Runtime monitoring using JMX
PingFederate supports runtime monitoring and reporting through Java Management Extensions (JMX). JMX technology represents a Java-centric approach to application management and monitoring.
JMX exposes instrumented code in the form of MBeans. Application management systems that support JMX technology, such as JConsole, can request runtime information from the PingFederate JMX server.
Authentication is required for JMX-client access to PingFederate runtime data. For more information, see Configuring service authentication. |
You can use HTTP requests at any time to verify the status of the PingFederate server. For more information, see Customizing the heartbeat message. You can also supplement monitoring information by applying third-party analysis and reporting tools to the security audit log, in which PingFederate records fine-grain details, including response times and event types, for all server transactions. For more information, see Security audit logging. |
PingFederate JMX server reports monitoring data for single sign-on (SSO) and single logout (SLO) transactions. In addition, numerous Jetty-standard MBeans are available to the PingFederate server’s JMX clients.
PingFederate MBeans
PingFederate provides MBeans for tracking server performance. The attributes exposed by these MBeans align with those available at the heartbeat endpoint. Most statistics and counts are calculated over a period. You can configure the period’s length in the file com.pingidentity.monitoring.MonitoringService.xml
.
-
TOTAL_TRANSACTIONS
: The total number of SSO, SLO, and STS transactions processed since the server started. PingFederate resets this counter to zero after restart. -
TOTAL_FAILED_TRANSACTIONS
: The total number of failed transactions since the server started. PingFederate resets this counter to zero after restart. -
dataStores
: The request rate and response time statistics for data stores -
adapters
: The request rate and response time statistics for adapters -
connections
: The request rate and response time statistics for connections -
cluster
: Cluster membership and the request rate and response time statistics for cluster Remote Procedure Calls (RPCs) -
httpRequests.admin
: The request rate and response time statistics for HTTP requests to the administrative console -
httpRequests.engine
: The request rate and response time statistics for HTTP requests to PingFederate’s runtime endpoints -
stateMaps
: The current number of entries in various runtime state maps -
transactions
: The counts of all transactions and failed transactions, including values for the previous period and accumulated totals since the server started
Sample Jetty metrics
The following table describes examples of Jetty MBean metrics, available through JMX, that you might find useful to supplement the information that the PingFederate-specific MBeans provide.
MBean | Attributes |
---|---|
For Jetty connectors including the primary and secondary PingFederate runtime server ports. |
|
|
|
Two pools: one for the runtime server, with 200 maximum threads; one for the administrative console, with 20 maximum threads. |
|
|
Attributes measuring CPU usage and memory |
Advanced JMX configuration
PingFederate uses port 1099 for its JMX server. You can change the port and other Java Message Service (JMS) settings by modifying the jmx-remote-config.xml
file in the <pf_install>/pingfederate/server/default/conf
directory.
When connecting to the JMX service using SSL, the default, ensure that the client trusts the PingFederate SSL server certificate presented. For more information, see Manage SSL server certificates. |