Select whether to monitor live or static statistics:
Statistics: Select this option to view the statistics as currently gathered. The page is static and the statistics are not updated until you click Live Statistics Monitoring.
Live Statistics Monitoring: Select this option to view the statistics as currently gathered and to have them refreshed at the rate specified in the Refresh Rate field.
The ESP Activity page displays information about the communication process between Access Gateway (ESP) and Identity Server. These statistics are grouped into the following categories:
Click Graphs to review historical statistics.
|
Statistic |
Description |
|---|---|
|
Free Memory |
The percentage of free memory available to the JVM (Java Virtual Machine). Click Graphs to view the free memory for a specific unit of time (1 hour, 1 day, 1 week, 1 month, 6 months, or 12 months). The Value axis displays the percentage of free memory. |
|
Statistic |
Description |
|---|---|
|
Provided Authentications |
The number, after Identity Server was started, of successful provided authentications given out to external entities. |
|
Consumed Authentications |
The number, after Identity Server was started, of successful consumed authentications. |
|
Provided Authentication Failures |
The number, after Identity Server was started, of failed provided authentications given out to external entities. |
|
Consumed Authentication Failures |
The number, after Identity Server was started, of failed consumed authentications. NOTE:The statistics does not show the number of invalid password attempt failures of Identity Server in the statistics page. |
|
Historical Maximum Logins Served |
The maximum number of logins served during an interval and displayed after completion of the interval. |
|
Logins in Last Interval |
The number of active user sessions during the last interval. |
|
Logouts |
The number of explicit logouts performed by users. This does not include logouts where an inactive session was destroyed. |
|
Cached Sessions |
The number of currently active cached user sessions. This represents the number of users currently logged into the system with the following caveat: If a single person has two browser windows open on the same client and if that person performed two distinct authentications, then that person has two user sessions. Click Graphs to view the number of cached sessions for a specific unit of time (1 hour, 1 day, 1 week, 1 month, 6 months, or 12 months). The Value axis displays the number of cached sessions. If no sessions have been cached, the value axis is not meaningful. |
|
Cached Ancestral Sessions |
The number of cached ancestral session IDs. An ancestral session ID is created during the failover process. When failover occurs, a new session is created to represent the previous session. The ID of the previous session is termed an “ancestral session ID,” and it is persisted for subsequent failover operations. |
|
Cached Subjects |
The number of current cached subject objects. Conceptually, the cached subjects are identical to the cached principals. |
|
Cached Principals |
The number of current cached principal objects. A principal can be thought of as a single directory user object. Multiple users can log in using a single directory user object, in which case multiple cached sessions would exist sharing a single cached principal. |
|
Cached Artifacts |
The number of current cached artifact objects. During authentication, an artifact is generated that maps to an assertion. This cache holds the artifact to assertion mapping until the artifact resolution request is received. Under normal operations, artifacts are resolved within milliseconds of being placed in this cache. |
Incoming HTTP requests are divided into three categories: active, interval, and historical. As soon as a request is complete, it is placed into the interval category. The interval represents the last 60 seconds of processed requests. At the completion of the 60-second interval, all requests in the interval category are merged into the historical category.
|
Statistic |
Description |
|---|---|
|
Total Requests |
The total number of incoming HTTP requests that have been processed after Identity Server was started. Click Graphs to view the number of requests for a specific unit of time (1 hour, 1 day, 1 week, 1 month, 6 months, or 12 months). The Value axis displays the number of requests for the selected time period. |
|
Currently Active Requests |
The number of currently active incoming HTTP requests. |
|
Oldest Active Request (Milliseconds) |
The age of the oldest currently active incoming HTTP request. |
|
Last Interval Maximum Request Duration (Milliseconds) |
The age of the longest incoming HTTP request that was processed during the last 60-second interval. |
|
Last Interval Mean Request Duration (Milliseconds) |
The mean age of all incoming HTTP requests that were processed during the last 60-second interval. |
|
Historical Maximum Request Duration (Milliseconds) |
The age of the longest incoming HTTP request that was processed after Identity Server was started. |
|
Historical Mean Request Duration (Milliseconds) |
The mean age of all incoming HTTP requests that were processed after Identity Server was started. |
Outgoing HTTP requests are divided into three categories: active, interval, and historical. As soon as a request is complete, it is placed into the interval category. The interval represents the last 60 seconds of processed requests. At the completion of the 60-second interval, all requests in the interval category are merged into the historical category.
|
Statistic |
Description |
|---|---|
|
Total Requests |
The total number of outgoing HTTP requests that have been processed after Identity Server was started. Click Graphs to view the number of requests for a specific unit of time (1 hour, 1 day, 1 week, 1 month, 6 months, or 12 months). The Value axis displays the number of requests for the selected time period. |
|
Currently Active Requests |
The number of currently active outgoing HTTP requests. |
|
Oldest Active Request (Milliseconds) |
The age of the oldest currently active outgoing HTTP request. |
|
Last Interval Maximum Request Duration (Milliseconds) |
The age of the longest outgoing HTTP request that was processed during the last 60-second interval. |
|
Last Interval Mean Request Duration (Milliseconds) |
The mean age of all outgoing HTTP requests that were processed during the last 60-second interval. |
|
Historical Maximum Request Duration (Milliseconds) |
The age of the longest outgoing HTTP request that was processed, after Identity Server was started. |
|
Historical Mean Request Duration (Milliseconds) |
The mean age of all outgoing HTTP requests that were processed, after Identity Server was started. |
|
Statistic |
Description |
|---|---|
|
Liberty Federation |
The number of Liberty protocol federations performed after Identity Server was started. |
|
Liberty De-Federations |
The number of Liberty protocol de-federations performed after Identity Server was started. |
|
Liberty Register-Names |
The number of Liberty protocol register names performed after Identity Server was started. |
An authoritative server is the cluster member that holds the authentication information for a given user session. For a request associated with a given session to be processed, it must be routed (“proxied”) to the authoritative cluster member. If an L4 switch causes a request to go to a non-authoritative cluster member, then that cluster member proxies that request to the authoritative cluster member.
When a request is received, a cluster member uses multiple means to determine which cluster member is the authoritative server for the request. It looks for a parameter on the query string of the URL indicating the authoritative server. It looks for an HTTP cookie indicating the authoritative server. If these do not exist, the cluster member examines the payload of the HTTP request to determine the authoritative server. Payload examinations result in immediate identification of the authoritative server or a user session ID or user identity ID that can be used to locate the authoritative server.
If a user session ID or user identity ID is found, the ID is broadcast to all cluster members asking which member is the authoritative server for the given ID. The authoritative server receives the broadcast message, determines that it indeed holds the given session or user, and responds accordingly.
The higher the number of proxied requests, the lower the performance of the entire system. Furthermore, the higher the number of payload examinations and ID broadcasts, the lower the performance of the entire system.
|
Statistic |
Description |
|---|---|
|
Currently Active Proxied Requests |
The number of currently active proxied HTTP requests. |
|
Total Proxied Requests |
The total number of proxied requests that have been processed after Identity Server was started. These requests were sent to a non-authoritative (wrong) box. |
|
Total Non-Proxied Requests |
The total number of non-proxied requests that have been processed, after Identity Server was started. These requests were sent to the authoritative (correct) box. |
|
Authoritative Server Obtained from URL Parameter |
The total number of authoritative servers identified by using the parameter from the URL query string, after Identity Server was started. |
|
Authoritative Server Obtained from Cookie |
The total number of authoritative servers identified by using the HTTP cookie, after Identity Server was started. |
|
Payload Examinations |
The total number of attempted payload examinations to identify the authoritative server, after Identity Server was started. |
|
Successful Payload Examinations |
The total number of successful payload examinations to identify the authoritative server, after Identity Server was started. |
|
Identity ID Broadcasts |
The total number of attempted Identity ID Broadcasts to identify the authoritative server, after Identity Server was started. |
|
Successful Identity ID Broadcasts |
The total number of successful Identity ID Broadcasts to identify the authoritative server, after Identity Server was started. |
|
Session ID Broadcasts |
The total number of attempted Session ID Broadcasts to identify the authoritative server, after Identity Server was started. |
|
Successful Session ID Broadcasts |
The total number of successful Session ID Broadcasts to identify the authoritative server, after Identity Server was started. |
|
Statistic |
Description |
|---|---|
|
Total Brokering Requests |
The total number of brokering requests created after Identity Server was started. This count is a sum of all connections created to all replicas of the configuration datastore and all user stores. |
|
Total Brokering Requests Denied Due to Group Check |
The total number of brokering authentication requests denied in a target service provider. The brokering group can either be the identity provider or target service provider but both does not belong to the same group. |
|
Total Brokering Requests Denied Due to Role Deny |
The total number of brokering authentication requests to a target service provider denied due to broker policy evaluation denying the role. |
|
Total Brokering Requests Passed |
The total number of brokering requests passed after Identity Server was started. |