Child pages
  • What's new with Monitoring
Skip to end of metadata
Go to start of metadata

Monitoring in OpenAM

Operational monitoring was new in OpenSSO Express 8. OpenAM Release 9 builds on this functionality with a few enhancements. The OpenAM monitoring framework can be accessing using the following mechanisms.

  • JMX: This mechanism offers the greatest degree of functionality and requires a JMX client such as JConsole. OpenAM maintains Management Beans (MBeans) that keep track of the information being monitored. The JMX client accesses the OpenAM MBeans over RMI-JRMP and fetches configuration and operational information.
  • HTTP: OpenAM provides a simple HTML interface to its internal MBeans. In release 9, this HTTP interface has authentication and is enabled by default. In previous releases, the HTTP interface was disabled by default due to the lack of authentication functionality.
  • SNMP: The trusty SNMP protocol has been used for many years to monitor servers and network services. OpenAM monitoring information can be access using SNMP providing you have the OpenAM MIB.

HTTP Authentication

This release introduces authentication around the HTTP monitoring interface. The HTTP monitoring interface comes from the Java Dynamic Management Kit (JDMK) and therefore does not use any of the normal OpenAM administration accounts such as amadmin. A new user must be created for user with the JDMK HTTP interface and this user account is automatically created at deployment time. 

Default HTTP User

The default HTTP user has the username of demo with the password of changeit.

The authentication file is stored in the following location CONFIG_BASE/openam/opensso_mon_auth. The sample contents of this file would be as follows:

demo AQIC1SSsgjjXf597tTaVJ1BlU/9DZaSuc66Z

To change the username for the HTTP authentication, just edit the file and change the left most field to the desired username. Additional users can also be included in this file. The password must be encrypted using the ampassword command.

Restart Required

OpenAM and with it the JDMK framework must be restarted for changes in the authentication file to take effect.

  • No labels