f10f95b455
Our tools noticed that keystone links to https://docs.openstack.org/keystone/latest/admin/identity-domain-specific-config.html which does not exist anymore. The page was removed but the link to it was not changed. Replace this and similar links with internal links that will work even if files are moved - and can be verified, thus sphinx will error in case of broken targets. These changes include a few other fixes for broken keystone links, e.g. to renamed anchors. For the include files in admin/configuration.rst and admin/federation/configure_federation.rst: Rename them to *inc. The files were published twice (as separate files and on this page) and thus referencing failed. Renaming avoids this. Also, put doctree outside of html tree so that it does not get published. Change-Id: I3d07637b0046cc88a66bcb51a0a4fe7c146c1549
25 lines
881 B
ReStructuredText
25 lines
881 B
ReStructuredText
.. -*- rst -*-
|
|
|
|
Troubleshoot the Identity service
|
|
=================================
|
|
|
|
To troubleshoot the Identity service, review the logs in the
|
|
``/var/log/keystone/keystone.log`` file.
|
|
|
|
Use the ``/etc/keystone/logging.conf`` file to configure the
|
|
location of log files.
|
|
|
|
.. note::
|
|
|
|
The ``insecure_debug`` flag is unique to the Identity service.
|
|
If you enable ``insecure_debug``, error messages from the API change
|
|
to return security-sensitive information. For example, the error message
|
|
on failed authentication includes information on why your authentication
|
|
failed.
|
|
|
|
The logs show the components that have come in to the WSGI request, and
|
|
ideally show an error that explains why an authorization request failed.
|
|
If you do not see the request in the logs, run keystone with the
|
|
``--debug`` parameter. Pass the ``--debug`` parameter before the
|
|
command parameters.
|