Technical Tip: Basic troubleshooting for secret launching in FortiPAM
Description
This article describes how to perform basic troubleshooting of secret launching in FortiPAM.
Scope
FortiPAM, FortiSRA.
Solution
In FortiPAM a Secret contains all the parameters required to connect to a target system. Parameters such as the IP address, protocol used, credentials used to connect to the system, and other advanced PAM features/settings. Some of these settings are inherited from the folder via a Secret Policy but inheritance can be disabled to configure these directly on a Secret.
The following example shows how secrets can be launched to access FortiAuthenticator using a Web launcher or Web SSH.
- Creating Target.
Select Secrets -> Targets -> Create.
Figure 1. Creating a Target
-
Creating Secret.
Select Secrets -> Create, Select Public or Personal Folder -> Create.
Figure 2. Creating Secret -
Troubleshooting.
When launching a secret fails for some reason, to troubleshoot it run debug commands in FortiPAM CLI.
Different categories can be selected, based on which service debug logs collected are needed.
Figure 3. Debug commandsThere are different level traces by default info, error, and warn displayed but level verbose is hidden.
diagnose wad debug enable category secret
diagnose wad debug enable category http
diagnose wad debug enable level verbose
diagnose debug enable
Figure 4. Debug output