Parameter:
WEBAUTH_VERBOSE_TRACEShort description: Enables verbose tracing of web server authentication on the Domino console and in the log file. Logs authentication successes/failures, group cache lookups, and LDAP search filters.
Profile
Parameter | WEBAUTH_VERBOSE_TRACE |
Category | Logging / Debug |
Component | Server |
Available since | 9.0.1 (and earlier) |
Supported versions | 9.0.1, 10.0, 11.0, 12.0, 14.0, 14.5, 14.5.1 |
GUI equivalent | none ( notes.ini only) |
Possible values | 0 = disabled (default), 1 = enabled |
Description
With
WEBAUTH_VERBOSE_TRACE=1, HCL Domino enables detailed tracing of web server authentication. The server console or console log outputs information such as:- authentication success/failure per request
- cache hits and misses of the group cache used for database access checks
- LDAP search filters used to look up users and groups in a directory (Domino Directory, external LDAP source via Directory Assistance)
- DSAPI filter call chain and any associated identities
The parameter is typically used for troubleshooting issues with name-and-password authentication, SSO (LTPA / Web SSO Configuration document), SAML, Notes Federated Login, or Directory Assistance lookups. Together with
DEBUG_SAML, it is one of the central auth debug switches that HCL support KBs recommend for data collection.Example configuration
WEBAUTH_VERBOSE_TRACE=1
Runtime activation without server restart:
set config WEBAUTH_VERBOSE_TRACE=1
Disable again after analysis:
set config WEBAUTH_VERBOSE_TRACE=0
Notes & pitfalls
- Affects the HTTP task; a change generally takes effect without a restart, but
restart task httpensures all existing sessions go through fresh.
- Generates substantial log volume and noticeably affects web server performance — therefore never leave permanently enabled in production environments.
- Frequently used in combination with
DEBUG_SAML=31(for SAML setups) or withDEBUG_OUTFILE=…and increasedCONSOLE_LOG_MAX_KBYTESvalues.
- For Notes Federated Login (Notes client auth), per HCL KB0038983 the parameter must also be set in the client notes.ini.
- Does not log clear-text passwords — Domino consistently protects password content.
Sources (HCL Product Documentation)
- HCL Customer Support – KB0086631 "Debug settings for SAML authentication with Domino web server": support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0086631
- HCL Customer Support – KB0038983 "Debug settings for Notes Federated Login" (Applies to: Notes/Domino 9.0.x, 10.0.x, 11.0.x and higher): support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0038983
- HCL Notes and Domino Wiki – "WebAuth_Verbose_Trace" (ds-infolib): ds-infolib.hcltechsw.com/ldd/dominowiki.nsf/dx/WebAuth_Verbose_Trace