Access Management 7.3.2

Monitor AM instances

AM provides a number of interfaces for you to check the status of AM instances and to gather monitoring data. This section describes the steps to enable monitoring and use the monitoring endpoints.

Check the status of an AM instance

In certain deployments, such as Kubernetes, it can be useful to poll endpoints to check if an instance is running, and ready to handle requests. You can determine the status of an AM instance by using the following endpoints:

/json/health/live

Use the live endpoint to determine if AM instances are up and running.

If the instance is running the endpoint returns an HTTP status code of 200. If not, it returns a 503 response.

For example, use the following curl command to determine when an AM instance is alive:

$ curl --include --retry 10 --retry-connrefused 'http://am.example.com:8080/am/json/health/live'
Warning: Transient problem: connection refused Will retry in 1 seconds. 10
Warning: retries left.
Warning: Transient problem: connection refused Will retry in 2 seconds. 9
Warning: retries left.
Warning: Transient problem: connection refused Will retry in 4 seconds. 8
Warning: retries left.
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Cache-Control: private
Content-API-Version: resource=1.0
Content-Length: 0
Date: Mon, 09 Nov 2020 12:22:38 GMT
/json/health/ready

Use the ready endpoint to determine if AM instances are ready to process requests.

If the instance is ready to process requests, the endpoint returns an HTTP status code of 200. If not, it returns a 503 response.

For example, use the following curl command to determine when an AM instance is ready to process requests:

$ curl --include --retry 10 --retry-connrefused 'http://am.example.com:8080/am/json/health/ready'
Warning: Transient problem: connection refused Will retry in 1 seconds. 10
Warning: retries left.
Warning: Transient problem: connection refused Will retry in 2 seconds. 9
Warning: retries left.
Warning: Transient problem: connection refused Will retry in 4 seconds. 8
Warning: retries left.
Warning: Transient problem: connection refused Will retry in 8 seconds. 7
Warning: retries left.
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Cache-Control: private
Content-API-Version: resource=1.0
Content-Length: 0
Date: Mon, 09 Nov 2020 12:45:03 GMT
Deprecated isAlive.jsp page

AM provides a deprecated isAlive.jsp page, to check whether AM is up. Point your application to the file under the deployment URL, such as https://openam.example.com:8443/openam/isAlive.jsp.

If you get a success code (with Server is ALIVE: in the body of the page returned), then the instance is in operation.

The isAlive.jsp page is deprecated and will be removed in a future release. Update your environment to use the live and ready endpoints instead.

The endpoints and isAlive.jsp page do not require authentication. You might want to restrict public access, and only allow access from internal infrastructure.

Enable monitoring in the console

To query some of the monitoring endpoints, such as Prometheus or CREST, you must enable the monitoring system:

  1. In the AM admin UI, go to Configure > Global Services > Monitoring.

  2. Set Monitoring Status to enabled.

  3. Click Save Changes.