PingCentral

Setting up Prometheus using OAuth

Prometheus pulls information from PingCentral endpoints and stores the data it retrieves.

Before you begin

  1. Enable single sign-on (SSO) with OpenID Connect (OIDC) in PingCentral’s application.properties file.

  2. Register an OAuth client in an authorization server with grant_type = client_credentials. Include the claims: 'sub', 'aud', and 'PingCentral-Role' in an issued access_token.

  3. Configure the Resource Server section in the application.properties file.

For more information, see Setting up SSO for PingCentral.

About this task

To configure Prometheus to connect to PingCentral with OAuth credentials:

Steps

  1. In PingCentral, in the conf/application.properties file, which resides in the PingCentral installation directory, locate and define the following properties.

    management.metrics.export.prometheus.enabled=true
management.metrics.export.prometheus.step=5s

  2. Save and close the file.

  3. Restart PingCentral.

  4. Set up the Prometheus prometheus.yaml configuration file and save it in the appropriate location.

    Example:

    To use an OAuth access token, use your OAuth credentials as configured in PingFederate or your third party authorization server. See the following example:

    global:
scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
# scrape_timeout is set to the global default (10s).

# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# Metrics for PingCentral
  - job_name: 'pingcentral-metrics'
    honor_timestamps: false
    metrics_path: */actuator/prometheus'
    scrape_interval: 5s
    scheme: https
    static_configs:
      - targets: [ 'xxx.xxx.x.x:9022' ]
    oauth2:
      client_id: prometheusPCClient
      client_secret: srZS9odxQF7m1tHUkUMcPvtSyz4P8XzVhy3CKn7VOOsBODYtBspRl2AXtExG2Q4Z
      scopes:
        - pc-admin-api
      token_url: https://pingfederate:9031/as/token.oauth2
    tls_config:
      insecure_skip_verify: true

    Use insecure_skip_verification: true exclusively in development or test environments.

  5. Access Prometheus.

    For more information, see Get started with Grafana and Prometheus in the Grafana documentation.