For programmatic access to the Identity Server statistics, you must enable the Representational State Transfer (REST) API.
To enable the REST API:
Place the nidpmonitor.txt file in to the WEB-INF directory of the Identity Server and ESP webapp.
For Identity Server:
Linux: /opt/novell/nam/idp/webapps/nidp/WEB-INF/
Windows: \Program Files (x86)\Novell\Tomcat\webapps\nidp\WEB-INF/
For ESP:
Linux: /opt/novell/nam/mag/webapps/nesp/WEB-INF/
Windows: \Program Files\Novell\Tomcat\webapps\nesp\WEB-INF
Add the following line in nidpmonitor.txt:
urn:novell:nidp:monitor:anyaccess
After this line, you must add the IP addresses of the servers from which you will be making calls to the REST API. Example content of the nidpmonitor.txt file:
urn:novell:nidp:monitor:anyaccess10.0.0.0172.16.0.0
Restart the Identity Server.
IMPORTANT:Frequent requests to get the statistics impact the system performance. It is recommended to keep a five minutes interval between every probe for the statistics.
The Identity Server uses this REST endpoint: https://<DNS FQDN of NIDP>:<port>/nidp/app/monitor.
ESP uses this REST endpoint: https://<DNS FQDN of ESP>:<port>/nesp/app/monitor.
The endpoint takes the following three parameters:
Parameter |
Value |
Description |
---|---|---|
displayType |
XML |
This parameter specifies the output display type. Currently it supports only XML. |
command |
See Supported Commands and Their Outputs for details of the commands which support this parameter. |
This specifies the monitored statistics that are to be displayed. |
reset |
This parameter can take only "True" as value. See Supported Commands and Their Outputsfor details of the commands which support reset. |
This specifies the monitored statistics that is to be reset. |
The following list includes supported commands:
NOTE:When using the curl command, place the URL inside double quotes (""). Otherwise, the XML data does not render. For example, curl -k "https://<domain>:<port>/nidp/app/monitor?command=inUrlTypes&displayType=xml".
This command supports reset. This command displays the monitored statistics of incoming HTTP requests to the Identity Server.
Example output:
<?xml version="1.0" encoding="UTF-8"?><InComingHTTPRequests> <ThreadIntervals> <NamedValues> <NamedValue name="Total" value="61" /> <NamedValue name="Current Requests" value="1" /> </NamedValues> <ActiveObjects abandoned="0"> <ActiveObject name="ajp-bio-/127.0.0.1-9019-exec-23" age="3"> </ActiveObject> </ActiveObjects> <Historical> <Spectrometer dataPoints="22" totalCount="60" maxDataPoints="500"> <max>145</max> <min>1</min> <mean>18</mean> </Spectrometer> </Historical> </ThreadIntervals></InComingHTTPRequests>
This command supports reset. This command displays counts of the URL types and services that have been requested to the Identity Server.
Example output:
<UrlTypes> <NamedValues> <NamedValue name="CMD: /app/, monitor" value="15" /> <NamedValue name="CMD: /app/, ping" value="13" /> <NamedValue name="CMD: /idff, soap" value="1" /> <NamedValue name="CMD: /idff, sso" value="4" /> <NamedValue name="JSP: content.jsp" value="1" /> </NamedValues></UrlTypes>
This command supports reset. This command displays the monitored statistics of outgoing HTTP requests from the Identity Server.
Example output:
<?xml version="1.0" encoding="UTF-8"?><OutGoingHTTPRequests> <ThreadIntervals> <NamedValues> <NamedValue name="Total" value="25" /> </NamedValues> <Historical> <Spectrometer dataPoints="10" totalCount="25" maxDataPoints="500"> <max>51</max> <min>2</min> <mean>12</mean> </Spectrometer> </Historical> </ThreadIntervals></OutGoingHTTPRequests>
This command does not support reset. This command displays the setup details of the Identity Server configuration store and the user store.
Example output:
<UserStoreManager id="MGf373f25e-5a95-484e-85fe-2d3f073e3c28"> <TrustConfigDataStore> <UserStore id="USef25d609-7577-4bab-a705-f00b5406f2cc" systemId="cn=SCC7u0ouw,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell" displayName="" directoryName="Novell eDirectory" adminUserName="ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell" idleTimeout="10000" bindTimeout="0" allowRebind="true" maxWaitReservations="-1"> <Replicas> <Replica id="0c498978-2d16-4b25-ae41-484fca62fc36" systemId="PseudoXMLBasedUserStoreReplicaDN0" displayName="Replica 1" host="ldaps:// 10.0.0.0" port="636" maxConnections="5" doSSL="true"> <ConnectionPool id="PL8928e311-6a84-494a-b61a-5ff43005dd6f:0c498978-2d16-4b25-ae41-484fca62fc36" adminUserName="ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell" maxConnections="5" skipCount="10" waitResTimeout="60000" waitResSleep="20" waitResSleepIterCount="3000" load="0"> <AdminConnections> <Connection id="0adff495-9321-485c-b156-66deceeefa84" type="admin" checkedOut="false" IdleAge="5985087" /> </AdminConnections> </ConnectionPool> </Replica> </Replicas> </UserStore> </TrustConfigDataStore> <UserStores> <UserStore id="USc15e7906-d4a9-41c3-8438-cd10fb6c7a89" systemId="cn=USmkp9m,cn=Alrre4,cn=SCC7u0ouw,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell" displayName="SingleBoxUserStore" directoryName="Novell eDirectory" adminUserName="cn=admin,o=novell" idleTimeout="10000" bindTimeout="0" allowRebind="true" maxWaitReservations="-1"> <SearchContexts> <SearchContext order="0" scope="1" context="o=novell" /> </SearchContexts> <Replicas> <Replica id="0a307605-8946-4455-8080-f1819562481d" systemId="cn=USRlxnx69,cn=USmkp9m,cn=Alrre4,cn=SCC7u0ouw,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell" displayName="SingleBoxUserStoreReplica" host="ldaps:// 10.0.0.0" port="636" maxConnections="20" doSSL="true"> <ConnectionPool id="PLce0653bc-488d-4e7c-81a5-08e935d83c82:0a307605-8946-4455-8080-f1819562481d" adminUserName="cn=admin,o=novell" maxConnections="20" skipCount="10" waitResTimeout="60000" waitResSleep="20" waitResSleepIterCount="3000" load="0"> <AdminConnections> <Connection id="b1c0a413-2c36-4b64-831c-b0849421c7a0" type="admin" checkedOut="false" IdleAge="259357" /> </AdminConnections> </ConnectionPool> </Replica> </Replicas> </UserStore> </UserStores></UserStoreManager>
This command does not support reset. This command displays counts of the Identity Server LDAP connection.
Example output:
<LdapConnections> <TotalAdded admin="25" user="1" /> <TotalRemoved admin="23" user="1" /> <CurrentValidInUse admin="0" user="0" /> <CurrentValidOutOfUse admin="2" user="0" /> <CurrentInvalidEstd admin="0" user="0" /> <CurrentInvalidNonEstd admin="0" user="0" /> <TotalForceCloseSuccess admin="23" user="1" /> <TotalForceCloseError admin="0" user="0" /> <TotalForceCloseNonEstd admin="0" user="0" /></LdapConnections>
This command supports reset. This command displays statistics of the Identity Server LDAP connection wait time.
Example output:
<LDAPConnectionWaits></LDAPConnectionWaits>
This command does not support reset. This command displays statistics of the Identity Server LDAP replica.
Example output:
<LdapReplicaStatsCollection> <TrustConfigDataStoreStats> <LdapReplicaStats displayName="Replica 1" host="ldaps:// 10.0.0.0 " inRestart="false" load="0"> <ExistingAdminConnectionReservation admin="97" /> <NewConnections admin="2" user="0" /> <Rebinds user="0" /> <InvalidRebinds user="0" /> <Waits admin="0" user="0" /> <WaitExpired admin="0" user="0" /> <WaitSkipped admin="0" user="0" /> <WaitHitMaxSkipped admin="0" user="0" /> </LdapReplicaStats> </TrustConfigDataStoreStats> <LdapReplicaStats displayName="SingleBoxUserStoreReplica" host="ldaps://10.0.0.0" inRestart="false" load="0"> <ExistingAdminConnectionReservation admin="86" /> <NewConnections admin="28" user="1" /> <Rebinds user="0" /> <InvalidRebinds user="0" /> <Waits admin="0" user="0" /> <WaitExpired admin="0" user="0" /> <WaitSkipped admin="0" user="0" /> <WaitHitMaxSkipped admin="0" user="0" /> </LdapReplicaStats></LdapReplicaStatsCollection>
This command does not support reset. This command displays performance statistics of the Identity Server LDAP replica.
Example output:
<?xml version="1.0" encoding="UTF-8"?><LdapReplicaPerfCollection> <TrustConfigDataStorePerf> <LdapReplicaPerf displayName="Replica 1" inRestart="false" load="0" host="ldaps://10.0.0.0"> <AllOpsDuration> <Interval> <Spectrometer dataPoints="5" totalCount="6" maxDataPoints="300"> <max>46</max> <min>1</min> <mean>16</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="11" totalCount="100" maxDataPoints="500"> <max>93</max> <min>1</min> <mean>3</mean> </Spectrometer> </Historical> </AllOpsDuration> <CreateConnDuration> <Interval> <Spectrometer dataPoints="2" totalCount="2" maxDataPoints="300"> <max>46</max> <min>44</min> <mean>45</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="1" totalCount="1" maxDataPoints="500"> <max>93</max> <min>93</min> <mean>93</mean> </Spectrometer> </Historical> </CreateConnDuration> <CloseConnDuration> <Interval> <Spectrometer dataPoints="1" totalCount="2" maxDataPoints="300"> <max>1</max> <min>1</min> <mean>1</mean> </Spectrometer> </Interval> </CloseConnDuration> <SearchDuration> <Interval> <Spectrometer dataPoints="2" totalCount="2" maxDataPoints="300"> <max>3</max> <min>2</min> <mean>2</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="8" totalCount="95" maxDataPoints="500"> <max>11</max> <min>1</min> <mean>2</mean> </Spectrometer> </Historical> </SearchDuration> <GetDuration> <Historical> <Spectrometer dataPoints="4" totalCount="4" maxDataPoints="500"> <max>10</max> <min>1</min> <mean>6</mean> </Spectrometer> </Historical> </GetDuration> <ModifyDuration></ModifyDuration> <CreateObjDuration></CreateObjDuration> <DeleteObjDuration></DeleteObjDuration> <ExtDuration></ExtDuration> <RebindDuration></RebindDuration> </LdapReplicaPerf> </TrustConfigDataStorePerf> <LdapReplicaPerf displayName="SingleBoxUserStoreReplica" inRestart="false" load="0" host="ldaps://10.0.0.0"> <AllOpsDuration> <Interval> <Spectrometer dataPoints="5" totalCount="19" maxDataPoints="300"> <max>46</max> <min>1</min> <mean>13</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="5" totalCount="9" maxDataPoints="500"> <max>43</max> <min>0</min> <mean>5</mean> </Spectrometer> </Historical> </AllOpsDuration> <CreateConnDuration> <Interval> <Spectrometer dataPoints="2" totalCount="5" maxDataPoints="300"> <max>46</max> <min>45</min> <mean>45</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="1" totalCount="1" maxDataPoints="500"> <max>43</max> <min>43</min> <mean>43</mean> </Spectrometer> </Historical> </CreateConnDuration> <CloseConnDuration> <Interval> <Spectrometer dataPoints="1" totalCount="5" maxDataPoints="300"> <max>1</max> <min>1</min> <mean>1</mean> </Spectrometer> </Interval> </CloseConnDuration> <SearchDuration> <Interval> <Spectrometer dataPoints="2" totalCount="3" maxDataPoints="300"> <max>2</max> <min>1</min> <mean>1</mean> </Spectrometer> </Interval> </SearchDuration> <GetDuration> <Interval> <Spectrometer dataPoints="2" totalCount="3" maxDataPoints="300"> <max>2</max> <min>1</min> <mean>1</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="2" totalCount="4" maxDataPoints="500"> <max>2</max> <min>1</min> <mean>1</mean> </Spectrometer> </Historical> </GetDuration> <ModifyDuration></ModifyDuration> <CreateObjDuration></CreateObjDuration> <DeleteObjDuration></DeleteObjDuration> <ExtDuration> <Interval> <Spectrometer dataPoints="2" totalCount="2" maxDataPoints="300"> <max>2</max> <min>1</min> <mean>1</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="3" totalCount="4" maxDataPoints="500"> <max>3</max> <min>0</min> <mean>1</mean> </Spectrometer> </Historical> </ExtDuration> <RebindDuration> <Interval> <Spectrometer dataPoints="1" totalCount="1" maxDataPoints="300"> <max>3</max> <min>3</min> <mean>3</mean> </Spectrometer> </Interval> </RebindDuration> </LdapReplicaPerf></LdapReplicaPerfCollection>
This command does not support reset. This command displays statistics of the Identity Server LDAP replica failure.
Example output:
<?xml version="1.0" encoding="UTF-8"?><LdapReplicaFailureCollection> <TrustConfigDataStoreFailure> <LdapReplicaFailurePerf displayName="Replica 1" inRestart="false" load="0" host="ldaps://10.0.0.0"> <AllOpsDuration> <Historical> <Spectrometer dataPoints="2" totalCount="3" maxDataPoints="500"> <max>2</max> <min>1</min> <mean>1</mean> </Spectrometer> </Historical> </AllOpsDuration> <CreateConnDuration></CreateConnDuration> <CloseConnDuration></CloseConnDuration> <SearchDuration></SearchDuration> <GetDuration> <Historical> <Spectrometer dataPoints="2" totalCount="3" maxDataPoints="500"> <max>2</max> <min>1</min> <mean>1</mean> </Spectrometer> </Historical> </GetDuration> <ModifyDuration></ModifyDuration> <CreateObjDuration></CreateObjDuration> <DeleteObjDuration></DeleteObjDuration> <ExtDuration></ExtDuration> <RebindDuration></RebindDuration> </LdapReplicaFailurePerf> </TrustConfigDataStoreFailure> <LdapReplicaFailurePerf displayName="SingleBoxUserStoreReplica" inRestart="false" load="0" host="ldaps://10.0.0.0"> <AllOpsDuration> <Interval> <Spectrometer dataPoints="2" totalCount="2" maxDataPoints="300"> <max>3054</max> <min>3051</min> <mean>3052</mean> </Spectrometer> </Interval> </AllOpsDuration> <CreateConnDuration> <Interval> <Spectrometer dataPoints="2" totalCount="2" maxDataPoints="300"> <max>3054</max> <min>3051</min> <mean>3052</mean> </Spectrometer> </Interval> </CreateConnDuration> <CloseConnDuration></CloseConnDuration> <SearchDuration></SearchDuration> <GetDuration></GetDuration> <ModifyDuration></ModifyDuration> <CreateObjDuration></CreateObjDuration> <DeleteObjDuration></DeleteObjDuration> <ExtDuration></ExtDuration> <RebindDuration></RebindDuration> </LdapReplicaFailurePerf></LdapReplicaFailureCollection>
This command does not support reset. This command displays performance statistics of the Identity Server local authentication.
Example output:
<?xml version="1.0" encoding="UTF-8"?><AuthenticationPerformance> <NamedValues> <NamedValue name="Provided Authentications" value="2" /> <NamedValue name="Consumed Authentications" value="3" /> <NamedValue name="Consumed Authentications Failures" value="6" /> <NamedValue name="Historical PEAK Logins" value="1" /> <NamedValue name="Logouts" value="2" /> </NamedValues> <LocalAuthDuration historicalMean="106" intervalMean="105"> <ContractStats name="Name/Password - Form"> <Historical> <Spectrometer dataPoints="1" totalCount="1" maxDataPoints="500"> <max>100</max> <min>100</min> <mean>100</mean> </Spectrometer> </Historical> </ContractStats> <ContractStats name="MyTwoContracts"> <Interval> <Spectrometer dataPoints="1" totalCount="1" maxDataPoints="300"> <max>105</max> <min>105</min> <mean>105</mean> </Spectrometer> </Interval> <Historical> <Spectrometer dataPoints="1" totalCount="1" maxDataPoints="500"> <max>113</max> <min>113</min> <mean>113</mean> </Spectrometer> </Historical> </ContractStats> </LocalAuthDuration> </AuthenticationPerformance>