Monitoring performance refers to observing (viewing) performance metrics to make yourself aware of the state specific components. While there are several methods to view performance metrics, this chapter provides the following topics with emphasis on using Oracle Access Management Console:
Monitoring Server Metrics Using Oracle Access Management Console
Monitoring SSO Agent Metrics Using Oracle Access Management Console
See Also:
Chapter 10if you are using Oracle Enterprise Manager Fusion Middleware Control
Component performance metrics can be collected in memory during the completion of particular events. You can monitor the time spent in a particular area or track particular occurrences or state changes.
Oracle Access Management uses the Oracle Dynamic Monitoring Systems (DMS) to measure application-specific performance information for OAM Servers and registered Agents.
Metric collection is the mechanism by which components collect information in memory for particular events. Based on these events, you can monitor the time spent in a particular area or track particular occurrences or state changes. These metrics are kept only in memory and there are several mechanisms to extract and display them: EM, dmsSpy, dmsDump, for instance.
dmsSpy is a Fusion Middleware tool that is part of the WebLogic Application Server. dmsSpy displays the raw DMS data specific to the WebLogic Application Server instance. Displayed information is categorized by Noun Types (OAMS.OAM_ prefix for Oracle Access Management) and includes metrics pertaining to all DMS instrumented applications running in the Weblogic Application Server instance. To see the metrics on a Weblogic instance, go to http://hostname:port/dms/. For example:
http://samplehost:7001/dms/
See Also:
Oracle Fusion Middleware Performance and Tuning Guide for details about instrumenting applications with DMS
Administrators can monitor performance for Access Manager using the Monitoring command on the Actions menu under the System Configuration tab.
In a brower window, go to the DMS Console using the following URL:
http:// <example_AdminServer:Port/dms/
Log in with your Oracle Access Management Administrator credentials.
In the DMS Metric Tables, click the desired metric from those listed to view the results on the right-side of the console.
This section provides the following topics:
Users with valid Oracle Access Management Administrator credentials can use the following procedure to display various performance metrics using the Oracle Access Management Console.
The OAM Sserver must be running.
To monitor performance using Oracle Access Management Console
In the Oracle Access Management Console, go to the System Configuration tab.
Server Instance:
Open the:
From the Actions menu in the navigation tree, click Monitor Menu.
On the Monitor page, click the desired subtab to view results for the server instance:
Proceed to "Reviewing Server Metrics Using Oracle Access Management Console".
This topic provides a look at the Server metrics available when you have a server instance selected in the navigation tree and you choose the Monitoring Menu command on the Actions menu under the System Configuration tab.
Figure 9-1 shows the Server Processes page.
Figure 9-1 Server Processes Overview Page
Server Processes Overview provides the following OAM Server events, organized in individual columns on the tab.
Table 9-1 OAM Server Metrics: Server Processes Overview Tab
Server Metric Columns |
---|
Authorization Process |
Authorization Requests |
Authentication Process Failure |
Authentication Process Success |
Pre Authentication Process Failure |
Pre Authentication Process Success |
Figure 9-2 shows the Session Operations Monitoring tab after detaching the table to display all event metrics in individual columns.
Figure 9-2 OAM Server Metrics: Session Operations Monitoring Page
OAM Server Session Operations metrics include:
Table 9-2 OAM Server Metrics: Session Operations
Session Operations |
---|
Check Session Valid |
Check Session Valid Failure |
Check Session Valid Success |
Create Session |
Create Session Failure |
Create Session Success |
Destroy Session |
Destroy Session Failure |
Destroy Session Success |
Delete Client Session |
Delete Client Session Failure |
Figure 9-3 shows the detached OAM Server Operations Monitoring page.
Figure 9-3 OAM Server Metrics: Server Operations Tab
OAM Server Operations metrics include those in Table 9-3.
Table 9-3 OAM Server Metrics: Server Operations Tab
OAM Server: Operations Metrics |
---|
Authentication Policy Response Failure |
Authentication Policy Response Success |
Authentication Scheme Response Failure |
Authentication Scheme Response Success |
Authentication Failure |
Authentication Failure Responses |
Authentication Policy Response |
Authentication Requests |
Authentication Scheme Response |
Autorization Failure |
Autorization Failure |
Autorization Process Failure |
Autorization Process Success |
Figure 9-4 shows the OAM Server Metrics: OAM Agents tab with all available metrics showing.
Figure 9-4 OAM Server Metrics: OAM Agents Tab
OAM Agent performance metrics include:
Agent Name
Agent Status
Version
This section describes how to review metrics for various components and how to determine whether tuning is needed. The following topics are included:
Users with valid Oracle Access Management Administrator credentials can use the following procedure to display various SSO Agent performance metrics using the Oracle Access Management Console.
The server and agent must be running.
To monitor SSO Agent performance using Oracle Access Management Console
From the Oracle Access Management Console System Configuration tab:
Open the desired agent type node:
OAM Agents
OSSO Agents
OpenSSO Agents: There is no way to monitor this Agent other than OpenSSO Proxy behavior with respect to Agent Requests. See "Reviewing OpenSSO Metrics Using the DMS Console".
Search for the desired agent to monitor, as usual.
In the Search Results table, highlight the desired agent SerialNumber and from the Actions menu select Monitor.
Proceed as needed.
OAM Agent metrics are organized across the following tabs, as shown in Table 9-3:
Connectivity
Operations Overview
Operations Detail
Information
Figure 9-5 OAM Agent Metrics: Monitoring Characteristics
Following figures illustrate detached tables for one OAM Agent with all possible metrics displayed for each:
Figure 9-6, "OAM Agent Metrics: Detached Connectivity Table"
Figure 9-7, "OAM Agent Metrics: Detached Operations Overview Table"
Figure 9-8, "OAM Agent Metrics: Detached Operations Detail Table"
Figure 9-6 OAM Agent Metrics: Detached Connectivity Table
Figure 9-7 OAM Agent Metrics: Detached Operations Overview Table
Figure 9-8 OAM Agent Metrics: Detached Operations Detail Table
Figure 9-9 OAM Agent Metrics: Detached Information Table
When you have an OSSO Agent selected OSSO Agents Search Results table and choose Monitor from the table's Actions menu, the following metrics pages are available:
Figure 9-10 OSSO Agent Monitoring Page with Operation Details
Figure 9-11 illustrates the detached OSSO 10g Agent Monitoring Process Overview table.
Figure 9-11 OSSO Agent Monitoring Process Overview Table
Figure 9-12 illustrates the detached OSSO Agent Information table.
This section provides the following topics:
See Also:
Throughput refers to the number of requests processed per second. Latency refers to the time required to process a particular request. There is less than a 20% latency increase with the introduction of a proxy between Webgate and OAM Server.
Table 9-4 lists the various OAM Proxy metrics available.
Metric | Description |
---|---|
handshakes.active |
Number of active threads doing handshake |
handshakes.avg |
Average time spent performing initial handshake |
handshakes.completed |
Number of times an initial handshake has been executed |
handshakes.maxTime |
Maximum time spent performing initial handshake |
handshakes.minTime |
Minimum time spent performing initial handshake |
handshakes.time |
Total time spent performing initial handshake |
failedHandshakes.count |
Count of failed handshakes |
peerCompatibilityFailures.count |
Count of how many Peer Compatibility Check Failures have happened |
openSecurityMode.count |
Count of how many Open Security Mode handshakes have happened |
simpleSecurityMode.count |
Count of how many Simple Security mode handshakes have happened |
SSLSecurityMode.count |
Count of how many SSL Security Mode handshakes have happened |
negotiateSecurityMode.active |
Number of active threads doing security mode negotiation |
Performance of the OAM Proxy can be tuned by changing its configuration through the Java EE container Administration Console.
Note:
Both the Java EE container Administrator and the Oracle Access Management Administrator can tune performance using the Java EE container Administration Console, which is outside the scope of this book.Table 9-5 provides the tuning parameters for the OAM Proxy.
Table 9-5 OAM Proxy Tuning Parameters
Purpose | Parameter | Type | Value | Description |
---|---|---|---|---|
Denial of Service Attacks |
ConnectionValidationInterval |
Integer |
120 |
The time interval in seconds for validating the connections periodically for denial of service attacks |
BacklogQueue |
Integer |
50 |
Maximum length of backlog queue |
|
MaxNAPHandShakeTime |
Integer |
100 |
The maximum time in milliseconds within which the client should complete the NAP handshake with client. If NAP handshake over a connection is not completed within this time, the connection will be marked as malicious |
This section provides the following topics:
Throughput refers to the number of requests processed per second. Latency refers to the time required to process a particular request. The Events that can be monitored are described in Table 9-6.
Table 9-6 OpenSSO Proxy Server Events
Event | Description |
---|---|
Naming Service Request |
This request is for naming lookups. One can monitor response time taken by the OpenSSO Proxy in servicing this request |
Agent Authentication Process |
Agent Authentication has been captured in two phases:
|
Agent Session Validation |
Agent Session Validation |
User Authentication |
This event is captured for Client SDK's only. One can monitor response time taken to authenticate client SDK's through this diagnostic event |
User Session Validation |
Time taken to validate User Session |
User Authorization |
Time taken for authorization as per the configured policy for the given resource |
Table 9-7 lists the various OpenSSO Proxy metrics available for the named server.
Table 9-7 OpenSSO Proxy Metrics: Server
Metric | Description |
---|---|
AgentAuthentication_Login |
Response time details for Authentication requests during login phase sent by the Agent to authenticate |
AgentAuthentication_LoginFailures |
Count of how many Agent Authentication requests during login phase have failed. |
AgentAuthentication_SubmitRequirements |
Response time details for Authentication requests during Submit Requirements phase send by the Agent to authenticate |
AgentAuthentication_SubmitRequirementsFailures |
Count of how many Agent Authentication requests during Submit Requirements phase have failed |
NamingServiceRequest |
Response time details for Naming Service Request operations |
NamingServiceRequestFailures |
Count of how many Naming Service Request operations have failed |
UserAuthentication_SDK |
Response time details for User Authentication requests |
UserAuthentication_SDKFailures |
Count of how many User authentication Requests have failed |
UserAuthorization |
Response time details for User Authorization operations |
UserAuthorizationFailures |
Count of how many user authorization operations have failed |
ValidateAgentSession |
Response time details for Agent Session Validation operation |
ValidateAgentSessionFailures |
Count of how many agent session validation operations have failed |
ValidateUserSession |
Response time details for User Session Validation operation |
ValidateUserSessionFailures |
Count of how many User session validation operations have failed. |
Table 2 lists the various OpenSSO Proxy metrics available for each OpenSSO Agent.
Table 9-8 OpenSSO Proxy Metrics: Agent
Metric | Description |
---|---|
AgentAuthentication_SubmitRequirements |
Response time details for Authentication requests during Submit Requirements phase collected per Agent |
AgentCacheMode |
Specifies the cache mode for the client policy evaluator. Values can be: subtree or self |
AgentFilterMode |
Specifies how the agent filters requests to protected web applications. The global value functions as a default, and applies for protected applications that do not have their own filter settings |
AgentHostName |
The host name of OpenSSO Agent |
AgentIPAddress |
The IP Address of OpenSSO Agent |
AgentMappingMode |
Specifies the mechanism used to determine the user ID |
AgentState |
The state of OpenSSO Agent: enabled or disabled. |
UserAttributeName |
Specifies the data store attribute that contains the user ID |
UserAuthorization |
Response time details for User Authorization operations collected per Agent |
UserIdentity |
Specifies the session property name for the authenticated user's ID. Default is 'UserToken' |
ValidateAgentSession |
Response time details for Agent Session Validation operation collected per Agent |
agentType |
The type of OpenSSO agent: J2EE or Web Agent |
User with valid Oracle Access Management Administrator credentials can use the procedure here to view OpenSSO Proxy metrics in the DMS console.
The OAM Server must be running.
In a brower window, go to the DMS Console using the following URL:
http:// <example_AdminServer:Port/dms/
Log in with your Oracle Access Management Administrator credentials.
OpenSSO Agent Metrics: In the DMS Metric Tables, click OAMS.OAM_Server.OPENSSO_Agents.
OpenSSO Proxy Metrics: In the DMS Metric Tables, click OAMS.OAM_OpenSSOProxy and view the results on the right side of the console.