After changing any Spring Security configuration in a PAS for OpenEdge instance, you should restart the instance and ensure that the changes are of the right data type, value, and definition. When the server completes its startup operations, check for errors in all of the log files, and determine if they are related to the Spring Security configuration changes. The Spring Security configuration errors are normally found in the instances's instance_name/logs/localhost.date log file. The error will always contain an extensive message indicating that Spring could not create a bean, and will be followed by a Java exception stack dump. The last part of the message will indicate which Spring bean failed to start and what the reason is.

Once the PAS for OpenEdge instance starts without errors, test user authentication and URL access by logging in to the web application .

If user authentication fails, investigate other Authentication Gateway connection failures or user authentication failures returned by the Authentication Gateway's STS. This level of information will typically be found in the instance's log files. If an access error (404/403) is returned to the PAS for OpenEdge client then look into the instance's log files for errors when checking the URL access controls against the STS issued Client-Principal Role attribute.

Advanced troubleshooting can be performed by enabling DEBUG logging in the web application's WEB-INF/logging.xml file. DEBUG settings that are specific to STS authentication are:

Other Spring Security authentication and URL authorization process errors can be discovered by enabling DEBUG logging: