PingAuthorize

About HTTP correlation IDs

HTTP correlation IDs let you trace requests.

A typical request to a software system is handled by multiple subsystems, which might be distinct servers on distinct hosts across different locations. Tracing the request flow on such distributed systems can be challenging because log messages are scattered across various systems and intermingled with messages for other requests.

To solve this problem, a system can assign a correlation ID to a request that it adds to every associated operation as the request flows through the larger system. With the correlation ID, you can easily locate and group related log messages.

PingAuthorize, PingDirectory, and their related products support correlation IDs for all HTTP requests received through the HTTP(S) Connection Handler. For more information about HTTP connection handlers in PingDirectory, see HTTP connection handlers.

How PingAuthorize handles correlation IDs
  • When any HTTP request is received, PingAuthorize automatically assigns the request a correlation ID.

  • All related activity appears in the trace logs with this correlation ID.

  • The PingAuthorize gateway adds the correlation ID header to requests it forwards.

  • The LDAP Store Adapter used by the SCIM 2 service uses the correlation ID as the client request ID value in Intermediate Client Request Controls that it sends to the downstream Ping LDAP server.

    You can find this value in the via key of records logged by the LDAP server’s access log.

    If the LDAP server is a PingDirectoryProxy Server, the Intermediate Client Request Control is forwarded in turn to the downstream LDAP server.

How other Ping products handle correlation IDs
  • When any HTTP request is received, it is automatically assigned a correlation ID.

  • You can use this correlation ID to correlate HTTP responses with messages recorded to the HTTP Detailed Operation log and the trace log.

  • For specific web APIs, the correlation ID might also be passed to the LDAP subsystem.

  • For the SCIM 1, SCIM 2, Delegated Admin, Consent, and Directory REST APIs, the correlation ID appears with associated requests in LDAP logs in the correlationID key.

Server SDK support

For Server SDK extensions that have access to the current HttpServletRequest, the extension can retrieve the current correlation ID as a String through the HttpServletRequest's com.pingidentity.pingdata.correlation_id attribute.

Consider this example.

(String) request.getAttribute("com.pingidentity.pingdata.correlation_id");