Troubleshooting

The logs for the program can be found in /var/log/miracl-sso.log

A correct and healthy setup of the service should result in log file output which details the authentication process, such as:

{"datetime":"2017-08-09T14:14:40Z","hostname":"","level":"debug","msg":"Handler: SSO","program":"miracl-sso","release":"380","timestamp":1502288080008127306,"version":"1.3.3"}
{"datetime":"2017-08-09T14:14:40Z","hostname":"","level":"debug","msg":"Parsing request","program":"miracl-sso","release":"380","timestamp":1502288080008452529,"version":"1.3.3"}
{"datetime":"2017-08-09T14:14:40Z","hostname":"","level":"debug","msg":"Processing SSO Request","program":"miracl-sso","release":"380","timestamp":1502288080009417431,"version":"1.3.3"}
{"datetime":"2017-08-09T14:14:40Z","hostname":"","level":"debug","msg":"Check session validity","program":"miracl-sso","release":"380","timestamp":1502288080012028640,"version":"1.3.3"}

Examples of incorrect configuration leading to errors are:

# Incorrect Server clock

It is important that your server clock is set correctly and is in sync with the authentication server. Failure to do this can lead to a “user is rejected by the platform” message:

{"datetime":"2017-08-01T11:50:23Z","hostname":"","level":"info","msg":"The user is rejected by the platform","program":"miracl-sso","release":"77","timestamp":1501588223058776400,"version":"1.1.0"}

# Incorrect REDIS Setup

The following is a result of incorrect port config for the REDIS server:

{"datetime":"2018-07-09T12:02:26Z","ext_error":"dial tcp: address 6379123: invalid port","hostname":"ip-172-31-4-45","level":"error","msg":"Unable to open REDIS connection","program":"miracl-sso","release":"6031","timestamp":1531137746299877977,"version":"2.0.0"}
{"datetime":"2018-07-09T12:02:26Z","ext_error":"Failed to connect to redis: dial tcp: address 6379123: invalid port","hostname":"ip-172-31-4-45","level":"error","msg":"Unable to start the server","program":"miracl-sso","release":"6031","timestamp":1531137746299973603,"version":"2.0.0"}

# Incorrect Firewall / Network Settings

It is important that your network settings allow connection to the https://api.mpin.io/.well-known/openid-configuration endpoint, as this is where the program attempts to get the platform configuration. It also needs outgoing access to https://api.mpin.io/authorize, https://api.mpin.io/oidc/certs and https://api.mpin.io/oidc/token.

If access to these urls is not configured, the following error may be result:

Error while processing the request: Unable to generate a new MFA client: Get https://api.mpin.io/.well-known/openid-configuration: dial tcp 52.12.34.567:443: i/o timeout

It is also important to make sure access is permitted to REDIS (default port 6379) if REDIS is used for user session storage.