How to monitor the server
The Connect2id server offers administrators and engineers a number of methods to monitor its service, performance and health:
A monitoring web API with over 100 metrics as well as backend database connection health-checks. The server can be configured to make those metrics available via JMX.
The metrics include:
- user sign-on activity, failed authentications, denied authorisations;
- active user sessions;
- user session creation, retrieval and expiration;
- access token issue;
- client registrations;
- usage of the individual OAuth 2.0 grants (code, implicit, refresh token, etc).
- cluster size.
JMX monitoring of the Infinispan data grid and the individual maps / caches maps in it, such as hit / miss rates, cluster members and size.
The session store web API for checking how many and which users are currently online.
The authorisation store web API for monitoring and inspecting persisted authorisations.
The persisted client registrations, long-lived authorisations and other data can also be inspected in the database where they have been stored:
For an RDBMS with a generic SQL client, or vendor specific client like MySQL Workbench or pgAdmin;
For an LDAP database, with an LDAP client or browser, such as Apache Directory Studio.
- The server logs.
- Quick start
- Standard endpoints
- Run in Docker
- Deployment checklist
- FAPI checklist
- Non-localhost evaluation
- mTLS termination proxy setup
- Global DynamoDB tables
- Issuer aliases
- OpenID Connect Federation 1.0
- Data migration
- LDAP directory setup
- LDAP backend migration
- OpenLDAP schema update
- OpenDJ records migration
- Login page integration
- Logout UI integration
- OAuth scopes
- Access token
- eKYC / Identity Assurance
- Third party identity federation
- Identity federation in mobile apps
- OpenID for verifiable presentations
- User session timeouts
- User account switching
- Explicitly typed ID tokens and UserInfo JWTs
- Custom OAuth grants
- Client-based sessions
- CORS response mode
- SPI implementation
- Client registration
- Initial token for client registration
- Client authentication
- OpenID Connect claims
- Pairwise subject IDs
- Redirection URI template
- Load balancing and health checks
- Clustering in AWS
- Interpreting Infinispan / JGroups logs
- Key login metrics
- Detect and purge disused clients
- HTTPS for localhost client testing
- Release notes
- Old versions