Use these instructions to configure the remote process option to establish a connection. For demonstration purposes, the following task uses an LDAP configuration.
Note:

No direct configuration support is provided for enabling remote access Java Management Extensions (JMX) for the PingAccess server. To enable this level of access, use the built-in options that are available through the Java Virtual Machine (JVM). For more information, see Monitoring and Management Using JMX Technology in the Oracle Java Development Kit (JDK) documentation.

  1. In the jvm-memory.options file for the PingAccess server, add the following text at the end of the last memory settings:
    #Settings to enable remote access to JMX
    -Dcom.sun.management.jmxremote.port=5000"
    -Dcom.sun.management.jmxremote.login.config=ExampleCompanyConfig"
    #Configuration is assumed to be in the conf folder, relative path used
    -Djava.security.auth.login.config=conf/ldap.config"
    -Dcom.sun.management.jmxremote.ssl=false"
    Note:

    Each entry must reside on its own line. In this example, a relative path is used for the ldap.config file. Some deployments might require a full path.

    Tip:

    In a production environment, use SSL, as shown in this example for initial testing and debugging. For information about setting up SSL, see Monitoring and Management Using JMX Technology in the Oracle JDK documentation.

  2. Create the ldap.config file.
    ExampleCompanyConfig {
        com.sun.security.auth.module.LdapLoginModule REQUIRED
        userProvider="ldaps://ldap.server:port/OU=where,OU=users,OU=located"
        userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
        authIdentity="uid={USERNAME},OU=where,OU=users,OU=located"
        authzIdentity=monitorRole
        useSSL=true;
        };
    Note:

    Each entry must reside on its own line. In this example, ldap.config is placed in the PingAccess conf folder. If your JVM setup trusts the certificates, you can use SSL. Because of the authIdentity option, the configuration binds as the user that you enter. Otherwise, an anonymous bind validates the user name but not the password.

  3. Place the ldap.config file that you created in step 2 in a location from which the PingAccess process can read it at start up.
  4. If you have a clustered PingAccess environment:
    1. Perform steps 1 - 3 to each node in the cluster.
    2. Restart each node.
  5. After you enable the JMX service, connect to the remote JMX service by specifying one of the following:
    • The name of the PingAccess server instance
    • The IP address, port, and authentication credentials.
    A screen capture of the JConsole: New Connection window for connecting through a remote process.
    Note:

    Because JMX uses SSL by default when communicating with a remote host, the client host must trust the SSL certificate that is presented during setup for JMX. If the JMX client does not trust the JMX certificate, it displays the following message:

    ConnectionFailedSSL1
    A screen capture of the failed connection error message.
    1. If SSL is enabled, import the JMX SSL certificate to the client’s trusted certificates.
    2. If SSL is disabled, click Insecure to connect.