PingAuthorize

Enabling Prometheus support in the server

The server is preconfigured with an HTTP servlet extension that can publish a wide variety of metrics for use by Prometheus.

To enable the servlet extension, add it to an HTTP or HTTPS connection handler, and either disable and re-enable the connection handler or restart the server. For example:

dsconfig set-connection-handler-prop \
  --handler-name "HTTPS Connection Handler" \
  --add "http-servlet-extension:Prometheus Monitoring" \
  --set enabled:false

dsconfig set-connection-handler-prop \
  --handler-name "HTTPS Connection Handler" \
  --set enabled:true

The servlet extension offers a number of configuration properties that can be used to customize its behavior. They include:

base-context-path

The path that the Prometheus server can use to consume any published metrics. By default, this is /metrics.

include-instance-name-label

Indicates whether all published metrics should include an instance label whose value is the name of the server instance.

include-product-name-label

Indicates whether all published metrics should include a product label whose value is the name of the server product, such as Ping Identity Authorize Server for PingAuthorize Server.

include-location-name-label

Indicates whether all published metrics should include a location label whose value is the name of the configured location for the server instance.

always-include-monitor-entry-name-label

Indicates whether all published metrics should include a monitor_entry label whose value is the name of the monitor entry (the value of the cn attribute) from which the metric was taken.

Even if this property is set to false, the server will still add this label to metrics in cases where there are multiple monitor entries with the same object class.
include-monitor-object-class-name-label

Indicates whether all published metrics should include a monitor_object_class label whose value is the name of the object class for the monitor entry from which the metric was taken.

include-monitor-attribute-name-label

Indicates whether all published metrics should include a monitor_attribute label whose value is the name of the monitor attribute from which the metric was taken.

label-name-value-pair

An optional set of name-value pairs for labels that should be included in all metrics published by the server. If provided, each item should use an equal sign to separate the label name from the value, such as label_name=label_value.

Label names must:

  • Start with a letter or underscore

  • Only contain letters, digits, and underscores

  • Be unique

Label values can be any non-empty string.

After the servlet extension has been enabled, you can verify that the metric information is available by retrieving it with a simple HTTP GET request using a web browser or a command-line tool like curl or wget.

For example, to retrieve the Prometheus metrics from the server paz.example.com using an HTTPS connection handler listening on port 8443 and the default base-context-path value of /metrics, use a URL of https://paz.example.com:8443/metrics.