While developing multi-language SSPR, i.e. different sets of users configured to invoke a different AuthN WF with a different QA Gate configuration based on a “primary language” or “preferred language”, I managed to revoke the ability for my non-administrative lab users to register for SSPR. Troubleshooting was actually quite easy once I’d found a couple of web.config settings from various bits of information (mainly posted by Anthony Ho). The purpose of this post is to attempt to define that simple technique.
The R2 password portals are ASP.NET web applications, which means they’re driven by a web.config file. They log information to the Forefront Identity Manager event log. You can trivially turn verbose logging on and off as well as verbose errors (displayed by the portal) via the web.config.
What’s cool about editing the web.config is that the changes are immediate, i.e. no need for a recycle of the application pool or web application.
Configuration file locations
Password Registration Portal configuration file location
By default the location of the password registration portal web.config is:
C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Registration Portal\web.config
Password Reset Portal configuration file location
By default the location of the password reset portal web.config is:
C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Portal\web.config
Configuring verbose/detailed tracing
To configure verbose or detailed tracing to the FIM event log change the switchValue property of the source element with the name of either Microsoft.CredentialManagement.RegistrationPortal or Microsoft.CredentialManagement.ResetPortal from Error to Verbose. You’ll find the SOURCE element under system.diagnostics\sources.
For the registration portal:
<source name=”Microsoft.CredentialManagement.RegistrationPortal” switchValue=”Error”>
<source name=”Microsoft.CredentialManagement.RegistrationPortal” switchValue=”Verbose”>
For the reset portal:
<source name=”Microsoft.CredentialManagement.ResetPortal” switchValue=”Error”>
<source name=”Microsoft.CredentialManagement.ResetPortal” switchValue=”Verbose”>
Configuring troubleshooting information on the error page
To have the error displayed by the Portal give you a stack trace instead of the generic custom error change:
<add key=”ShowTroubleshootingInfoOnErrorPage” value=”false” />
<add key=”ShowTroubleshootingInfoOnErrorPage” value=”true” />
You’ll find that element under configuration\portalSettings\settings.