One of the simpler methods for monitoring the performance of a PingFederate deployment involves determining whether the PingFederate Server is available and responsive. To help you identify the status of a server, PingFederate provides a heartbeat request endpoint.
If the PingFederate server is running, the process of sending a request to the endpoint /pf/heartbeat.ping returns an HTTP 200 status. If the request times out or requires an extended amount of time to return, the server might be overloaded or experiencing other difficulties.
If a request requires more than two or three seconds to return, multiple factors in your PingFederate deployment might be responsible. We recommend that you develop a baseline for the desired response time by testing the heartbeat endpoint of your deployment at various times. This endpoint can be useful when load balancing a cluster of PingFederate instances. Some load balancers can alter the number of requests that are sent to a particular server based on the response code received, or the responsiveness of requests that are made to the heartbeat endpoint.
The output of the heartbeat endpoint can be modified to provide performance-related information, such as CPU and memory usage, and response times. The response metrics can help you make better auto-scaling decisions. The map size metrics can help you recognize performance issues.
The following example shows a report containing all the PingFederate server metrics available from the heartbeat endpoint.
"cpu.load": "6.13", "total.jvm.memory": "769.13 MB", "free.jvm.memory": "517.702 MB", "used.jvm.memory": "251.429 MB", "total.physical.system.memory": "17.18 GB", "total.free.physical.system.memory": "358.928 MB", "total.used.physical.system.memory": "16.821 GB", "number.of.cpus": "8", “atm.ref.token.map.size”: “99", “idp.session.registry.session.map.size”: “157", “response.concurrency.statistics.90.percentile”: “1", “response.concurrency.statistics.max”: “2", “response.concurrency.statistics.mean”: “1.0093023255813953", “response.concurrency.statistics.min”: “1", “response.statistics.count”: “215", “response.statistics.window.seconds”: “300", “response.time.statistics.90.percentile”: “2", “response.time.statistics.max”: “376", “response.time.statistics.mean”: “144.646511627906977", “response.time.statistics.min”: “101", “session.state.attribute.map.size”: “157", “sp.session.registry.session.map.size”: “0", “total.failed.transactions”: “0", “total.transactions”: “150"
The following table describes all the PingFederate server metrics available from the heartbeat endpoint.
.90.percentile, the current
90value is determined by the
ServerPercentilesListitem in the com.pingidentity.monitoring.MonitoringService.xml file. 90 is the default value. For more information on how to edit this value, see step 4 in Liveliness and responsiveness.
Load on the PingFederate server's cores as a percentage of total capacity
Total memory of the JVM
Free memory of the JVM
Used memory of the JVM
Total system memory
Free system memory
Used system memory
Number of cores on the PingFederate server
Number of tokens in the access token manager with the ID specified by <atm>
Number of identity provider sessions
The 90th percentile response concurrency (for example, if this value is 124, then 90% of the report samples had response concurrency values below 124)
Maximum number of HTTP requests that the PingFederate server processed concurrently
Mean number of HTTP requests that the PingFederate server processed concurrently
Minimum number of HTTP requests that the PingFederate server processed concurrently
Number of items considered in the heartbeat report for the time and concurrency statistics
Time interval (in seconds) for the statistics report (this is an echo of the StatisticsWindowSecs value and provides context for the concurrency and time statistics)
The 90th percentile response time in milliseconds (for example, if this value is 168, then 90% of the report samples had response times below 168 milliseconds)
Longest time in milliseconds that the PingFederate server took to respond
Mean time in milliseconds that the PingFederate server took to respond
Shortest time in milliseconds that the PingFederate server took to respond
Number of items in the session state
Number of service provider sessions
Number of failed transactions since the PingFederate server started
Number of transactions since the PingFederate server started
The statistics are for a 5 minute interval and they are updated every 30 seconds. The report takes only the first 5000 items into account.
For more information, see Customizing the heartbeat message
- Single sign-on (SSO)
- Security token services (STS)
Depending on your logging configuration, audit logging might not log any transactions. For more information, see Security audit logging.
2019-11-10 13:24:57,493| tid:cYunBsgybiw_fiRnJjkAhbIXvzc| AUTHN_SESSION_USED| | 127.0.0.1 | | ac_client| | localhost| IdP| success| PdFormAdpt| | 17
2019-11-10 13:24:58,720| tid:cYunBsgybiw_fiRnJjkAhbIXvzc| OAuth| 5c60f022-1e9d-3fbe-9749-4b9ca5591356| 127.0.0.1 | | ac_client| OAuth20| localhost| AS| success| PdFormAdpt| | 7
Processing times are shown at the end of the entry in milliseconds.