Troubleshooting

If you have unexpected errors, you might need to enable some additional logging to get more insights into the internals of PolicyServer. Having detailed logs is also ideal when contacting support.

Some settings are done in logging.json and some in policyserver.json

Setting the log level

The default log level in logging.json should be set to Verbose, e.g.:

{
    "Serilog": {
        "MinimumLevel": {
        "Default": "Verbose",
        "Override": {
            "Microsoft": "Warning",
            "System": "Warning",
            "IdentityServer4": "Warning"
        }
    }
}

If that still doesn’t show any errors, you can try removing the Override section altogether. This will result in a lot of logging output though.

Adding a file logger

It is useful to capture the logging output in a file - especially if you want to send that file to support, so we can have a look as well. The following snippet enables both console and file logging:

{
    "Serilog": {
        "MinimumLevel": {
            "Default": "Verbose",
            "Override": {
                "Microsoft": "Warning",
                "System": "Warning",
                "IdentityServer4": "Warning"
            }
        },
        "WriteTo": [
            {
                "Name": "Console",
                "Args": {
                "outputTemplate": "[{Timestamp:HH:mm:ss} {Level}] {SourceContext}{NewLine}{Message:lj}{NewLine}{Exception}{NewLine}"
                }
            },
            {
                "Name": "File",
                "Args": {
                "path": "policyserver_log.txt",
                "fileSizeLimitBytes": "100000",
                "rollOnFileSizeLimit": true,
                "shared": true,
                "flushToDiskInterval": "00:00:01"
                }
            }
        ]
    }
}

Enabling additional logging output

The following settings are useful for troubleshooting:

  • enabling startup diagnostics. This will dump the contents of the configuration system into the log file. This will include environment variables, which might contain sensitive data.

  • enabling request logging. This will log all incoming HTTP requests and is very useful to troubleshoot load balancing, reverse proxy and TLS termination issues

  • logging request headers. This is an extension to request logging and to give you even more details about the incoming HTTP requests.

  • enable detailed logging of access token validation. This helps troubleshooting token validation related issues. Might result in sensitive data being logged.

These settings live in policyserver.json:

"PolicyServer": {

    "diagnostics": {
        "enableStartupDiagnostics": true,
        "showMsJwtPiiDetails": true,
        "enableRequestLogging": true,
        "logRequestHeader": true
    }
}