test

Sun Identity Manager 8.1 System Administrator's Guide

Working with Debugging Tools

You can use several different debugging tools to help identify and fix problems in your Identity Manager deployment. These tools include:

Using the Identity Manager Debug Pages

You can use Identity Manager Debug pages to help identity and fix problems in your deployment. For example, you can enable or disable tracing for various activities and objects, collect statistical information, verify that processes are running, or investigate bottlenecks and memory problems.

The following table describes the most commonly used Debug pages and their actual .jsp file names.

Note –

For a comprehensive list of all Identity Manager Debug pages, open a command window and list the contents of the idm/debugdirectory.

Table 5–5 Identity Manager Debug Pages

Page Name 

Use This Page to 

Control Timings (callTimer.jsp)

Collect and view call timer statistics for different methods. You can use this information to track bottlenecks to specific methods and invoked APIs. You can also use options on the Call Timings page to import or export call timer metrics, such as. 

  • How long to fetch initial User view (with no resources) during a scan

  • How long to refresh initial User view (including resources) during a scan

  • How long to evaluate policy on the User view

  • How long each user scan takes (including User view fetch, policy evaluation, and so forth)

  • How long to fetch a list of users for an access scan

  • How long to evaluate the attestation rule in access review

Note –

Call timing statistics are only collected while trace is enabled.

Edit Trace Configuration (Show_Trace.jsp)

Enable and configure trace settings for the Java classes provided with your Identity Manager installation. You can specify  

  • Which methods, classes, or packages to trace and the level of trace.

  • Whether to send trace information to a file or to standard output and how dates and times are formatted in the trace output file.

  • Maximum number of trace files to store and the maximum size of each file.

  • Specify the maximum number of methods to be cached.

  • Indicate how to write data to the trace file and whether to write data to the trace file as data is generated or to queue and then write the data to a file.

Host Connection Pool (Show_ConnectionPools.jsp )

View connection pool statistics (if you are not using a data source), including pool version, how many connections were created, how many are active, how many connections are in the pool, how many requests were serviced from the pool, and how many connections were corrupted. 

You can also use the Host Connection Pool page to view a summary of the connection pools used to manage connections to the Gateway. You can use this information to investigate low-memory conditions. 

List Cache Cleared (Clear_XMLParser_Cache.jsp)

Clear recently used XML parsers from the cache and investigate low memory conditions. 

Method Timings (Show_Timings.jsp)

Detect and assess hotspots at a method level. Use this page to gather information from Identity Manager methods, including: 

  • Method names

  • How many times the methods were called

  • How many times the methods exited with an error status

  • Average time consumed by the methods

  • Minimum and maximum times consumed by invocations of each method

Object Size Summary (Show_Sizes.jsp)

Detect problematically large objects that can affect your system. This page shows the size of objects (in characters) stored in the repository, including the objects’ total combined size, average size, maximum size, and minimum size. Click entries in the Type column to view the ID, name, and size of the largest configuration objects in the repository. 

Provisioning Threads for Administrator Configurator (Show_Provisioning.jsp)

View a summary of provisioning threads in use by the system (a subset of the information available in Show_Threads.jsp).

System Cache Summary (Show_CacheSummary.jsp)

View the following information to investigate low-memory conditions: 

  • Administrator-associated object caches

  • System object cache

  • User login sessions

  • XML parser cache

System Memory Summary (Show_Memory.jsp )

View how much total and free memory is available (in MB) when you are using memory-intensive functionality, such as reconciliation, to help determine whether there is sufficient memory allocated to the JVM. You can also use this page to launch garbage collection or to clear unused memory in the JVM for investigating heap usage. 

System Properties (SysInfo.jsp)

View information about your environment. 

System Threads (Show_Threads.jsp)

View which processes are running to verify that automated processes are running. Includes information about the process type, process name, priority, if the process is a daemon, and if the process is still alive (running). 

User Session Pool Cleared (Clear_User_Cache.jsp)

Use the Session Pool Clearer page to investigate low memory conditions. 

Waveset Properties (Show_WSProp.jsp)

View and temporarily edit properties in the Waveset.properties file. Edited property settings remain in effect only until the next server restart.

XML Resource Adapter Caches Flushed and Cleared (Clear_XMLResourceAdapter_Cache.jsp )

Clear test XML resource adapters from the cache and use to investigate low memory conditions. 

Note –

See Working With Identity Manager Debug Pages for more information about these Debug pages.

ProcedureTo Access Individual Identity Manager Debug Pages

Before You Begin

You must have the Debug capability to access and execute operations from the Identity Manager Debug pages. If you do not have the Debug capability, an error message results. Administrators and the Configurator are assigned the Debug capability by default.

  1. Open a browser and log into the Administrator interface.

  2. Type the following URL to open the System Settings page:

    http://host:port/idm/debug

    where:

    • host is the local server on which you are running Identity Manager.

    • port is the number of the TCP port on which the server is listening.

      From this page, you can enable or disable tracing for various Identity Manager activities and objects and use the information displayed on these pages to troubleshoot problems in your deployment.

      Some Debug pages are not linked to the System Settings page, and you must type the page’s .jsp file name to open the page. For example:

      http:// host:port/idm/debug/pageName.jsp

      Where pageName.jsp is the particular Debug page you want to open.

Using Identity Manager IDE

The SunTM Sun Identity Manager Integrated Development Environment (Identity Manager IDE) is Java application that enables you to view, customize, and debug Sun Identity Manager (Identity Manager) objects in your deployment.

Specifically, the Identity Manager IDE provides a graphical Debugger that you can use to debug Identity Manager forms, rules, and workflows. You can use this Debugger to set breakpoints and watches, step through code, examine and modify variables, examine classes and the callstack, follow threads, and run multiple sessions.

Instructions for installing and configuring the Sun Identity Manager Integrated Development Environment (Identity Manager IDE) are now available from the following URL:https://identitymanageride.dev.java.net.

Using Identity Manager System Monitoring

You can configure Identity Manager system monitoring to track system events. System monitoring collects and aggregates statistics at various levels to present a real-time view of system events, based on your specifications.

Viewing this information in dashboard graphs enables you to quickly assess system resources, view abnormalities, understand historical performance trends, and interactively isolate problems before looking at audit logs. Although dashboards do not provide as much detail as audit logs, dashboards can indicate where to look for problems in the logs.

For more information about dashboards and system monitoring, see Chapter 8, Reporting, in Sun Identity Manager 8.1 Business Administrator’s Guide.

Working With Adapter Logs

Adapter logs capture information about the adapter that is currently processing. You can use this information to monitor the adapter’s progress and to diagnose and debug adapter problems.

Note –

You must enable tracing and identify the methods for which tracing is requested before any logging can occur. Also, your customized adapter must include calls that create log entries for new methods.

Nearly every adapter has its own log file, path, and log level. You can specify the level of detail captured by the adapter log, along with these other values in the Logging section of the Synchronization Policy for the appropriate Identity Manager or Service Provider user type.

For more information about using adapter log files as a debugging tool, see Troubleshooting Adapters.

Debugging with DTrace

DTrace is a comprehensive, dynamic tracing framework for the Solaris operating environment. DTrace provides more than 30,000 probes into your production system and integrates user- and kernel-level tracing. You can use DTrace to monitor JVM activity. This facility also allows you to use the D language (similar to C or awk) to trace arbitrary data and expressions.

Debugging with JConsole

The Java Monitoring and Management Console (JConsole) is a Java Management Extension (JMX) technology-compliant graphical management tool bundled with JDK 5 (and later). JConsole connects to a running JVM and gathers information from the JVM MBeans in the connected JMX agent.

For example, you can use JConsole to

Note –

For more information about JConsole, see the article titled, Using JConsole to Monitor Applications. You can view this article from the following URL:

http://java.sun.com/developer/technicalArticles/J2SE/jconsole.html