with the pd.acl.authzn trace component.

pdweb.wns.compress WebSEAL compression of HTTP messages.

pdweb.cas.general Interface between WebSEAL and a custom-written CDAS shared library.

pdweb.wco.azn Entitlements service, which manages the maximum concurrent web session policy. The policy is used with SMS to limit the number of times a particular user can create a session concurrently.

pdweb.debug HTTP headers sent between WebSEAL and the client. The pdweb.debug trace could contain sensitive information.

pdweb.snoop.client HTTP packets transmitted between WebSEAL and the client. This component traces each request and response in its entirety as it is read off the socket. This trace might contain sensitive information.

pdweb.snoop.jct HTTP packets that are transmitted between WebSEAL and the junctioned back-end web server. This component traces each request and response in its entirety as it is read off the socket. This trace might contain sensitive information.

pdweb.url Creation and parsing of the URL.

pdweb.wan.azn WebSEAL authorization decision.

pdweb.wan.ltpa Management of LTPA cookies.

pdweb.oauth OAuth EAS authorization decisions. This component traces the data that passes into the EAS, which is governed by the [azn-decision-info] stanza. This trace might contain sensitive information.

pdweb.http.transformation HTTP transformation processing. This component traces the header information in the request, which might contain sensitive information. For example, a Basic Authentication header.

pdweb.http2 HTTP/2 client connections.

pdweb.http2jct HTTP/2 junction server and proxy connections.

Parent topic: Trace event logs

Component	Use to trace
pd.bst.general	Kerberos authentication process.
pd.acl.general	Authorization API.
pd.acl.client	Plug-in services for the authorization server.
pd.acl.authzn	Authorization decision.
pd.acl.adminsvc	Interface into the administration service plug-in.
pd.acl.remsvc	Authorization decision during remote mode operation.
pd.acl.aznapi	Usage of the ISAM authorization API.
pd.acl.aznsvc	Plug-in services provided by the authorization server.
pd.idb.database	Access to the ISAM policy database.
pd.ivc.ira	The IRA is the ISAM interface into the LDAP server. This trace component is used to trace the ISAM communication with the LDAP server.
pd.mgr.general	ISAM administration commands in the Policy Server.
pd.mgr.svrmgmt	Management of the authorization servers within the policy server.
pd.ias.general	User to trace the ISAM supplied authentication mechanisms, otherwise known as CDASs.
pd.ras.exception.trace	Exceptions that might be caught by the server.

Component	Use the trace
pdweb.bca.general	Client side of the ISAM authorization API.
pdweb.bca.user	Client side of user pdadmin command.
pdweb.bca.group	Client side of group pdadmin command.
pdweb.bca.acl	Client side of acl pdadmin command.
pdweb.bca.protobj	Client side of object pdadmin command.
pdweb.bca.protobjspace	Client side of objectspace pdadmin command.
pdweb.bca.appsvrcfg	Client side of user config command.
pdweb.bca.ssoresource	Client side of user rsrc command.
pdweb.bca.ssoresourcegroup	Client side of rsrcgroup pdadmin command.
pdweb.bca.ssocred	Client side of rscrcred pdadmin command.
pdweb.bca.action	Client side of action pdadmin command.
pdweb.bca.server	Client side of server pdadmin command.
pdweb.bca.pop	Client side of pop pdadmin command.
pdweb.bca.domain	Client side of domain pdadmin command.
pdweb.bca.authzrule	Client side of authzrule pdadmin command

Component	Used to trace
pdweb.wan.ssl	SSL connection between WebSEAL and junctioned web servers.
pdweb.wns.session	WebSEAL sessions, as they are stored within the session cache and retrieved or removed from the session cache.
pdweb.wns.authn	Authentication processing. Includes header information WebSEAL uses for header-based authentication. This header might contain sensitive information. For example, a BA header.
pdweb.adm.config	Configuration for e-community SSO.
pdweb.wan.bool	WebSEAL processing ISAM authorization rules. Additional trace for ISAM authorization rules can be enabled with the pd.acl.authzn trace component.
pdweb.wns.compress	WebSEAL compression of HTTP messages.
pdweb.cas.general	Interface between WebSEAL and a custom-written CDAS shared library.
pdweb.wco.azn	Entitlements service, which manages the maximum concurrent web session policy. The policy is used with SMS to limit the number of times a particular user can create a session concurrently.
pdweb.debug	HTTP headers sent between WebSEAL and the client. The pdweb.debug trace could contain sensitive information.
pdweb.snoop.client	HTTP packets transmitted between WebSEAL and the client. This component traces each request and response in its entirety as it is read off the socket. This trace might contain sensitive information.
pdweb.snoop.jct	HTTP packets that are transmitted between WebSEAL and the junctioned back-end web server. This component traces each request and response in its entirety as it is read off the socket. This trace might contain sensitive information.
pdweb.url	Creation and parsing of the URL.
pdweb.wan.azn	WebSEAL authorization decision.
pdweb.wan.ltpa	Management of LTPA cookies.
pdweb.oauth	OAuth EAS authorization decisions. This component traces the data that passes into the EAS, which is governed by the [azn-decision-info] stanza. This trace might contain sensitive information.
pdweb.http.transformation	HTTP transformation processing. This component traces the header information in the request, which might contain sensitive information. For example, a Basic Authentication header.
pdweb.http2	HTTP/2 client connections.
pdweb.http2jct	HTTP/2 junction server and proxy connections.