Monitoring

1. Introduction

Connect2id server 3.0 introduces a new monitoring endpoint providing over 100 metrics and backend health checks. These are implemented with the Dropwizard Metrics library.

Access to the monitoring endpoint is protected by means of a long-lived token. The token must be passed with each HTTP request in the Authorization header:

Authorization: Bearer ztucZS1ZyFKgh0tUEruUtiSTXhnexmd6

Note that the available metrics can also be reported to a remote data collection / dashboard server via JMX or the Graphite protocol.

More information can be found in the monitoring configuration reference.

2. Web API overview

3. Resources

3.1 /monitor/v1/metrics

Connect2id server metrics.

3.1.1 GET

Retrieves a set of metrics collected by the Connect2id server.

Header parameters:

• Authorization Must specify the configured bearer access token for this web API.

Query parameters:

• [ pretty = false ] {true|false} Optional query parameter, causes pretty JSON formatting to be applied to the response entity body. Defaults to false.

Success:

• Code: 200

• Content-Type: application/json

• Body: {object} A JSON object representing the collected metrics set.

Errors:

• 401 Unauthorized
• 500 Internal Server Error

Example request, with pretty JSON printing:

GET /monitor/v1/metrics?pretty=true HTTP/1.1
Host: c2id.com
Authorization: Bearer ztucZS1ZyFKgh0tUEruUtiSTXhnexmd6

Example response:

HTTP/1.1 200 Success
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: application/json

{
  "version" : "3.0.0",
  "gauges"  : {
    "authzSessionStore.numSessions"                    : { "value" : 0 },
    "authzStore.ldapConnector.maxAvailableConnections" : { "value" : 5 },
    "authzStore.ldapConnector.numAvailableConnections" : { "value" : 1 },
  ...
  }
  ...
}

3.2 /monitor/v1/ping

Endpoint for HTTP ping requests.

3.2.1 GET

Performs an HTTP ping request to the Connect2id server.

Header parameters:

• Authorization Must specify the configured bearer access token for this web API.

Success:

• Code: 200

• Content-Type: text/plain

• Body: {string} The string “pong”.

Errors:

• 401 Unauthorized
• 500 Internal Server Error

Example ping request:

GET /monitor/v1/ping HTTP/1.1
Host: c2id.com
Authorization: Bearer ztucZS1ZyFKgh0tUEruUtiSTXhnexmd6

Example response:

HTTP/1.1 200 Success
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/plain

pong

3.3 /monitor/v1/threads

Current thread dump of the Connect2id server.

3.3.1 GET

Gets a thread dump of the Connect2id server.

Header parameters:

• Authorization Must specify the configured bearer access token for this web API.

Success:

• Code: 200

• Content-Type: text/plain

• Body: {text} The obtained Java thread dump.

Errors:

• 401 Unauthorized
• 500 Internal Server Error

Example request:

GET /monitor/v1/threads HTTP/1.1
Host: c2id.com
Authorization: Bearer ztucZS1ZyFKgh0tUEruUtiSTXhnexmd6

Example response:

HTTP/1.1 200 Success
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/plain

main id=1 state=RUNNABLE (running in native)
    at java.net.PlainSocketImpl.socketAccept(Native Method)
    at java.net.AbstractPlainSocketImpl.accept(AbstractPlainSocketImpl.java:398)
    at java.net.ServerSocket.implAccept(ServerSocket.java:530)
    at java.net.ServerSocket.accept(ServerSocket.java:498)
    at org.apache.catalina.core.StandardServer.await(StandardServer.java:446)
    at org.apache.catalina.startup.Catalina.await(Catalina.java:713)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:659)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:351)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:485)

Reference Handler id=2 state=WAITING
    - waiting on <0x41febc07> (a java.lang.ref.Reference$Lock)
    - locked <0x41febc07> (a java.lang.ref.Reference$Lock)
    at java.lang.Object.wait(Native Method)
    at java.lang.Object.wait(Object.java:503)
    at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:133)

...

3.4 /monitor/v1/healthcheck

Health checks built into the Connect2id server.

Header parameters:

• Authorization Must specify the configured bearer access token for this web API.

3.4.1 GET

Runs built-in health checks and returns the result.

Header parameters:

• Authorization Must specify the configured bearer access token for this web API.

Query parameters:

• [ pretty = false ] {true|false} Optional query parameter, causes pretty JSON formatting to be applied to the response entity body. Defaults to false.

Success:

• Code: 200

• Content-Type: application/json

• Body: {object} A JSON object representing a successful health check result.

Errors:

• 401 Unauthorized
• 500 Internal Server Error – on a failed health check, with the body representing the result.

Example request, with pretty JSON printing:

GET /monitor/v1/healthcheck?pretty=true HTTP/1.1
Host: c2id.com
Authorization: Bearer ztucZS1ZyFKgh0tUEruUtiSTXhnexmd6

Example response indicating good health:

HTTP/1.1 200 Success
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: application/json

{
  "clientStore.ldapConnector" : { "healthy" : true },
  "authzStore.ldapConnector"  : { "healthy" : true }
}

Example response indicating the backend LDAP server is down or unavailable:

{
  "authzStore.ldapConnector"  : { "healthy" : false,
                                  "message" : "An error occurred while attempting to connect to server 127.0.0.1:1389:  java.io.IOException: An error occurred while attempting to establish a connection to server /127.0.0.1:1389:  java.net.ConnectException: Connection refused" },
  "clientStore.ldapConnector" : { "healthy" : false,
                                  "message" : "An error occurred while attempting to connect to server 127.0.0.1:1389:  java.io.IOException: An error occurred while attempting to establish a connection to server /127.0.0.1:1389:  java.net.ConnectException: Connection refused" }
}

4. Representations

4.1 Metrics set

Connect2id server metrics consisting of gauges, meters and timers:

• version {string} Identifies the Dropwizard Metrics API version, set to “3.0.0”.

• gauges {object} Gauges for tracking the current sessions count, cached objects counts and LDAP connector status:

  • authzSessionStore.numSessions The number of authorisation sessions. Indicates how many end-users are currently in the process of logging in.

  • sessionStore.numSessions The number of subject (end-user) sessions. Note that a user may have more than one active session.

  • sessionStore.queuedNotifications The number of queued notifications (session start, session end) to subscribers. This feature is not used by the Connect2id server at present.

  • clientStore.numCachedRegistrations The number of cached OpenID Connect / OAuth 2.0 client registrations.

  • clientStore.numCachedExpendedTokens The number of cached expended initial access tokens for OpenID Connect / OAuth 2.0 client registration.

  • clientStore.ldapConnector.numAvailableConnections Client store LDAP connector: The number of connections currently available for use in the pool, if that information is available (else -1).

  • clientStore.ldapConnector.maxAvailableConnections Client store LDAP connector: The maximum number of connections that may be available in the pool at any time, if that information is available (else -1).

  • clientStore.ldapConnector.numSuccessfulConnectionAttempts Client store LDAP connector: The number of connections that have been successfully created for use in conjunction with the connection pool.

  • clientStore.ldapConnector.numFailedConnectionAttempts Client store LDAP connector: The number of failed attempts to create a connection for use in the connection pool.

  • clientStore.ldapConnector.numConnectionsClosedDefunct Client store LDAP connector: The number of connections that have been closed as defunct (i.e., they are no longer believed to be valid).

  • clientStore.ldapConnector.numConnectionsClosedExpired Client store LDAP connector: The number of connections that have been closed as expired (i.e., they have been established for longer than the maximum connection age for the pool).

  • clientStore.ldapConnector.numConnectionsClosedUnneeded Client store LDAP connector: The number of connections that have been closed as unneeded (i.e., they were created in response to heavy load but are no longer needed to meet the current load, or they were closed when the pool was closed).

  • clientStore.ldapConnector.numSuccessfulCheckouts Client store LDAP connector: The number of successful attempts to check out a connection from the pool (including connections checked out for internal use by operations processed as part of the pool).

  • clientStore.ldapConnector.numSuccessfulCheckoutsWithoutWaiting Client store LDAP connector: The number of successful attempts to check out a connection from the pool that were able to obtain an existing connection without waiting.

  • clientStore.ldapConnector.numSuccessfulCheckoutsAfterWaiting Client store LDAP connector: The number of successful attempts to check out a connection from the pool that had to wait for a connection to become available.

  • clientStore.ldapConnector.numSuccessfulCheckoutsNewConnection Client store LDAP connector: The number of successful attempts to check out a connection from the pool that had to create a new connection because no existing connections were available.

  • clientStore.ldapConnector.numFailedCheckouts Client store LDAP connector: The number of failed attempts to check out a connection from the pool (including connections checked out for internal use by operations processed as part of the pool).

  • clientStore.ldapConnector.numReleasedValid Client store LDAP connector: The number of times a valid, usable connection has been released back to the pool after being checked out (including connections checked out for internal use by operations processed within the pool).

  • authzStore.numAuthzCodes The number of OAuth 2.0 authorisation codes waiting to be exchanged for an access token.

  • authzStore.numIdAccessTokens The number of currently active identifier- based access tokens.

  • authzStore.numCachedAuthorizations The number of cached long-lived authorisations.

  • authzStore.ldapConnector.numAvailableConnections Authorisation store LDAP connector: The number of connections currently available for use in the pool, if that information is available (else -1).

  • authzStore.ldapConnector.maxAvailableConnections Authorisation store LDAP connector: The maximum number of connections that may be available in the pool at any time, if that information is available (else -1).

  • authzStore.ldapConnector.numSuccessfulConnectionAttempts Authorisation store LDAP connector: The number of connections that have been successfully created for use in conjunction with the connection pool.

  • authzStore.ldapConnector.numFailedConnectionAttempts Authorisation store LDAP connector: The number of failed attempts to create a connection for use in the connection pool.

  • authzStore.ldapConnector.numConnectionsClosedDefunct Authorisation store LDAP connector: The number of connections that have been closed as defunct (i.e., they are no longer believed to be valid).

  • authzStore.ldapConnector.numConnectionsClosedExpired Authorisation store LDAP connector: The number of connections that have been closed as expired (i.e., they have been established for longer than the maximum connection age for the pool).

  • authzStore.ldapConnector.numConnectionsClosedUnneeded Authorisation store LDAP connector: The number of connections that have been closed as unneeded (i.e., they were created in response to heavy load but are no longer needed to meet the current load, or they were closed when the pool was closed).

  • authzStore.ldapConnector.numSuccessfulCheckouts Authorisation store LDAP connector: The number of successful attempts to check out a connection from the pool (including connections checked out for internal use by operations processed as part of the pool).

  • authzStore.ldapConnector.numSuccessfulCheckoutsWithoutWaiting Authorisation store LDAP connector: The number of successful attempts to check out a connection from the pool that were able to obtain an existing connection without waiting.

  • authzStore.ldapConnector.numSuccessfulCheckoutsAfterWaiting Authorisation store LDAP connector: The number of successful attempts to check out a connection from the pool that had to wait for a connection to become available.

  • authzStore.ldapConnector.numSuccessfulCheckoutsNewConnection Authorisation store LDAP connector: The number of successful attempts to check out a connection from the pool that had to create a new connection because no existing connections were available.

  • authzStore.ldapConnector.numFailedCheckouts Authorisation store LDAP connector: The number of failed attempts to check out a connection from the pool (including connections checked out for internal use by operations processed as part of the pool).

  • authzStore.ldapConnector.numReleasedValid Authorisation store LDAP connector: The number of times a valid, usable connection has been released back to the pool after being checked out (including connections checked out for internal use by operations processed within the pool).

• meters {object} Event meters:

  • op.idTokenIssues Meters ID token issues.

  • authzEndpoint.successfulRequests Meters successful requests at the OAuth 2.0 authorisation endpoint.

  • authzEndpoint.failedSubjectAuthentications Meters failed subject (end-user) authentications at the OAuth 2.0 authorisation endpoint.

  • authzEndpoint.consentDenials Meters consent denials at the OAuth 2.0 authorisation endpoint.

  • directAuthzEndpoint.successfulRequests Meters successful direct authorisation requests.

  • clientStore.newRegistrations Meters new client registrations.

  • clientStore.reads Meters client registration reads.

  • clientStore.updates Meters client registration updates.

  • clientStore.deletions Meters client registration deletions.

  • authzStore.codeIssues Meters authorisation code issues.

  • authzStore.codeExchanges Meters authorisation code exchanges for an access / refresh / ID token.

  • authzStore.accessTokenIssues Meters access token issues.

  • authzStore.refreshTokenIssues Meters refresh token issues.

  • authzStore.tokenRefreshes Meters token refreshes.

  • authzStore.longLivedAuthz.newAdditions Meters addition of new long-lived (persisted) authorisations.

  • authzStore.longLivedAuthz.updates Meters updates of long-lived (persisted) authorisations.

  • authzStore.longLivedAuthz.revocations Meters revocations of long-lived (persisted) authorisations.

  • authzStore.shortLivedAuthz.newAdditions Meters addition of new short-lived (transient) authorisations.

  • sessionStore.newSessions Meters creation of new subject (end-user) sessions.

  • sessionStore.sessionRetrievals Meters retrieval of subject (end-user) sessions.

  • sessionStore.sessionAuthUpdates Meters updates of the authentication details of subject (end-user) sessions.

  • sessionStore.sessionDataUpdates Meters updates of the data attribute of subject (end-user) sessions.

  • sessionStore.sessionClosures Meters closures (or log-outs) of subject (end-user) sessions.

  • sessionStore.sessionExpirations Meters expirations of subject (end-user) sessions.

  • tokenEndpoint.code.successfulRequests Meters successful token requests with an OAuth 2.0 authorisation code grant.

  • tokenEndpoint.code.invalidClientErrors Meters failed token requests with an OAuth 2.0 authorisation code grant that produced an invalid_client error.

  • tokenEndpoint.code.unauthorizedClientErrors Meters failed token requests with an OAuth 2.0 authorisation code grant that produced an unauthorized_client error.

  • tokenEndpoint.code.invalidGrantErrors Meters failed token requests with an OAuth 2.0 authorisation code grant that produced an invalid_grant error.

  • tokenEndpoint.code.invalidScopeErrors Meters failed token requests with an OAuth 2.0 authorisation code grant that produced an invalid_scope error.

  • tokenEndpoint.code.serverErrors Meters failed token requests with an OAuth 2.0 authorisation code grant that produced an HTTP 500 error.

  • tokenEndpoint.refreshToken.successfulRequests Meters successful token requests with an OAuth 2.0 refresh token grant.

  • tokenEndpoint.refreshToken.invalidClientErrors Meters failed token requests with an OAuth 2.0 refresh token grant that produced an invalid_client error.

  • tokenEndpoint.refreshToken.unauthorizedClientErrors Meters failed token requests with an OAuth 2.0 refresh token grant that produced an unauthorized_client error.

  • tokenEndpoint.refreshToken.invalidGrantErrors Meters failed token requests with an OAuth 2.0 refresh token grant that produced an invalid_grant error.

  • tokenEndpoint.refreshToken.invalidScopeErrors Meters failed token requests with an OAuth 2.0 refresh token grant that produced an invalid_scope error.

  • tokenEndpoint.refreshToken.serverErrors Meters failed token requests with an OAuth 2.0 refresh token grant that produced an HTTP 500 error.

  • tokenEndpoint.password.successfulRequests Meters successful token requests with an OAuth 2.0 password grant.

  • tokenEndpoint.password.invalidClientErrors Meters failed token requests with an OAuth 2.0 password grant that produced an invalid_client error.

  • tokenEndpoint.password.unauthorizedClientErrors Meters failed token requests with an OAuth 2.0 password grant that produced an unauthorized_client error.

  • tokenEndpoint.password.invalidGrantErrors Meters failed token requests with an OAuth 2.0 password grant that produced an invalid_grant error.

  • tokenEndpoint.password.invalidScopeErrors Meters failed token requests with an OAuth 2.0 password grant that produced an invalid_scope error.

  • tokenEndpoint.password.serverErrors Meters failed token requests with an OAuth 2.0 password grant that produced an HTTP 500 error.

  • tokenEndpoint.clientCredentials.successfulRequests Meters successful token requests with an OAuth 2.0 client credentials grant.

  • tokenEndpoint.clientCredentials.invalidClientErrors Meters failed token requests with an OAuth 2.0 client credentials grant that produced an invalid_client error.

  • tokenEndpoint.clientCredentials.unauthorizedClientErrors Meters failed token requests with an OAuth 2.0 client credentials grant that produced an unauthorized_client error.

  • tokenEndpoint.clientCredentials.invalidGrantErrors Meters failed token requests with an OAuth 2.0 client credentials grant that produced an invalid_grant error.

  • tokenEndpoint.clientCredentials.invalidScopeErrors Meters failed token requests with an OAuth 2.0 client credentials grant that produced an invalid_scope error.

  • tokenEndpoint.clientCredentials.serverErrors Meters failed token requests with an OAuth 2.0 client credentials grant that produced an HTTP 500 error.

  • tokenEndpoint.jwtBearer.successfulRequests Meters successful token requests with an OAuth 2.0 JWT bearer assertion grant.

  • tokenEndpoint.jwtBearer.invalidClientErrors Meters failed token requests with an OAuth 2.0 JWT bearer assertion grant that produced an invalid_client error.

  • tokenEndpoint.jwtBearer.unauthorizedClientErrors Meters failed token requests with an OAuth 2.0 JWT bearer assertion grant that produced an unauthorized_client error.

  • tokenEndpoint.jwtBearer.invalidGrantErrors Meters failed token requests with an OAuth 2.0 JWT bearer assertion that produced an invalid_grant error.

  • tokenEndpoint.jwtBearer.invalidScopeErrors Meters failed token requests with an OAuth 2.0 JWT bearer assertion that produced an invalid_scope error.

  • tokenEndpoint.jwtBearer.serverErrors Meters failed token requests with an OAuth 2.0 JWT bearer assertion that produced an HTTP 500 error.

  • tokenEndpoint.invalidRequests Meters failed token requests that produced an invalid_request error.

  • tokenEndpoint.unsupportedGrantRequests Meters failed token requests that produced an unsupportedGrant error.

  • tokenRevocationEndpoint.successfulRequests Meters successful token revocation requests.

  • tokenRevocationEndpoint.invalidRequests Meters failed token revocation requests that produced an HTTP 400 error.

  • tokenRevocationEndpoint.invalidClientErrors Meters failed token revocation requests that produced an HTTP 401 error.

  • tokenRevocationEndpoint.invalidTokens Meters silently failed token revocation requests due to an invalid or expired token.

  • tokenRevocationEndpoint.serverErrors Meters failed token revocation requests that produced an HTTP 500 error.

  • userInfoEndpoint.successfulRequests Meters successful UserInfo requests.

  • userInfoEndpoint.invalidRequestErrors Meters failed UserInfo requests that produced an HTTP 400 error.

  • userInfoEndpoint.invalidTokenErrors Meters failed UserInfo requests that produced an HTTP 401 error.

  • userInfoEndpoint.insufficientScopeErrors Meters failed UserInfo requests that produced an HTTP 403 error.

  • userInfoEndpoint.serverErrors Meters failed UserInfo requests that produced an HTTP 500 error.

• timers {object} Timers:

  • tokenEndpoint.code.handlerTimer Times processing of OAuth 2.0 authorisation code grants at the token endpoint.
  • tokenEndpoint.refreshToken.handlerTimer Times processing of OAuth 2.0 refresh token grants at the token endpoint.
  • tokenEndpoint.password.handlerTimer Times processing of OAuth 2.0 password grants at the token endpoint.
  • tokenEndpoint.clientCredentials.handlerTimer Times processing of OAuth 2.0 client credentials grants at the token endpoint.
  • tokenEndpoint.jwtBearer.handlerTimer Times processing of OAuth 2.0 JWT bearer assertion grants at the token endpoint.
  • clientStore.ldapConnector.getTimer Times retrieval of individual client registrations from the LDAP directory (LDAP search operation with scope=base).
  • clientStore.ldapConnector.searchTimer Times bulk retrieval of client registrations from the LDAP directory (LDAP search operations with scope=one).
  • clientStore.ldapConnector.addTimer Times addition of new client registrations to the LDAP directory (LDAP add operations).
  • clientStore.ldapConnector.modifyTimer Times modification of client registrations in the LDAP directory (LDAP modify operations).
  • clientStore.ldapConnector.deleteTimer Times deletion of client registrations from the LDAP directory (LDAP delete operations).
  • authzStore.ldapConnector.getTimer Times retrieval of individual long-lived authorisations from the LDAP directory (LDAP search operation with scope=base).
  • authzStore.ldapConnector.searchTimer Times retrieval of multiple long-lived authorisations, subject lists and client lists (LDAP search operation with scope=one).
  • authzStore.ldapConnector.addTimer Times addition of new long-lived authorisations to the LDAP directory (LDAP add operation).
  • authzStore.ldapConnector.modifyTimer Times modification of long-lived authorisations in the LDAP directory (LDAP modify operations).
  • authzStore.ldapConnector.deleteTimer Times deletion of long-lived authorisations from the LDAP directory (LDAP delete operations).
  • sessionStore.expirationTimer Times purging of expired subject (end-user) sessions.
  • claimsSource.retrievalTimer Times retrieval of UserInfo and other claims from the claims source backend.

Example metrics set:

{
  "version" : "3.0.0",
  "gauges"  : {
    "authzSessionStore.numSessions"                    : { "value" : 0 },
    "authzStore.ldapConnector.maxAvailableConnections" : { "value" : 5 },
    "authzStore.ldapConnector.numAvailableConnections" : { "value" : 1 },
  ...
  }
  ...
}

4.2 Gauge

Gauge from a metrics set.

• value {integer} The current gauge value.

Example gauge:

{
  "value" : 950140456
}

4.3 Meter

Meter from a metrics set.

• count {integer} The number of metered events.
• m1_rate {float} The one-minute exponentially-weighted moving average rate at which events have occurred since start up. This rate has the same exponential decay factor as the one-minute load average in the top Unix command.
• m5_rate {float} The five-minute exponentially-weighted moving average rate at which events have occurred since start up. This rate has the same exponential decay factor as the five-minute load average in the top Unix command.
• m15_rate {float} The fifteen-minute exponentially-weighted moving average rate at which events have occurred since start up. This rate has the same exponential decay factor as the fifteen-minute load average in the top Unix command.
• mean_rate {float} The mean rate at which events have occurred since start up.
• units = “events/second” The unit measure.

Example meter:

{
  "count"     : 2,
  "m15_rate"  : 0.00220381749348163,
  "m1_rate"   : 0.029527305437977176,
  "m5_rate"   : 0.006503044431934881,
  "mean_rate" : 4.2031348626575445E-4,
  "units"     : "events/second"
}

4.4 Timer

Timer from a metrics set.

• count {integer} The number of timed events.
• min {float} The lowest duration value.
• mean {float} The arithmetic mean duration value.
• max {float} The highest duration values.
• p50 {float} The value at the 50th percentile in the distribution.
• p75 {float} The value at the 75th percentile in the distribution.
• p95 {float} The value at the 95th percentile in the distribution.
• p98 {float} The value at the 98th percentile in the distribution.
• p99 {float} The value at the 99th percentile in the distribution.
• p999 {float} The value at the 99.9th percentile in the distribution.
• stddev {float} The standard deviation of the sampled duration values.
• m1_rate {float} The one-minute exponentially-weighted moving average rate at which events have occurred since start up. This rate has the same exponential decay factor as the one-minute load average in the top Unix command.
• m5_rate {float} The five-minute exponentially-weighted moving average rate at which events have occurred since start up. This rate has the same exponential decay factor as the five-minute load average in the top Unix command.
• m15_rate {float} The fifteen-minute exponentially-weighted moving average rate at which events have occurred since start up. This rate has the same exponential decay factor as the fifteen-minute load average in the top Unix command.
• mean_rate {float} The mean rate at which events have occurred since start up.
• duration_units = “seconds” The duration unit measure.
• rate_units = “calls/second” The rate unit measure.

Example timer:

{
  "count"          : 6,
  "max"            : 0.01028953,
  "mean"           : 6.647419832286938E-4,
  "min"            : 6.56503E-4,
  "p50"            : 6.647430000000001E-4,
  "p75"            : 6.647430000000001E-4,
  "p95"            : 6.647430000000001E-4,
  "p98"            : 6.647430000000001E-4,
  "p99"            : 6.647430000000001E-4,
  "p999"           : 6.647430000000001E-4,
  "stddev"         : 9.152683616619665E-8,
  "m15_rate"       : 0.0016652947966130432,
  "m1_rate"        : 1.9309212342695557E-4,
  "m5_rate"        : 0.0015804743529140488,
  "mean_rate"      : 0.0015484305097827385,
  "duration_units" : "seconds",
  "rate_units"     : "calls/second"
}

4.5 Health check results

Connect2id serer health check results.

• clientStore.ldapConnector {object} A JSON object representing the result of checking the health of the LDAP client store connection:

  • healthy {true|false} Indicates the health.

  • [ message ] {string} Diagnostic message if healthy is false.

• authzStore.ldapConnector {object} A JSON object representing the result of checking the health of the LDAP authorisation store connection:

  • healthy {true|false} Indicates the health.

  • [ message ] {string} Diagnostic message if healthy is false.

Example results indicating good health:

{
  "authzStore.ldapConnector"  : { "healthy" : true },
  "clientStore.ldapConnector" : { "healthy" : true }
}

Example result indicating the backend LDAP server is down or unavailable:

{
  "authzStore.ldapConnector"  : { "healthy" : false,
                                  "message" : "An error occurred while attempting to connect to server 127.0.0.1:1389:  java.io.IOException: An error occurred while attempting to establish a connection to server /127.0.0.1:1389:  java.net.ConnectException: Connection refused" },
  "clientStore.ldapConnector" : { "healthy" : false,
                                  "message" : "An error occurred while attempting to connect to server 127.0.0.1:1389:  java.io.IOException: An error occurred while attempting to establish a connection to server /127.0.0.1:1389:  java.net.ConnectException: Connection refused" }
}

5. Errors

401 Unauthorized

The request was denied due to an invalid or missing bearer access token.

Example:

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer
Content-Type: application/json

{
  "error"             : "missing_token",
  "error_description" : "Unauthorized: Missing Bearer access token"
}

500 Internal Server Error

An internal server error has occurred. Check the Connect2id server logs for details.

Example:

HTTP/1.1 500 Internal Server Error
Content-Type: application/json

{
  "error"             : "server_error",
  "error_description" : "Internal server error: Check the logs for details"
}