7 MyID REST and authentication web services

MyID provides web services for the MyID Operator Client and mobile devices to communicate with and authenticate to the web server, as well as external authentication services that are used, for example, for AD FS authentication.

You can set up logging for the following web services:

• rest.core

• rest.provision

• web.oauth2

• web.oauth2.ext

• AdfsAuth

Important: The log.config file format changed at MyID 12.14. If you upgrade an existing MyID installation to MyID 12.14, you must run a script to upgrade your files to allow logging. See the Upgrading the log.config file format section in the Installation and Configuration Guide for details.

To set up logging:

1. In a text editor, open the appsettings.Production.json file for the web service.

   C:\Program Files\Intercede\MyID\<web service name>\appsettings.Production.json

   where <web service name> is the name of the web service.

   These files are the override configuration files for the appsettings.json files for the web services. If these files do not already exist, you must create them in the same folder as the appsettings.json files.

2. Ensure that there is an entry for logging Intercede components.

   For example:

   {
       "Logging":  {
           "LogLevel":  {
               "Intercede": "Debug"
           }
       }
   }

   This must be set to at least Debug to allow logging. This is then further filtered by the Log.config file.

   Note: If you already have appsettings.Production.json files, add the Logging:LogLevel:Intercede section to the existing file. The above example assumes that there are no other entries in the file.

3. Save the file.

4. In a text editor, open the Log.config file for the web service you want to log:

   C:\Program Files\Intercede\MyID\<web service name>\Log.config

   where <web service name> is the name of the web service.

5. Set the value of the file node to the output location; for example:

   <file value="C:\logs\rest.core.log" />

6. Edit the following line:

   <level value="OFF" />

   and replace the OFF value with one of the following:

   ALL

   DEBUG

   INFO

   WARN

   ERROR

   FATAL

   These error levels generate different levels of detail in the log, from most (ALL) to least (FATAL). To switch logging off altogether, set the value back to OFF. For diagnosing issues, you are recommended to set the level to ERROR; this level provides useful information without providing too much additional detail that can mask the information you need.

   Important: Log levels ALL and DEBUG log all COM calls including parameters sent to and from the MyID application server. This produces a high volume of log information and may contain personal data. Reduce the log level, or set it to OFF, as soon as possible once you have obtained the relevant logging details.

7. Save the file.

Note: You must ensure that the MyID web service user has the necessary permissions to create and write to the log file. You can create a file then give the user write permissions if you prefer not to give the user create permissions.

The log is set to a maximum of 60MB, split over six rolling files.

Important: The log files may contain personal data, including names and addresses. Make sure you delete these logs as soon as possible.

In addition to this logging, you can also set up logging for the Microsoft components used by these web services; see section 7.1, Logging Microsoft components for details.