...
Code Block |
---|
language | xml |
---|
title | Counter of SAML 1 queries |
---|
collapse | true |
---|
|
<bean id="shibboleth.metrics.MetricStrategy" parent="shibboleth.ContextFunctions.Scripted"
factory-method="inlineScript">
<constructor-arg>
<value>
<![CDATA[
profileType = Java.type("net.shibboleth.idp.saml.saml1.profile.config.AttributeQueryProfileConfiguration");
if (profileType.PROFILE_ID.equals(input.getProfileId())) {
metricCtx = input.getSubcontext("org.opensaml.profile.context.MetricContext");
metricCtx.addCounter("idp.profile.saml1.attributeQueries", "DecodeMessage");
}
true; // Signals success.
]]>
</value>
</constructor-arg>
</bean> |
Finally, here's a way to take advantage of how early the strategy function runs to capture (approximately) the time at the start of a request so that it can be included in the audit log, allowing it to be used with other audit fields to compute the wall clock time to process requests.
Code Block |
---|
language | xml |
---|
title | Capture start time of requests in an audit field |
---|
collapse | true |
---|
|
<bean id="shibboleth.metrics.MetricStrategy" parent="shibboleth.ContextFunctions.Scripted"
factory-method="inlineScript">
<constructor-arg>
<value>
<![CDATA[
dateTimeType = Java.type("org.joda.time.DateTime");
var auditCtx = input.getSubcontext("net.shibboleth.idp.profile.context.AuditContext", true);
auditCtx.getFieldValues("ST").add(new dateTimeType().toString("YYYY-MM-dd'T'HH:mm:ss.SSSZZ"));
true; // Signals success.
]]>
</value>
</constructor-arg>
</bean> |
Reference
Beans
Name | Type | Function |
---|
shibboleth.metrics.MetricRegistry | FilteredMetricRegistry | Registry of all metrics known to the system |
shibboleth.metrics.RegisterMetricSets | MethodInvokingBean | Spring parent bean for invoking the registerMultiple method on the registry |
shibboleth.metrics.RegisterMetricSet | MethodInvokingBean | Spring parent bean for invoking the register method on the registry |
shibboleth.metrics.CoreGaugeSet | MetricSet / MetricFilter | Low-level gauges for OS, Java, and memory information |
shibboleth.metrics.IdPGaugeSet | MetricSet / MetricFilter | Basic IdP system information (version, uptime) |
shibboleth.metrics.LoggingGaugeSet | MetricSet / MetricFilter | Information about the logging service |
shibboleth.metrics.AccessControlGaugeSet | MetricSet / MetricFilter | Information about the access control service |
shibboleth.metrics.MetadataGaugeSet | MetricSet / MetricFilter | Information about the metadata resolver service |
shibboleth.metrics.RelyingPartyGaugeSet | MetricSet / MetricFilter | Information about the RelyingParty configuration service |
shibboleth.metrics.NameIdentifierGaugeSet | MetricSet / MetricFilter | Information about the Name Identifier generation service |
shibboleth.metrics.AttributeResolverGaugeSet | MetricSet / MetricFilter | Information about the attribute resolver service |
shibboleth.metrics.AttributeFilterGaugeSet | MetricSet / MetricFilter | Information about the attribute filter service |
shibboleth.metrics.HTTPReporter | HTTPReporter | A schedulable background reporter that sends a JSON feed of metrics to a URL |
shibboleth.metrics.MetricGroups | Map<String,MetricFilter> | Associates metrics matching a supplied filter with a string label that "names" that set of metrics |
shibboleth.metrics.MetricLevelMap | Map<String,Level> | Optional mapping of metric names to logging levels to associate with the metric |
shibboleth.metrics.DefaultAccessPolicy | String | Name of the access control policy to apply to the metrics API in the absence of a more specific policy |
shibboleth.metrics.AccessPolicyMap | Map<String,String> | Maps a named metric group/filter from the "shibboleth.metrics.MetricGroups" bean to a named access control policy to apply when accessing that group via the API |
shibboleth.metrics.AccessPolicyStrategy | Function<ProfileRequestContext,String> | A mechanism to determine the access control policy to apply to a request to the metrics API, normally relies on the two previous beans but can be replaced if desired |
shibboleth.metrics.AllowedOrigin | String | Optional "Access-Control-Allow-Origin" header value to return within REST API response |
shibboleth.metrics.JSONPCallback | String | Optional name of JSONP callback function to pass the REST API response |
shibboleth.metrics.MetricStrategy | Function<ProfileRequestContext,Boolean> | A hook to provide a function to execute at the beginning of every request that can programmatically enable timers and counters for objects during the execution of that request |
...