We will discuss here how to trace the IDM application in case of errors/issues
Jobs or tasks run in the MMC framework will generate a trace assuming the job finishes. In the Job overview in the framework open the job log. The Log Inforrmation screen will be opened with a line entry for the job. Double click on this line entry which then opens a popup of the log specific details. The field Work Area details the location of the logfile.
Stored Procedure errors can be traced via the system log which is stored in the database rather than a log file. The logging options can be accessed in the Options tab in the Identity Center Configuration in the MMC.
Tracing a specific IDM entry (as of release 7.2) can be logged using the MX_TRACE_ENTRY global constant attribute. This will hold the MSKEY or MSKEYVALUE in brackets <> e.g. MX_TRACE_ENTRY = <UserA>. If you wanted to trace any changes to this value in the IDM system then set the value in the Global Constants folder of the MMC. The trace is written to the database table idmv_trace_data.
Tracing SPML in AS Java Repositories you will need to set the DEBUG (ALL) severity for the location com.sap.security.core.spml on SAP Web AS Java. Then reproduce the issue and then check the resulting trace.
To inspect SPML requests and responses, you need to turn on HTTP tracing. Note that HTTP traces may reveal confidential information such user ids, passwords, authentication headers and IP addresses. Only use HTTP Tracing during problem analysis. To turn on HTTP Tracing, proceed as follows (AS Java 6.40 and 7.x) Start the "SAP J2EE Engine Administrator" tool. Connect to the J2EE Engine. Select the "Cluster" tab and expand the tree "Dispatcher " -> "services" -> "HTTP Provider". Set the value of property "HttpTrace" to enable. Set the value of the property "HttpTraceTime" to true and save the changes. Note: NO server/dispatcher/cluster restart is required for this procedure.
Where the output (HTTP requests and responses) will be written, depends on the SP of the J2EE Engine. For SP12 and lower the HTTP traces are written by default
For SP13 and higher the HTTP traces are written by default into:
A detailed description on how to turn on HTTP Tracing for AS JAVA 6.40, 7.x and higher can also be found in SAP Note 1624162
JCO Traces for ABAP and Business Suite Repositories can be used if there is an error when passing data to or from a SAP Web AS ABAP server. To activate such a trace when reading data from an ABAP server navigate to the FromSAP task and add the attribute jco.client.trace=1 in the Source tab attributes. When writing data to the SAP Web AS Java navigate to the ToSAP task and enter the parameter jco.client.trace=1 in the Source tab. These settings will then generate a file called rfc<ID>.trc created in the folder …\SAP\IdM\Identity Center. See KBA 1642374 for more details
Tracing Importing or Exporting tasks from the framework see note 1436169 SAP NW Idm Identity Center: Throubleshooting import