Use these instructions to configure the remote process option to establish a connection. For demonstration purposes, the following task uses an LDAP configuration.
Note:

No direct configuration support is provided for enabling remote access Java Management Extensions (JMX) for PingAccess Server. To enable this level of access, use the built-in options that are available through the Java virtual machine (JVM). For more information, see Monitoring and Management Using JMX Technology in the Oracle JDK documentation.

  1. In the jvm-memory.options file for PingAccess Server, add the following text at the end of the last memory settings.
    #Settings to enable remote access to JMX
    -Dcom.sun.management.jmxremote.port=5000"
    -Dcom.sun.management.jmxremote.login.config=ExampleCompanyConfig"
    #Configuration is assumed to be in the conf folder, relative path used
    -Djava.security.auth.login.config=conf/ldap.config"
    -Dcom.sun.management.jmxremote.ssl=false"
    Note:

    Each entry must reside on its own line. In this example, a relative path is used for the ldap.config file. Some deployments might require a full path.

    Tip:

    In a production environment, use SSL, as shown in this example for initial testing and debugging. For information about setting up SSL, see Monitoring and Management Using JMX Technology in the Oracle JDK documentation.

  2. Create the ldap.config file.
    ExampleCompanyConfig {
        com.sun.security.auth.module.LdapLoginModule REQUIRED
        userProvider="ldaps://ldap.server:port/OU=where,OU=users,OU=located"
        userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
        authIdentity="uid={USERNAME},OU=where,OU=users,OU=located"
        authzIdentity=monitorRole
        useSSL=true;
        };
    Note:

    Each entry must reside on its own line. In this example, ldap.config is placed in the PingAccess conf folder. If your JVM setup trusts the certificates, you can use SSL. Because of the authIdentity option, the configuration binds as the user that you enter. Otherwise, an anonymous bind validates the user name but not the password.

  3. Place the file that you created in step 3 in a location from which the PingAccess process can read it at start up.
  4. In a clustered PingAccess environment:
    1. Make the changes outlined in steps 1 - 3 to each node in the cluster.
    2. Restart each node.
  5. After you enable the JMX service, connect to the remote JMX service by specifying one of the following:
    • The name of the PingAccess Server instance
    • The IP address, port, and authentication credentials.
    A screen capture of the JConsole: New Connection window for connecting through a remote process.
    Note:

    Because JMX uses SSL by default when communicating with a remote host, the client host must trust the SSL certificate that is presented during setup for JMX. If the JMX client does not trust the JMX certificate, the following message is displayed.

    A screen capture of the failed connection error message.
    1. If SSL is enabled: Import the JMX SSL certificate to the client’s trusted certificates.
    2. If SSL is disabled: Click Insecure to connect.