Forum Discussion
Olivier_Beytrison
Cirrus
CirrusAPM/OAuth2 : auto apply changes made by discovery
Hi, I've setup OAuth2 to Azure EntraID following this documentation. It works well but I'm only facing a serious issue. In the OAuth provider configuration, I've enabled the discovery job to run on...
Hi Lucas,
Small update on the case. Engineering has been able to solve Issue with an engineering hotfix for 17.1.1.4
ID1293805-1: Access policies not in Partition Common are not applied in auto discovery process
Since then the issue has been fixed !
Thanks again for your help at the beginning of this case!
Regards,
Olivier
Lucas_Thompson
Employee
EmployeeInteresting... So we know restjavad is at least scheduled and not throwing errors.
By default the logging for that process is sparse and won't log much about success operations. It does log information about Apply at "FINE" logging level. It can be adjusted by editing the file /etc/restjavad.log.conf. The logging configuration line should be added at the end so it’s not overridden by a later setting.
1- SSH to the BIG-IP.
2- Edit /etc/restjavad.log.conf
3- Add the line at the end, for FINE level verbosity:
com.f5.rest.tmos.bigip.access.openid.OIDCDiscoverTaskCollectionWorker.level=FINE
4- bigstart restart restjavad.
These logging levels are available:
- SEVERE (highest value)
- WARNING
- INFO (this is default)
- CONFIG
- FINE
- FINER
- FINEST (lowest value)
There are also some other evidence that Apply has been performed:
1- /var/log/apm will have information about updating the "snapshot" version, which is APMd's data-structure of the access policy and its config objects.
2- /var/log/audit will have traces of a command "generation-action increment" and should have some detailed info.
I'm not sure we can get this all resolved with forum posts, but it's good information to understand the issue and symptoms more fully.