PingFederate Server

Runtime monitoring using JMX

PingFederate supports runtime monitoring and reporting through Java Management Extensions (JMX). JMX technology represents a Java-centric approach to application management and monitoring.

JMX exposes instrumented code in the form of MBeans. Application management systems that support JMX technology, such as JConsole, can request runtime information from the PingFederate JMX server.

Authentication is required for JMX-client access to PingFederate runtime data. For more information, see Configuring service authentication.

You can use HTTP requests at any time to verify the status of the PingFederate server. For more information, see Customizing the heartbeat message.

You can also supplement monitoring information by applying third-party analysis and reporting tools to the security audit log, in which PingFederate records fine-grain details, including response times and event types, for all server transactions. For more information, see Security audit logging.

PingFederate JMX server reports monitoring data for single sign-on (SSO) and single logout (SLO) transactions. In addition, numerous Jetty-standard MBeans are available to the PingFederate server’s JMX clients.

PingFederate MBeans

PingFederate provides MBeans for tracking server performance. The attributes exposed by these MBeans align with those available at the heartbeat endpoint. Most statistics and counts are calculated over a period. You can configure the period’s length in the file com.pingidentity.monitoring.MonitoringService.xml.

  • TOTAL_TRANSACTIONS: The total number of SSO, SLO, and STS transactions processed since the server started. PingFederate resets this counter to zero after restart.

  • TOTAL_FAILED_TRANSACTIONS: The total number of failed transactions since the server started. PingFederate resets this counter to zero after restart.

  • dataStores: The request rate and response time statistics for data stores

  • adapters: The request rate and response time statistics for adapters

  • connections: The request rate and response time statistics for connections

  • cluster: Cluster membership and the request rate and response time statistics for cluster Remote Procedure Calls (RPCs)

  • httpRequests.admin: The request rate and response time statistics for HTTP requests to the administrative console

  • httpRequests.engine: The request rate and response time statistics for HTTP requests to PingFederate’s runtime endpoints

  • stateMaps: The current number of entries in various runtime state maps

  • transactions: The counts of all transactions and failed transactions, including values for the previous period and accumulated totals since the server started

Sample Jetty metrics

The following table describes examples of Jetty MBean metrics, available through JMX, that you might find useful to supplement the information that the PingFederate-specific MBeans provide.

MBean Attributes

org.eclipse.jetty.io: connectionstatistics

For Jetty connectors including the primary and secondary PingFederate runtime server ports.

connectionsTotal – Total number of TCP connections accepted by the server

connectionDuration* – How long connections are kept open. Maximum, mean, and standard deviation are available

connections – Current number of open connections. Maximum is also available (connectionsMax)

org.eclipse.jetty.server.handler: statisticshandler

requests – Total number of requests received

requestsActive – Number of requests currently being processed. Max is also available

requestTime – Request duration. Maximum, mean, standard deviation, and total accumulated time are available

responses1xx, responses2xx, responses3xx, … – Total number of requests that returned HTTP status codes of 1xx, 2xx, 3xx, and so on

org.eclipse.jetty.util.thread: queuedthreadpool

Two pools: one for the runtime server, with 200 maximum threads; one for the administrative console, with 20 maximum threads.

idleThreads – Number of idle threads currently available

threads – Number of threads currently running, including both idle and active

minThreads – Minimum number of threads in the pool

maxThreads – Maximum number of threads in the pool

lowOnThreads – A boolean flag indicating whether the pool is running low on threads

java.lang: Memory

java.lang: MemoryPool

java.lang: GarbageCollection

java.lang: OperatingSystem

Attributes measuring CPU usage and memory

Advanced JMX configuration

PingFederate uses port 1099 for its JMX server. You can change the port and other Java Message Service (JMS) settings by modifying the jmx-remote-config.xml file in the <pf_install>/pingfederate/server/default/conf directory.

When connecting to the JMX service using SSL, the default, ensure that the client trusts the PingFederate SSL server certificate presented. For more information, see Manage SSL server certificates.