PingFederate supports runtime monitoring and reporting through Java Management Extensions (JMX). JMX technology represents a Java-centric approach to application management and monitoring.
JMX exposes instrumented code in the form of MBeans. Application management systems that support JMX technology, such as JConsole, can request runtime information from the PingFederate JMX server.
Authentication is required for JMX-client access to PingFederate runtime data. For more information, see Configuring service authentication.
You can use HTTP requests at any time to verify the status of the PingFederate server. For more information, see Customizing the heartbeat message.
You can also supplement monitoring information by applying third-party analysis and reporting tools to the security audit log, in which PingFederate records fine-grain details, including response times and event types, for all server transactions. For more information, see Security audit logging.
PingFederate JMX server reports monitoring data for single sign-on (SSO) and single logout (SLO) transactions. In addition, numerous Jetty-standard MBeans are available to the PingFederate server's JMX clients.
SSO and SLO monitoring
For SSO/SLO transaction processing, PingFederate provides these MBeans:
-
pingfederate:type=TOTAL_FAILED_TRANSACTIONS
-
pingfederate:type=TOTAL_TRANSACTIONS
.
PingFederate resets these counters to zero after restart.
Sample Jetty metrics
The following table describes examples of Jetty MBean metrics, available through JMX, that administrators might find useful to supplement information provided through the PingFederate-specific MBeans.
MBean | Attributes |
---|---|
org.eclipse.jetty.server: connectorstatistics
For Jetty connectors including the primary and secondary PingFederate runtime server ports. |
connections – The total number of TCP connections accepted
by the server.
connectionsOpen – The current number of open connections.
Maximum is also available (connectionsOpenMax ). |
org.eclipse.jetty.server.handler: statisticshandler
|
requests – Total number of requests received.
requestTime – Request duration. Maximum, mean, standard
deviation, and total accumulated time are available.
|
org.eclipse.jetty.util.thread: queuedthreadpool
Two pools: one for the runtime server, with 200 maximum threads; one for the administrative console, with 20 maximum threads. |
idleThreads – Number of idle threads currently available.
minThreads – Minimum number of threads in the pool.
lowOnThreads – A boolean flag indicating whether the pool
is running low on threads. |
java.lang: Memory
|
Various attributes measuring CPU usage and memory. |
Advanced JMX configuration
PingFederate uses port 1099 for its JMX server. To change the port or other Java Message Service (JMS) configuration items, if needed, modify the jmx-remote-config.xml configuration file in the <pf_install>/pingfederate/server/default/conf directory.
When connecting to the JMX service using SSL, the default, ensure that the client trusts the PingFederate SSL server certificate presented. For more information, see Manage SSL server certificates.