JMX exposes instrumented code in the form of MBeans. Application management systems that support JMX technology, such as JConsole, can request runtime information from the PingFederate JMX server.

Important:

Authentication is required for JMX-client access to PingFederate runtime data. For more information, see Configuring service authentication.

Tip:

You can use HTTP requests at any time to verify the status of the PingFederate server. For more information, see Customizing the heartbeat message.

You can also supplement monitoring information by applying third-party analysis and reporting tools to the security audit log, in which PingFederate records fine-grain details, including response times and event types, for all server transactions. For more information, see Security audit logging.

PingFederate JMX server reports monitoring data for single sign-on (SSO) and single logout (SLO) transactions. In addition, numerous Jetty-standard MBeans are available to the PingFederate server's JMX clients.

SSO and SLO monitoring

For SSO/SLO transaction processing, PingFederate provides these MBeans:

  • pingfederate:type=TOTAL_FAILED_TRANSACTIONS
  • pingfederate:type=TOTAL_TRANSACTIONS

PingFederate resets these counters to zero after restart.

Sample Jetty metrics

The following table describes examples of Jetty MBean metrics, available through JMX, that administrators might find useful to supplement information provided through the PingFederate-specific MBeans.

MBean Attributes
org.eclipse.jetty.server: connectorstatistics

For Jetty connectors including the primary and secondary PingFederate runtime server ports.

connections – The total number of TCP connections accepted by the server.

connectionsDuration* – How long connections are kept open. Maximum, mean, standard deviation, and total accumulated time are available.

connectionsOpen – The current number of open connections. Maximum is also available (connectionsOpenMax).
org.eclipse.jetty.server.handler: statisticshandler requests – Total number of requests received.

requestsActive – Number of requests currently being processed. Max is also available.

requestTime – Request duration. Maximum, mean, standard deviation, and total accumulated time are available.

responses1xx, responses2xx, responses3xx, … – Total number of requests that returned HTTP status codes of 1xx, 2xx, 3xx, etc.

org.eclipse.jetty.util.thread: queuedthreadpool

Two pools: one for the runtime server, with 200 maximum threads; one for the administrative console, with 20 maximum threads.

idleThreads – Number of idle threads currently available.

threads – Number of threads currently running, including both idle and active.

minThreads – Minimum number of threads in the pool.

maxThreads – Maximum number of threads in the pool.

lowOnThreads – A boolean flag indicating whether the pool is running low on threads.
java.lang: Memory

java.lang: MemoryPool

java.lang: GarbageCollection

java.lang: OperatingSystem

Various attributes measuring CPU usage and memory.

Advanced JMX configuration

PingFederate uses port 1099 for its JMX server. To change the port or other Java Message Service (JMS) configuration items, if needed, modify the jmx-remote-config.xml configuration file in the <pf_install>/pingfederate/server/default/conf directory.

Note:

When connecting to the JMX service using SSL, the default, ensure that the client trusts the PingFederate SSL server certificate presented. For more information, see Manage SSL server certificates.