Error logs / Troubleshooting

The logs for the program can be found in /var/log/srv-idp.log

A correct and healthy setup of the service should result in log file output which details the authentication process, such as:

{"datetime":"2017-08-09T14:14:40Z","hostname":"","level":"debug","msg":"Handler: SSO","program":"srv-idp","release":"380","timestamp":1502288080008127306,"version":"1.3.3"}
{"datetime":"2017-08-09T14:14:40Z","hostname":"","level":"debug","msg":"Parsing request","program":"srv-idp","release":"380","timestamp":1502288080008452529,"version":"1.3.3"}
{"datetime":"2017-08-09T14:14:40Z","hostname":"","level":"debug","msg":"Processing SSO Request","program":"srv-idp","release":"380","timestamp":1502288080009417431,"version":"1.3.3"}
{"datetime":"2017-08-09T14:14:40Z","hostname":"","level":"debug","msg":"Check session validity","program":"srv-idp","release":"380","timestamp":1502288080012028640,"version":"1.3.3"}

Examples of incorrect configuration leading to errors are:

Incorrect server clock

It is important that your server clock is set correctly and is in sync with the authentication server. Failure to do this can lead to a "user is rejected by the platform" message:

{"datetime":"2017-08-01T11:50:23Z","hostname":"","level":"info","msg":"The user is rejected by the platform","program":"srv-radius","release":"77","timestamp":1501588223058776400,"version":"1.1.0"}

Incorrect JSON format in config

One common error message which can result from incorrectly formatted json is Service is dead and /var/lock/srv-idp lock file exists. Correcting the format of the json and running sudo service srv-idp restart will fix this.

Incorrect REDIS setup

The following is a result of incorrect port config for the REDIS server:

{"datetime":"2017-08-09T14:32:42Z","ext_error":"dial tcp: lookup redis on no such host","hostname":"","level":"fatal","msg":"UNABLE TO RUN THE COMMAND","program":"srv-idp","release":"380","timestamp":1502289162800865849,"version":"1.3.3"}

Incorrect Firewall / network settings

It is important that your network settings allow connection to the endpoint, as this is where the program attempts to get the platform configuration. It also needs outgoing access to https://api.mpin.authorize/, and

If access to these urls is not configured, the following error may be result:

Error while processing the request: Unable to generate a new ZFA client: Get dial tcp: i/o timeout

It is also important to make sure access is permitted to REDIS (default port 6379), which is used for user session storage.