Setting up Prometheus using OAuth
Prometheus pulls information from PingCentral endpoints and stores the data it retrieves.
Before you begin
-
Enable single sign-on (SSO) with OpenID Connect (OIDC) in PingCentral’s
application.properties
file. -
Register an OAuth client in an authorization server with
grant_type = client_credentials
. Include the claims: 'sub', 'aud', and 'PingCentral-Role' in an issuedaccess_token
. -
Configure the
Resource Server
section in theapplication.properties
file.
For more information, see Setting up SSO for PingCentral.
About this task
To configure Prometheus to connect to PingCentral with OAuth credentials:
Steps
-
In PingCentral, in the
conf/application.properties
file, which resides in the PingCentral installation directory, locate and define the following properties.management.metrics.export.prometheus.enabled=true management.metrics.export.prometheus.step=5s
-
Save and close the file.
-
Restart PingCentral.
-
Set up the Prometheus
prometheus.yaml
configuration file and save it in the appropriate location.Example:
To use an OAuth access token, use your OAuth credentials as configured in PingFederate or your third party authorization server. See the following example:
global: scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. # scrape_timeout is set to the global default (10s). # A scrape configuration containing exactly one endpoint to scrape: # Here it's Prometheus itself. scrape_configs: # Metrics for PingCentral - job_name: 'pingcentral-metrics' honor_timestamps: false metrics_path: */actuator/prometheus' scrape_interval: 5s scheme: https static_configs: - targets: [ 'xxx.xxx.x.x:9022' ] oauth2: client_id: prometheusPCClient client_secret: srZS9odxQF7m1tHUkUMcPvtSyz4P8XzVhy3CKn7VOOsBODYtBspRl2AXtExG2Q4Z scopes: - pc-admin-api token_url: https://pingfederate:9031/as/token.oauth2 tls_config: insecure_skip_verify: true
Use
insecure_skip_verification: true
exclusively in development or test environments. -
Access Prometheus.
For more information, see Get started with Grafana and Prometheus in the Grafana documentation.