Heartbeat endpoint

If the PingFederate server is running, the process of sending a request to the endpoint /pf/heartbeat.ping returns an HTTP 200 status. If the request times out or requires an extended amount of time to return, the server might be overloaded or experiencing other difficulties.

If a request requires more than two or three seconds to return, multiple factors in your PingFederate deployment might be responsible. We recommend that you develop a baseline for the desired response time by testing the heartbeat endpoint of your deployment at various times. This endpoint can be useful when load balancing a cluster of PingFederate instances. Some load balancers can alter the number of requests that are sent to a particular server based on the response code received, or the responsiveness of requests that are made to the heartbeat endpoint.

The output of the heartbeat endpoint can be modified to provide performance-related information, such as CPU and memory usage, and response times. The response metrics can help you make better auto-scaling decisions. The map size metrics can help you recognize performance issues.

The following example shows a report containing all the PingFederate server metrics available from the heartbeat endpoint.

"cpu.load": "6.13",
"total.jvm.memory": "769.13 MB",
"free.jvm.memory": "517.702 MB",
"used.jvm.memory": "251.429 MB",
"total.physical.system.memory": "17.18 GB",
"total.free.physical.system.memory": "358.928 MB",
"total.used.physical.system.memory": "16.821 GB",
"number.of.cpus": "8",
“atm.ref.token.map.size”: “99",
“idp.session.registry.session.map.size”: “157",
“response.concurrency.statistics.90.percentile”: “1",
“response.concurrency.statistics.max”: “2",
“response.concurrency.statistics.mean”: “1.0093023255813953",
“response.concurrency.statistics.min”: “1",
“response.statistics.count”: “215",
“response.statistics.window.seconds”: “300",
“response.time.statistics.90.percentile”: “2",
“response.time.statistics.max”: “376",
“response.time.statistics.mean”: “144.646511627906977",
“response.time.statistics.min”: “101",
“session.state.attribute.map.size”: “157",
“sp.session.registry.session.map.size”: “0",
“total.failed.transactions”: “0",
“total.transactions”: “150"

The following table describes all the PingFederate server metrics available from the heartbeat endpoint.

Note: In the following table, for server metrics that end in .90.percentile, the current 90 value is determined by the ServerPercentilesList item in the com.pingidentity.monitoring.MonitoringService.xml file. 90 is the default value. For more information on how to edit this value, see step 4 in Liveliness and responsiveness.
Server metrics Description
cpu.load

Load on the PingFederate server's cores as a percentage of total capacity

total.jvm.memory

Total memory of the JVM

free.jvm.memory

Free memory of the JVM

used.jvm.memory

Used memory of the JVM

total.physical.system.memory

Total system memory

total.free.physical.system.memory

Free system memory

total.used.physical.system.memory

Used system memory

number.of.cpus

Number of cores on the PingFederate server

atm.<atm>.token.map.size

Number of tokens in the access token manager with the ID specified by <atm>

idp.session.registry.session.map.size

Number of identity provider sessions

response.concurrency.statistics.90.percentile

The 90th percentile response concurrency (for example, if this value is 124, then 90% of the report samples had response concurrency values below 124)

response.concurrency.statistics.max

Maximum number of HTTP requests that the PingFederate server processed concurrently

response.concurrency.statistics.mean

Mean number of HTTP requests that the PingFederate server processed concurrently

response.concurrency.statistics.min

Minimum number of HTTP requests that the PingFederate server processed concurrently

response.statistics.count

Number of items considered in the heartbeat report for the time and concurrency statistics

response.statistics.window.seconds

Time interval (in seconds) for the statistics report (this is an echo of the StatisticsWindowSecs value and provides context for the concurrency and time statistics)

response.time.statistics.90.percentile

The 90th percentile response time in milliseconds (for example, if this value is 168, then 90% of the report samples had response times below 168 milliseconds)

response.time.statistics.max

Longest time in milliseconds that the PingFederate server took to respond

response.time.statistics.mean

Mean time in milliseconds that the PingFederate server took to respond

response.time.statistics.min

Shortest time in milliseconds that the PingFederate server took to respond

session.state.attribute.map.size

Number of items in the session state

sp.session.registry.session.map.size

Number of service provider sessions

total.failed.transactions

Number of failed transactions since the PingFederate server started

total.transactions

Number of transactions since the PingFederate server started

The statistics are for a 5 minute interval and they are updated every 30 seconds. The report takes only the first 5000 items into account.

For more information, see Customizing the heartbeat message

Response-time logging

By default, the audit logs record the processing time for each transaction. With audit logging enabled, you can identify the speed with which PingFederate processes the following transaction types:
  • Single sign-on (SSO)
  • OAuth
  • Security token services (STS)

Depending on your logging configuration, audit logging might not log any transactions. For more information, see Security audit logging.

The following provides examples of the default audit log.
2019-11-10 13:24:57,493| tid:cYunBsgybiw_fiRnJjkAhbIXvzc| AUTHN_SESSION_USED| | 127.0.0.1 | | ac_client| | localhost| IdP| success| PdFormAdpt| | 17
2019-11-10 13:24:58,720| tid:cYunBsgybiw_fiRnJjkAhbIXvzc| OAuth| 5c60f022-1e9d-3fbe-9749-4b9ca5591356| 127.0.0.1 | | ac_client| OAuth20| localhost| AS| success| PdFormAdpt| | 7

Processing times are shown at the end of the entry in milliseconds.