How to monitor the server

The Connect2id server offers administrators and devops engineers the following monitoring options:

  1. JMX monitoring of the objects stored in Infinispan:

    • Active SSO sessions of users;
    • Open authorisation sessions, i.e. end-users in the process of logging-in;
    • Pending OAuth 2.0 authorisation codes;
    • Active OAuth 2.0 access tokens;
    • Cached client registrations and authorisations.
  2. The session store web API allows monitoring of how many and which users are currently online.

  3. The authorisation store web API also allows monitoring of the issued authorisations and access tokens, however it has to be used with care as some operations are quite expensive; in certain cases it's better to use the JMX option (1).

  4. The persisted (LDAP) client registrations and long-lived authorisations can be monitored with an LDAP client or browser, such as Apache Directory Studio.

  5. The server logs.

What the Connect2id server doesn't have yet is the ability to collect and provide direct metrics on topics that are more about the process of SSO, IdP and authorisation as a business service, i.e. domain specific metrics, and not just low-level monitoring of "objects", "caches", etc. This capability to monitor operation at a higher level will be provided in a future release of the server.