Monitoring performance refers to observing (viewing) performance metrics to make yourself aware of the state specific components. While there are several methods to view performance metrics, this chapter provides the following topics with emphasis on using Oracle Access Management Console:
Monitoring Server Metrics Using Oracle Access Management Console
Monitoring SSO Agent Metrics Using Oracle Access Management Console
See Also:
Chapter 11if you are using Oracle Enterprise Manager Fusion Middleware Control
Component performance metrics can be collected in memory during the completion of particular events. You can monitor the time spent in a particular area or track particular occurrences or state changes.
Oracle Access Management uses the Oracle Dynamic Monitoring Systems (DMS) to measure application-specific performance information for OAM Servers and registered Agents.
Metric collection is the mechanism by which components collect information in memory for particular events. Based on these events, you can monitor the time spent in a particular area or track particular occurrences or state changes. These metrics are kept only in memory and there are several mechanisms to extract and display them: EM, dmsSpy, dmsDump, for instance.
dmsSpy is a Fusion Middleware tool that is part of the WebLogic Application Server. dmsSpy displays the raw DMS data specific to the WebLogic Application Server instance. Displayed information is categorized by Noun Types (OAMS.OAM_ prefix for Oracle Access Management) and includes metrics pertaining to all DMS instrumented applications running in the Weblogic Application Server instance. To see the metrics on a Weblogic instance, go to http://hostname:port/dms/. For example:
http://samplehost:7001/dms/
See Also:
Oracle Fusion Middleware Performance and Tuning Guide for details about instrumenting applications with DMS
Administrators can monitor performance for Access Manager using the Monitoring command on the Actions menu under the System Configuration tab.
In a brower window, go to the DMS Console using the following URL:
http:// <example_AdminServer:Port/dms/
Log in with your Oracle Access Management Administrator credentials.
In the DMS Metric Tables, click the desired metric from those listed to view the results on the right-side of the console.
This section provides the following topics:
Users with valid Oracle Access Management Administrator credentials can use the following procedure to display various performance metrics using the Oracle Access Management Console.
The OAM Sserver must be running.
To monitor performance using Oracle Access Management Console
In the Oracle Access Management Console, go to the System Configuration tab.
Server Instance:
Open the:
From the Actions menu in the navigation tree, click Monitor Menu.
On the Monitor page, click the desired subtab to view results for the server instance:
Proceed to "Reviewing Server Metrics Using Oracle Access Management Console".
This topic provides a look at the Server metrics available when you have a server instance selected in the navigation tree and you choose the Monitoring Menu command on the Actions menu under the System Configuration tab.
Figure 10-1 shows the Server Processes page.
Figure 10-1 Server Processes Overview Page
Server Processes Overview provides the following OAM Server events, organized in individual columns on the tab.
Table 10-1 OAM Server Metrics: Server Processes Overview Tab
Server Metric Columns |
---|
Authorization Process |
Authorization Requests |
Authentication Process Failure |
Authentication Process Success |
Pre Authentication Process Failure |
Pre Authentication Process Success |
Figure 10-2 shows the Session Operations Monitoring tab after detaching the table to display all event metrics in individual columns.
Figure 10-2 OAM Server Metrics: Session Operations Monitoring Page
OAM Server Session Operations metrics include:
Table 10-2 OAM Server Metrics: Session Operations
Session Operations |
---|
Check Session Valid |
Check Session Valid Failure |
Check Session Valid Success |
Create Session |
Create Session Failure |
Create Session Success |
Destroy Session |
Destroy Session Failure |
Destroy Session Success |
Delete Client Session |
Delete Client Session Failure |
Figure 10-3 shows the detached OAM Server Operations Monitoring page.
Figure 10-3 OAM Server Metrics: Server Operations Tab
OAM Server Operations metrics include those in Table 10-3.
Table 10-3 OAM Server Metrics: Server Operations Tab
OAM Server: Operations Metrics |
---|
Authentication Policy Response Failure |
Authentication Policy Response Success |
Authentication Scheme Response Failure |
Authentication Scheme Response Success |
Authentication Failure |
Authentication Failure Responses |
Authentication Policy Response |
Authentication Requests |
Authentication Scheme Response |
Autorization Failure |
Autorization Failure |
Autorization Process Failure |
Autorization Process Success |
Figure 10-4 shows the OAM Server Metrics: OAM Agents tab with all available metrics showing.
Figure 10-4 OAM Server Metrics: OAM Agents Tab
OAM Agent performance metrics include:
Agent Name
Agent Status
Version
This section describes how to review metrics for various components and how to determine whether tuning is needed. The following topics are included:
Users with valid Oracle Access Management Administrator credentials can use the following procedure to display various SSO Agent performance metrics using the Oracle Access Management Console.
The server and agent must be running.
To monitor SSO Agent performance using Oracle Access Management Console
From the Oracle Access Management Console System Configuration tab:
Open the desired agent type node:
OAM Agents
OSSO Agents
OpenSSO Agents: There is no way to monitor this Agent other than OpenSSO Proxy behavior with respect to Agent Requests. See "Reviewing OpenSSO Metrics Using the DMS Console".
Search for the desired agent to monitor, as usual.
In the Search Results table, highlight the desired agent SerialNumber and from the Actions menu select Monitor.
Proceed as needed.
OAM Agent metrics are organized across the following tabs, as shown in Table 10-3:
Connectivity
Operations Overview
Operations Detail
Information
Figure 10-5 OAM Agent Metrics: Monitoring Characteristics
Following figures illustrate detached tables for one OAM Agent with all possible metrics displayed for each:
Figure 10-6, "OAM Agent Metrics: Detached Connectivity Table"
Figure 10-7, "OAM Agent Metrics: Detached Operations Overview Table"
Figure 10-8, "OAM Agent Metrics: Detached Operations Detail Table"
Figure 10-9, "OAM Agent Metrics: Detached Information Table"
Figure 10-6 OAM Agent Metrics: Detached Connectivity Table
Figure 10-7 OAM Agent Metrics: Detached Operations Overview Table
Figure 10-8 OAM Agent Metrics: Detached Operations Detail Table
Figure 10-9 OAM Agent Metrics: Detached Information Table
When you have an OSSO Agent selected OSSO Agents Search Results table and choose Monitor from the table's Actions menu, the following metrics pages are available:
Figure 10-10, "OSSO Agent Monitoring Page with Operation Details"
Figure 10-11, "OSSO Agent Monitoring Process Overview Table"
Figure 10-10 OSSO Agent Monitoring Page with Operation Details
Figure 10-11 illustrates the detached OSSO 10g Agent Monitoring Process Overview table.
Figure 10-11 OSSO Agent Monitoring Process Overview Table
Figure 10-12 illustrates the detached OSSO Agent Information table.
Figure 10-12 OSSO Agent Information Table
This section provides the following topics:
See Also:
Throughput refers to the number of requests processed per second. Latency refers to the time required to process a particular request. There is less than a 20% latency increase with the introduction of a proxy between Webgate and OAM Server.
Table 10-4 lists the various OAM Proxy metrics available.
Metric | Description |
---|---|
handshakes.active |
Number of active threads doing handshake |
handshakes.avg |
Average time spent performing initial handshake |
handshakes.completed |
Number of times an initial handshake has been executed |
handshakes.maxTime |
Maximum time spent performing initial handshake |
handshakes.minTime |
Minimum time spent performing initial handshake |
handshakes.time |
Total time spent performing initial handshake |
failedHandshakes.count |
Count of failed handshakes |
peerCompatibilityFailures.count |
Count of how many Peer Compatibility Check Failures have happened |
openSecurityMode.count |
Count of how many Open Security Mode handshakes have happened |
simpleSecurityMode.count |
Count of how many Simple Security mode handshakes have happened |
SSLSecurityMode.count |
Count of how many SSL Security Mode handshakes have happened |
negotiateSecurityMode.active |
Number of active threads doing security mode negotiation |
Performance of the OAM Proxy can be tuned by changing its configuration through the Java EE container Administration Console.
Note:
Both the Java EE container Administrator and the Oracle Access Management Administrator can tune performance using the Java EE container Administration Console, which is outside the scope of this book.Table 10-5 provides the tuning parameters for the OAM Proxy.
Table 10-5 OAM Proxy Tuning Parameters
Purpose | Parameter | Type | Value | Description |
---|---|---|---|---|
Denial of Service Attacks |
ConnectionValidationInterval |
Integer |
120 |
The time interval in seconds for validating the connections periodically for denial of service attacks |
BacklogQueue |
Integer |
50 |
Maximum length of backlog queue |
|
MaxNAPHandShakeTime |
Integer |
100 |
The maximum time in milliseconds within which the client should complete the NAP handshake with client. If NAP handshake over a connection is not completed within this time, the connection will be marked as malicious |
This section provides the following topics:
Throughput refers to the number of requests processed per second. Latency refers to the time required to process a particular request. The Events that can be monitored are described in Table 10-6.
Table 10-6 OpenSSO Proxy Server Events
Event | Description |
---|---|
Naming Service Request |
This request is for naming lookups. One can monitor response time taken by the OpenSSO Proxy in servicing this request |
Agent Authentication Process |
Agent Authentication has been captured in two phases:
|
Agent Session Validation |
Agent Session Validation |
User Authentication |
This event is captured for Client SDK's only. One can monitor response time taken to authenticate client SDK's through this diagnostic event |
User Session Validation |
Time taken to validate User Session |
User Authorization |
Time taken for authorization as per the configured policy for the given resource |
Table 10-7 lists the various OpenSSO Proxy metrics available for the named server.
Table 10-7 OpenSSO Proxy Metrics: Server
Metric | Description |
---|---|
AgentAuthentication_Login |
Response time details for Authentication requests during login phase sent by the Agent to authenticate |
AgentAuthentication_LoginFailures |
Count of how many Agent Authentication requests during login phase have failed. |
AgentAuthentication_SubmitRequirements |
Response time details for Authentication requests during Submit Requirements phase send by the Agent to authenticate |
AgentAuthentication_SubmitRequirementsFailures |
Count of how many Agent Authentication requests during Submit Requirements phase have failed |
NamingServiceRequest |
Response time details for Naming Service Request operations |
NamingServiceRequestFailures |
Count of how many Naming Service Request operations have failed |
UserAuthentication_SDK |
Response time details for User Authentication requests |
UserAuthentication_SDKFailures |
Count of how many User authentication Requests have failed |
UserAuthorization |
Response time details for User Authorization operations |
UserAuthorizationFailures |
Count of how many user authorization operations have failed |
ValidateAgentSession |
Response time details for Agent Session Validation operation |
ValidateAgentSessionFailures |
Count of how many agent session validation operations have failed |
ValidateUserSession |
Response time details for User Session Validation operation |
ValidateUserSessionFailures |
Count of how many User session validation operations have failed. |
Table 2 lists the various OpenSSO Proxy metrics available for each OpenSSO Agent.
Table 10-8 OpenSSO Proxy Metrics: Agent
Metric | Description |
---|---|
AgentAuthentication_SubmitRequirements |
Response time details for Authentication requests during Submit Requirements phase collected per Agent |
AgentCacheMode |
Specifies the cache mode for the client policy evaluator. Values can be: subtree or self |
AgentFilterMode |
Specifies how the agent filters requests to protected web applications. The global value functions as a default, and applies for protected applications that do not have their own filter settings |
AgentHostName |
The host name of OpenSSO Agent |
AgentIPAddress |
The IP Address of OpenSSO Agent |
AgentMappingMode |
Specifies the mechanism used to determine the user ID |
AgentState |
The state of OpenSSO Agent: enabled or disabled. |
UserAttributeName |
Specifies the data store attribute that contains the user ID |
UserAuthorization |
Response time details for User Authorization operations collected per Agent |
UserIdentity |
Specifies the session property name for the authenticated user's ID. Default is 'UserToken' |
ValidateAgentSession |
Response time details for Agent Session Validation operation collected per Agent |
agentType |
The type of OpenSSO agent: J2EE or Web Agent |
User with valid Oracle Access Management Administrator credentials can use the procedure here to view OpenSSO Proxy metrics in the DMS console.
The OAM Server must be running.
In a brower window, go to the DMS Console using the following URL:
http:// <example_AdminServer:Port/dms/
Log in with your Oracle Access Management Administrator credentials.
OpenSSO Agent Metrics: In the DMS Metric Tables, click OAMS.OAM_Server.OPENSSO_Agents.
OpenSSO Proxy Metrics: In the DMS Metric Tables, click OAMS.OAM_OpenSSOProxy and view the results on the right side of the console.