How to Debug Kerberos in Web Applications

When setting up Kerberos for the Information Self-Service Tool or the Scheduler Web Administration Tool, we recommend selecting the check box Activate Kerberos debug mode in case you run into any issues.

When this option is enabled, the Java Runtime Environment logs messages related to Kerberos in the standard output but not in the log files. To see these messages, you have two options, depending on whether the Virtual DataPort server and the Web administration tools are on the same installation or not.

Virtual DataPort Server and the Web Administration Tools are on the same installation

  1. Stop the Virtual DataPort server and the web administration tools.

  2. Edit the file <DENODO_HOME>/conf/vdp/log4j2.xml to set the logger:

    <Logger name="com.denodo.tomcat" level="TRACE" />
    
  3. Start the Virtual DataPort server.

  4. Wait until the tomcat log stops writing in <DENODO_HOME>/logs/vdp/vdp.log.

  5. Start the web administration tools.

  6. Try to log in the web administration tools using Kerberos.

  7. See the Kerberos debug messages in the file <DENODO_HOME>/logs/vdp/vdp.log.

    Note

    Relevant log lines start by OUTPUT>.

Virtual DataPort Server and the Web Administration Tools are not on the same installation

  1. Stop the web administration tools.

  2. Start the internal Tomcat by means of a command line interface:

    <DENODO_HOME>/resources/apache-tomcat/bin/catalina.{bat|sh} start
    
  3. Start the web administration tools by means of the Control Center.

  4. Try to log in the web administration tools using Kerberos.

  5. See the Kerberos debug messages in the command line.

Note

When the Virtual DataPort Server and the Web Administration Tools are on the same installation, you could also use this option, but the first one is simpler.