Access Management 7.3.2

SNMP CTS object identifiers

The OIDs related to SNMP monitoring of CTS follow guidance described in RFC 1271.

The interface stability of the legacy SNMP monitoring feature is deprecated.

The OIDs listed in this section include the prefix assigned to ForgeRock, enterprises.36733. They also include the entries associated with AM (1), SNMP (2), and CTS monitoring (3): 1.2.3.

Therefore, the root OID for all CTS monitored components is enterprises.36733.1.2.3. All individual monitored CTS components are suffixes that are consistent with the image shown here.

A visual representation of OIDs related to the Core Token Service
Figure 1. Diagram of CTS OIDs

CTS token type OIDs

This table shows how OIDs are split into different token types. Do not forget the prefix. For example, the complete OID for monitoring SAML v2.0 tokens is enterprises.36733.1.2.3.1.1.2.

The options for the token table are also shown. For example, the token table OID for SAML v2.0 is based on the entries associated with ForgeRock, enterprises.36733, AM 1, SNMP 2, CTS Monitoring 3, token table 1, entry 1, and SAML v2.0 2, which is enterprises.36733.1.2.3.1.1.2.

CTS monitoring OID categories
OID by token type Description

enterprises.36733.1.2.3.1.1.1

Session

enterprises.36733.1.2.3.1.1.2

SAML v2.0

enterprises.36733.1.2.3.1.1.3

OAuth 2.0

enterprises.36733.1.2.3.1.1.4

REST

enterprises.36733.1.2.3.1.1.5

OAuth 2.0 CSRF Protection

enterprises.36733.1.2.3.1.1.6

UMA Resource

enterprises.36733.1.2.3.1.1.7

UMA Permission Ticket

enterprises.36733.1.2.3.1.1.8

UMA Requesting Party

enterprises.36733.1.2.3.1.1.9

UMA Audit Entry

enterprises.36733.1.2.3.1.1.10

Session Blacklist

enterprises.36733.1.2.3.1.1.11

UMA Pending Request

enterprises.36733.1.2.3.1.1.12

Security Token Service

enterprises.36733.1.2.3.1.1.13

OAuth 2.0 Blacklist

enterprises.36733.1.2.3.1.1.14

OAuth 2.0 Client-Based

enterprises.36733.1.2.3.1.1.15

Push Notification

enterprises.36733.1.2.3.1.1.16

Cluster-wide Notification

CTS monitoring operation types

OIDs related to CTS monitoring operations are based on basic CRUD operations (plus list).

This table shows the options for the operation table.

CTS monitoring operation types
OID by operation Description

enterprises.36733.1.2.3.2.1.1

Create

enterprises.36733.1.2.3.2.1.2

Read

enterprises.36733.1.2.3.2.1.3

Update

enterprises.36733.1.2.3.2.1.4

Delete

enterprises.36733.1.2.3.2.1.5

List

CTS monitoring entry data types

CTS monitoring entries use the following data types:

Counter64

A 64-bit, unsigned integer type.

Counter64 is a standard data type returned by SNMP OIDs. For more information, refer to Structure of Management Information Version 2.

Float2dp

A floating point number with the value d-2 in the DISPLAY-HINT clause. SNMP clients that handle the DISPLAY-HINT clause will correctly display the value as a floating point number with two decimal places. Other types of clients that do not handle the DISPLAY-HINT clause will incorrectly display the value as an integer that is one hundred times larger than the correct value.

Float2dp is a custom data type returned by some ForgeRock CTS OIDs.

CTS CRUD operation entries

The OIDs in this table relate to all CRUD (and list) operations.

The options for the CRUD operations table are shown in the following tables. Each value is associated with CRUD and list operations.

CTS CRUD operation entries
OID by operation entry Data type Description

enterprises.36733.1.2.3.3.1.1

Counter64

Cumulative count

enterprises.36733.1.2.3.3.1.2

Float2dp

Average (in period)

enterprises.36733.1.2.3.3.1.3

Counter64

Minimum (in period)

enterprises.36733.1.2.3.3.1.4

Counter64

Maximum (in period)

enterprises.36733.1.2.3.3.1.5

Counter64

Cumulative failure count

enterprises.36733.1.2.3.3.1.6

Float2dp

Average failures (in period)

enterprises.36733.1.2.3.3.1.7

Counter64

Minimum failures (in period)

enterprises.36733.1.2.3.3.1.8

Counter64

Maximum failures (in period)

Each of the options in this table can be divided into CRUD and list related operations. The suffix OID for such operations is as follows:

  • 1: Create

  • 2: Read

  • 3: Update

  • 4: Delete

  • 5: List

For example, since the OID for cumulative count is enterprises.36733.1.2.3.3.1.1, the OID for the cumulative count of delete operations is enterprises.36733.1.2.3.3.1.1.4

CTS CRUD operation table cumulative operations
Cumulative count operations OID Data type Description

enterprises.36733.1.2.3.3.1.1.1

Counter64

Cumulative count of CREATE operations

enterprises.36733.1.2.3.3.1.1.2

Counter64

Cumulative count of READ operations

enterprises.36733.1.2.3.3.1.1.3

Counter64

Cumulative count of UPDATE operations

enterprises.36733.1.2.3.3.1.1.4

Counter64

Cumulative count of DELETE operations

enterprises.36733.1.2.3.3.1.1.5

Counter64

Cumulative count of LIST operations

CTS CRUD operation table average operations (in period)
Average number operations OID Data type Description

enterprises.36733.1.2.3.3.1.2.1

Float2dp

Average number of CREATE operations (in period)

enterprises.36733.1.2.3.3.1.2.2

Float2dp

Average number of READ operations (in period)

enterprises.36733.1.2.3.3.1.2.3

Float2dp

Average number of UPDATE operations (in period)

enterprises.36733.1.2.3.3.1.2.4

Float2dp

Average number of DELETE operations (in period)

enterprises.36733.1.2.3.3.1.2.5

Float2dp

Average number of LIST operations (in period)

CTS CRUD operation table minimum operations (in period)
Minimum number operations OID Data type Description

enterprises.36733.1.2.3.3.1.3.1

Counter64

Minimum number of CREATE operations (in period)

enterprises.36733.1.2.3.3.1.3.2

Counter64

Minimum number of READ operations (in period)

enterprises.36733.1.2.3.3.1.3.3

Counter64

Minimum number of UPDATE operations (in period)

enterprises.36733.1.2.3.3.1.3.4

Counter64

Minimum number of DELETE operations (in period)

enterprises.36733.1.2.3.3.1.3.5

Counter64

Minimum number of LIST operations (in period)

CTS CRUD Operation Table Maximum Operations (In Period)
Maximum Number Operations OID Data Type Description

enterprises.36733.1.2.3.3.1.4.1

Counter64

Maximum number of CREATE operations (in period)

enterprises.36733.1.2.3.3.1.4.2

Counter64

Maximum number of READ operations (in period)

enterprises.36733.1.2.3.3.1.4.3

Counter64

Maximum number of UPDATE operations (in period)

enterprises.36733.1.2.3.3.1.4.4

Counter64

Maximum number of DELETE operations (in period)

enterprises.36733.1.2.3.3.1.4.5

Counter64

Maximum number of LIST operations (in period)

CTS CRUD operation table cumulative failure operations
Cumulative failure operations OID Data type Description

enterprises.36733.1.2.3.3.1.5.1

Counter64

Cumulative Failure of CREATE operations (in period)

enterprises.36733.1.2.3.3.1.5.2

Counter64

Cumulative Failure of READ operations (in period)

enterprises.36733.1.2.3.3.1.5.3

Counter64

Cumulative Failure of UPDATE operations (in period)

enterprises.36733.1.2.3.3.1.5.4

Counter64

Cumulative Failure of DELETE operations (in period)

enterprises.36733.1.2.3.3.1.5.5

Counter64

Cumulative Failure of LIST operations (in period)

CTS CRUD operation table average failure operations in period
Average number, failure operations OID Data type Description

enterprises.36733.1.2.3.3.1.6.1

Float2dp

Average number of CREATE operations failures (in period)

enterprises.36733.1.2.3.3.1.6.2

Float2dp

Average number of READ operations failures (in period)

enterprises.36733.1.2.3.3.1.6.3

Float2dp

Average number of UPDATE operations failures (in period)

enterprises.36733.1.2.3.3.1.6.4

Float2dp

Average number of DELETE operations failures (in period)

enterprises.36733.1.2.3.3.1.6.5

Float2dp

Average number of LIST operations failures (in period)

CTS CRUD Operation table minimum operations failures in period
Minimum number, operations failures OID Data type Description

enterprises.36733.1.2.3.3.1.7.1

Counter64

Minimum number of CREATE operations failures (in period)

enterprises.36733.1.2.3.3.1.7.2

Counter64

Minimum number of READ operations failures (in period)

enterprises.36733.1.2.3.3.1.7.3

Counter64

Minimum number of UPDATE operations failures (in period)

enterprises.36733.1.2.3.3.1.7.4

Counter64

Minimum number of DELETE operations failures (in period)

enterprises.36733.1.2.3.3.1.7.5

Counter64

Minimum number of LIST operations failures (in period)

CTS CRUD operation table maximum operations failures in period
Maximum number, operations failures OID Data type Description

enterprises.36733.1.2.3.3.1.8.1

Counter64

Maximum number of CREATE operations failures (in period)

enterprises.36733.1.2.3.3.1.8.2

Counter64

Maximum number of READ operations failures (in period)

enterprises.36733.1.2.3.3.1.8.3

Counter64

Maximum number of UPDATE operations failures (in period)

enterprises.36733.1.2.3.3.1.8.4

Counter64

Maximum number of DELETE operations failures (in period)

enterprises.36733.1.2.3.3.1.8.5

Counter64

Maximum number of LIST operations failures (in period)

CTS CRUD operations per token type

OIDs that start with enterprises.36733.1.2.3.4.1 are labels for CTS CRUD operations per token type.

Tokens of each type can be created, read, updated, deleted, and listed. Each of these types can be measured cumulatively. They can also be measured over a period of time (default=10 seconds), as an average, minimum, and maximum.

OID suffixes for CRUD operations are defined according to the following rules.

The first part of the OID is enterprises.36733.1.2.3.4.1.

The next OID suffix specifies a metric:

CTS CRUD operation metrics
OID suffix Data type Metric

1

Counter64

Cumulative count

2

Float2dp

Average (in period)

3

Counter64

Minimum (in period)

4

Counter64

Maximum (in period)

The next OID suffix specifies a token type:

CTS CRUD operation token types
OID suffix Token type

1

Session

2

SAML v2.0

3

OAuth 2

4

REST

5

OAuth 2.0 CSRF Protection

6

UMA Resource

7

UMA Permission Ticket

8

UMA Requesting Party

9

UMA Audit Entry

10

Session Blacklist

11

UMA Pending Request

12

Security Token Service

13

OAuth 2.0 Blacklist

14

OAuth 2.0 Client-Based

15

Push Notification

16

Cluster-wide Notification

The final OID suffix specifies an operation:

CTS CRUD operations
OID suffix Operation

1

Create

2

Read

3

Update

4

Delete

5

List

The following examples illustrate OID construction for CTS CRUD operations per token type.

OID examples for CTS CRUD operations per token type
OID Data type Description

enterprises.36733.1.2.3.4.1.1.1.3

Counter64

Cumulative count of updated Session tokens

enterprises.36733.1.2.3.4.1.4.3.4

Counter64

Maximum deleted OAuth 2.0 tokens (in period)

enterprises.36733.1.2.3.4.1.2.10.5

Float2dp

Average listed Session Blacklist tokens (in period)

CTS token operation status

The CTS token OIDs defined in this section specify the total number of tokens of each type and their average current lifetimes.

The options for token operations are shown in the following tables. Total and average current lifetimes are associated with each CTS token type.

CTS total tokens, by type
Total tokens, by type Data type Description

enterprises.36733.1.2.3.5.1.1.1

Counter64

Total number of Session tokens

enterprises.36733.1.2.3.5.1.1.2

Counter64

Total number of SAML v2.0 tokens

enterprises.36733.1.2.3.5.1.1.3

Counter64

Total number of OAuth 2.0 tokens

enterprises.36733.1.2.3.5.1.1.4

Counter64

Total number of REST tokens

enterprises.36733.1.2.3.5.1.1.5

Counter64

Total number of OAuth 2.0 CSRF Protection tokens

enterprises.36733.1.2.3.5.1.1.6

Counter64

Total number of UMA Resource tokens

enterprises.36733.1.2.3.5.1.1.7

Counter64

Total number of UMA Permission Ticket tokens

enterprises.36733.1.2.3.5.1.1.8

Counter64

Total number of UMA Requesting Party tokens

enterprises.36733.1.2.3.5.1.1.9

Counter64

Total number of UMA Audit Entry tokens

enterprises.36733.1.2.3.5.1.1.10

Counter64

Total number of Session Blacklist tokens

enterprises.36733.1.2.3.5.1.1.11

Counter64

Total number of UMA Pending Request tokens

enterprises.36733.1.2.3.5.1.1.12

Counter64

Total number of Security Token Service tokens

enterprises.36733.1.2.3.5.1.1.13

Counter64

Total number of OAuth 2.0 Blacklist tokens

enterprises.36733.1.2.3.5.1.1.14

Counter64

Total number of OAuth 2.0 client-side tokens

enterprises.36733.1.2.3.5.1.1.15

Counter64

Total number of Push Notification tokens

enterprises.36733.1.2.3.5.1.1.16

Counter64

Total number of Cluster-wide Notification tokens

CTS token average lifetime, by type
Average token lifetime, by type Data type Description

enterprises.36733.1.2.3.5.1.2.1

Counter64

Average lifetime of Session tokens in seconds

enterprises.36733.1.2.3.5.1.2.2

Counter64

Average lifetime of SAML v2.0 tokens in seconds

enterprises.36733.1.2.3.5.1.2.3

Counter64

Average lifetime of OAuth 2.0 tokens in seconds

enterprises.36733.1.2.3.5.1.2.4

Counter64

Average lifetime of REST tokens in seconds

enterprises.36733.1.2.3.5.1.2.5

Counter64

Average lifetime of OAuth 2.0 CSRF Protection tokens in seconds

enterprises.36733.1.2.3.5.1.2.6

Counter64

Average lifetime of UMA Resource tokens in seconds

enterprises.36733.1.2.3.5.1.2.7

Counter64

Average lifetime of UMA Permission Ticket tokens in seconds

enterprises.36733.1.2.3.5.1.2.8

Counter64

Average lifetime of UMA Requesting Party tokens in seconds

enterprises.36733.1.2.3.5.1.2.9

Counter64

Average lifetime of UMA Audit Entry tokens in seconds

enterprises.36733.1.2.3.5.1.2.10

Counter64

Average lifetime of Session Blacklist tokens in seconds

enterprises.36733.1.2.3.5.1.2.11

Counter64

Average lifetime of UMA Pending Request tokens in seconds

enterprises.36733.1.2.3.5.1.2.12

Counter64

Average lifetime of Security Token Service tokens in seconds

enterprises.36733.1.2.3.5.1.2.13

Counter64

Average lifetime of OAuth 2.0 denylist tokens in seconds

enterprises.36733.1.2.3.5.1.2.14

Counter64

Average lifetime of OAuth 2.0 client-side tokens in seconds

enterprises.36733.1.2.3.5.1.2.15

Counter64

Average lifetime of Push Notification tokens in seconds

enterprises.36733.1.2.3.5.1.2.16

Counter64

Average lifetime of Cluster-wide Notification tokens in seconds

CTS reaper run information

The CTS reaper deletes unused or expired tokens. Unless AM is in a shutdown cycle, the CTS reaper is designed to run continuously. By default, the CTS reaper runs in fixed intervals, unless AM is in the process of shutting down.

A single OID, enterprises.36733.1.2.3.6.0, relates to the CTS reaper. This OID:

  • Specifies the average rate of deleted tokens per CTS reaper run

  • Has the Float2dp data type.

CTS connection factory OIDs

Every request for a CTS token is a request to the CTSConnectionFactory. Such requests can either succeed or fail. The following OIDs provide measures for both such connections. The CTSConnectionFactory OIDs are also measured using a rate window system, similar to all the other CTS OIDs, except the CTS Reaper.

As there are no indexes required to look up the value of CTSConnectionFactory OIDs, they end in 0. Success or failure of these OIDs are not specific to any operation or token type.

The following tables list the OIDs related to the CTSConnectionFactory.

CTSConnectionFactory, Successful Connections
Successes, CTSConnectionFactory Data type Description

enterprises.36733.1.2.3.7.1.1.0

Counter64

Cumulative number of successful connections

enterprises.36733.1.2.3.7.1.2.0

Float2dp

Average number of successful connections (in period)

enterprises.36733.1.2.3.7.1.3.0

Counter64

Minimum number of successful connections (in period)

enterprises.36733.1.2.3.7.1.4.0

Counter64

Maximum number of successful connections (in period)

CTSConnectionFactory, failed connections
Failures, CTSConnectionFactory Data type Description

enterprises.36733.1.2.3.7.2.1.0

Counter64

Cumulative number of failed connections

enterprises.36733.1.2.3.7.2.2.0

Float2dp

Average number of failed connections (in period)

enterprises.36733.1.2.3.7.2.3.0

Counter64

Minimum number of failed connections (in period)

enterprises.36733.1.2.3.7.2.4.0

Counter64

Maximum number of failed connections (in period)