Monitoring in OpenAM
Operational monitoring was new in OpenSSO Express 8. OpenAM Release 9 builds on this functionality with a few enhancements. The OpenAM monitoring framework can be accessing using the following mechanisms.
- JMX: This mechanism offers the greatest degree of functionality and requires a JMX client such as JConsole. OpenAM maintains Management Beans (MBeans) that keep track of the information being monitored. The JMX client accesses the OpenAM MBeans over RMI-JRMP and fetches configuration and operational information.
- HTTP: OpenAM provides a simple HTML interface to its internal MBeans. In release 9, this HTTP interface has authentication and is enabled by default. In previous releases, the HTTP interface was disabled by default due to the lack of authentication functionality.
- SNMP: The trusty SNMP protocol has been used for many years to monitor servers and network services. OpenAM monitoring information can be access using SNMP providing you have the OpenAM MIB.
This release introduces authentication around the HTTP monitoring interface. The HTTP monitoring interface comes from the Java Dynamic Management Kit (JDMK) and therefore does not use any of the normal OpenAM administration accounts such as
amadmin. A new user must be created for user with the JDMK HTTP interface and this user account is automatically created at deployment time.
Default HTTP User
The default HTTP user has the username of
demo with the password of
The authentication file is stored in the following location
CONFIG_BASE/openam/opensso_mon_auth. The sample contents of this file would be as follows:
To change the username for the HTTP authentication, just edit the file and change the left most field to the desired username. Additional users can also be included in this file. The password must be encrypted using the
OpenAM and with it the JDMK framework must be restarted for changes in the authentication file to take effect.