New features in OpenIG 3.1: Statistics

OpenIGOpenIG 3.1 is almost out the doors… Just a few days of testing and it will be generally available.

The new version introduces a general purpose auditing framework, and some basic monitoring capabilities. Mark wrote a blog post describing the details of the auditing framework and the monitoring endpoint. I’ve started playing with it for demonstration purposes and wanted to get more out of it.

If you want to expose the monitoring endpoint, you need to add the following 00-monitor.json file under .openig/config/routes/ and decorate a few handlers as Mark describes in his post. You might also want to extend this configuration to require authentication and avoid letting anyone have access to it.

The monitoring endpoint allows to display basic statistics about the different routes: the counts of in progress requests, completed requests and failures. So the output looks like this:

{"Users":{"in progress":0,"completed":6,"internal errors":0},
 "main":{"in progress":1,"completed":1074,"internal errors":0},
 "groups":{"in progress":0,"completed":4,"internal errors":0},
 "Default":{"in progress":0,"completed":16,"internal errors":0},
 "monitor":{"in progress":1,"completed":1048,"internal errors":0}

Each tag represents a route in OpenIG, including the “monitor” one,  “main” representing the sum of all routes.

I was thinking about a better way to visualise the statistics and came up with the idea of a monitoring console. A few lines of Javascript, using JQuery and Bootstrap, an additional configuration file for OpenIG and here’s the result:

Screen Shot 2014-12-09 at 13.15.18

As you can see, this adds a new endpoint with its own audit: /openig/Console. The endpoint can be protected like any other route using OAuth2.0, OpenID Connect, SAML or basic authentication.

Let’s look at what I’ve done.

I’ve added a new route under ~/.openig/config/routes: 00-console.json with a single StaticResponseHandler. Instead of adding the whole content in the json file, I’ve decided to let the handler load the whole content from a file (named console.html). This allows me to separate the logic from the content.


        "type": "StaticResponseHandler",
        "config" : {
            "status": 200,
            "entity": "${read('/Users/ludo/.openig/config/routes/console.html')}"
    "condition": "${exchange.request.method == 'GET'
        and exchange.request.uri.path == '/openig/Console'}",
    "audit" : "Console"

Note that if you are copying the 00-console.json file, you will need to edit the file location to match the absolute path of your console.html file.

Now the console.html file is actually a little bit long to display here. But you can download it here.

But it’s a basic html page, which loads Jquery and Bootstrap:

<!DOCTYPE html>
<html lang="en">
<link rel="stylesheet" href="//">
<!-- Optional theme -->
<link rel="stylesheet" href="">
<!-- Latest compiled and minified JavaScript -->
<script src="//"></script>

And at regular interval (default is 3 seconds), it gets the statistics from the monitoring endpoint, and displays them as a table:

$(document).ready(function () {
    setInterval(function () {
    }, 3000);

The whole Console fits within 60 lines of html and javascript, including some logic to use different colours when internal errors occur on a route.

Finally, the nice thing about the Console, being based on BootStrap, it also has responsive design and allows me to monitor my OpenIG instance from anywhere, including my phone:IMG_4090

If you do install the Console on your instance of OpenIG 3.1 (or one of the latest nightly builds), please send me a screenshot. And if you do customize the javascript for an even nicer look and feel, don’t hesitate to send a pull request.

Securing JBoss JMX console with OpenDS

Steve Millidge, founder of C2B2, has just published a nice and illustrated step by step tutorial for securing JBoss JMX console with LDAP and more specifically the OpenDS directory server. Similar steps could be used to secure all the different subsystems in JBoss, as illustrated in this already 2 years old tutorial about JBoss Portal, OpenSSO and OpenDS.

Technorati Tags: , , , , , ,

New in OpenDS 2.0: Monitoring in the Control Panel

Opends2 PictoOpenDS 2.0 has just been released and there are several new and exciting features in it.

Today we will look at the new feature in the Control Panel: the monitoring aspect.

At first look when we compare the Control Panel for OpenDS 1.2 (on the left below) and the one for OpenDS 2.0 (on the right below), not much has changed. Except for the left bar menu that contains a new section: Monitoring and a status bar at the bottom of the panel.

OpenDS 1.2 Control PanelOpenDS 2.0 Control Panel

Let’s look a little more in details what kind of monitoring information for the OpenDS server is now available:

General Information.

OpenDS 2.0 General Monitoring PanelIn the General Information Panel, you will find overall statistics such Connections, Up Time, but also information related to the system like the name, OS, number of CPUs, available memory in the JVM. You will also have a screen dedicated to the Java VM specific information (see below) such as the version, the vendor, the running arguments, a lot of details about the various segments of memory of the VM. A third screen highlights the work load. The fourth one gives details about the entry cache and the fifth one gives details about the local backend database environment, i.e. low level statistics on memory, transactions, locks in the database. There are more than 50 parameters from the database that you can retrieve and look at with the “Show Operations…” button.

OpenDS 2.0 Monitoring Java VM

The Connection Handler.

The Monitoring Panel for the Connection Handler gives greater details about the LDAP operations that are processed by the server, sorted by kind of Connection: what goes on the LDAP port, what happens on the LDAPS port and the Administrative operations.

OpenDS Connection Monitoring

There are many more statistics information available from the OpenDS server, either through LDAP, JMX or SNMP if you have enabled the later two. Not everything can be displayed in the GUI, and in future version we will provide external tools or widget to graph some of the monitoring information. Meanwhile, play with the Monitoring screens of the OpenDS 2.0 Control Panel, and let us know what you think, what you like, what you feel is missing.

And for a supported version of OpenDS, please check Sun OpenDS Standard Edition 2.0

Technorati Tags: , , , ,