Configuring SimpleSAMLphp Logging
Unfortunately, the SimpleSAMLphp documentation is a bit lacking in this area, so I thought it would be useful to document how to configure the various logging options with SimpleSAMLphp. Since SSP is actively maintained, it’s worth noting that this document was prepared with SimpleSAMLphp 1.17.7 which is likely to NOT be the latest version available, even though it is at the time this document was created.
Note: All files will be referenced with respect to
$SSP_DIR which in a typical install is
Logging to Files
By default, SimpleSAMLphp comes with the
syslog facility enabled in
$SSP_DIR/config/config.php at the
'logging.level' => SimpleSAML\Logger::NOTICE,
'logging.handler' => 'syslog',
However, this is not so convenient for practical debugging, where you most likely want to log to files, in this case you should specify:
'logging.handler' => 'file',
in which case SSP will write logs to the file
simplesamlphp.log in the directory specified earlier within the same configuration file:
'loggingdir' => 'log/',
which defaults to
Note: you will want to ensure that any directory that you specify for the
loggingdirhas the proper file system permissions. The service account under which your webserver runs will need read, write, and execute permissions for this directory. Since that account typically already owns the
loggingdirthis is usually just a simple matter of:
chmod u+rwxif you notice that no logging data is being written to the specified directly.
SimpleSAMLphp won’t automatically perform rotation of the
simplesamlphp.log file… so you must do it manually with a tool such as logrotate. For a quick example, after installing
logrotate if you add the following to
/var/simplesamlphp/log/simplesamlphp.log will rotate daily for 30 days.
Looking for support for SimpleSAMLphp? Look no further! Contact us for all of you SSO support needs!