{"type":"doc","content":[{"type":"paragraph","content":[{"text":"Current File(s):","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"conf/admin/metrics.xml","type":"text","marks":[{"type":"em"}]},{"text":",","type":"text"},{"text":" conf/admin/general-admin.xml ","type":"text","marks":[{"type":"em"}]},{"text":"(V4.0), ","type":"text"},{"text":"conf/admin/admin.properties","type":"text","marks":[{"type":"em"}]},{"text":" (V4.1+),","type":"text"},{"text":" conf/logback.xml","type":"text","marks":[{"type":"em"}]},{"type":"hardBreak"},{"text":"Format:","type":"text","marks":[{"type":"strong"}]},{"text":" Native Spring, Logback, Properties (V4.1+)","type":"text"}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{},"macroMetadata":{"macroId":{"value":"51f325a9-de67-47e1-b92c-6381c3c7990d"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"77a33583-ac11-4f05-8192-dd8bc7dc2585"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"The IdP includes a framework for instrumentation, diagnostics, and performance management that complements the ","type":"text"},{"text":"logging","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631710"}}]},{"text":" support and integrates with it to allow tuning of instrumentation overhead. The framework is based on the ","type":"text"},{"text":"Metrics","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/"}}]},{"text":" library and includes a number of related features:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"some built-in metrics providing low-level system information, software versions, etc.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"a small number of built-in metrics exposed by the IdP itself, including a customizeable set of configuration properties","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"a facillity for installing timers and counters to measure request handling","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"an API for accessing metrics (all or a subset) in JSON format","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"the ability to schedule reports of metrics in JSON format out to an http(s) collection point","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Most of these features are configured whole or in part via ","type":"text"},{"text":"conf/admin/metrics.xml","type":"text","marks":[{"type":"em"}]},{"text":" and are discussed below.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"General Configuration","type":"text"}]},{"type":"paragraph","content":[{"text":"The core bean in the metric system is a ","type":"text"},{"text":"MetricRegistry","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricRegistry.html"}}]},{"text":" that stores all of the active metrics in the system for use by various other reporting objects. Certain kinds of metrics are subject to your control and can be selectively installed or skipped based on what gets registered, at startup. By default various sets of metrics are installed for you via a bean in ","type":"text"},{"text":"metrics.xml","type":"text","marks":[{"type":"em"}]},{"text":" that inherits from ","type":"text"},{"text":"shibboleth.metrics.RegisterMetricSets,","type":"text","marks":[{"type":"strong"}]},{"text":" which is a way of using Spring to call the registration method. The pre-installed metrics largely overlap with the information available from the now-deprecated status page.","type":"text"}]},{"type":"paragraph","content":[{"text":"Also provided by default, but commented out, are references to a number of lower level metric sets related to the JVM.","type":"text"}]},{"type":"paragraph","content":[{"text":"The way to think about these particular metrics is that they're \"external\" to the IdP for the most part, in the sense that they're objects that access public interfaces of IdP, OpenSAML, and Java components, and use them to report information. Because they're external, they can be selectively installed (or not) just by registering them (or not).","type":"text"}]},{"type":"paragraph","content":[{"text":"A lot of the other interesting metrics in the system are \"internal\", in the sense that they're implemented either wholly, or in conjunction with, internal classes themselves, and typically are not something you specifically need to register yourself. Instead, you have the ability to enable or disable all metrics using a ","type":"text"},{"text":"MetricFilter","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricFilter.html"}}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Logger-Driven Filtering","type":"text"}]},{"type":"paragraph","content":[{"text":"The registry of metrics is extended by Shibboleth with the ability to \"filter\" metrics by reusing the ","type":"text"},{"text":"logging configuration","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631710"}}]},{"text":"'s ability to adjust the logging level of particular categories hierarchically. By naming metrics in a similar way, it's possible to effectively enable and disable metrics at runtime, which can have very small (or in rare cases, less small) impacts on performance. You may want to leave a metric configured all the time, but toggle it on only at particular times. Using the logging layer is easy, flexible, reloadable, and ignorable if you don't care about the overhead.","type":"text"}]},{"type":"paragraph","content":[{"text":"Every metric has a name in dotted-separator notation (i.e., the same as a logging category) and you can control the on/off status of a particular metric or set of metrics by manipulating the level of a corresponding logging category with the prefix \"metrics.\" That is, a metric named \"net.shibboleth.idp.version\" is controlled by a logging category named \"metrics.net.shibboleth.idp.version\".","type":"text"}]},{"type":"paragraph","content":[{"text":"By default, all metrics are enabled at the \"INFO\" level.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Reporting","type":"text"}]},{"type":"paragraph","content":[{"text":"There are two built-in mechanisms provided for reporting out metrics, along with a variety of options available within the Metrics library itself that deployers may choose to wire in with Spring. For example, it's possible to expose metrics via JMX, through logging, via the console, to databases, etc.","type":"text"}]},{"type":"paragraph","content":[{"text":"The two generic approaches that come \"ready to deploy\" are both centered around use of JSON as a reporting format, and both pull (via a REST API) and push (via an HTTP reporter) are provided.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"REST API","type":"text"}]},{"type":"paragraph","content":[{"text":"As a (greatly enhanced) replacement for the status page, an ","type":"text"},{"text":"Administrative","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631720"}}]},{"text":" flow is provided for access to specific metrics, named groups, or all of the metrics in the system, in JSON or JSONP format.","type":"text"}]},{"type":"paragraph","content":[{"text":"High level configuration of this flow is handled by ","type":"text"},{"text":"conf/admin/general-admin.xml","type":"text","marks":[{"type":"em"}]},{"text":", but in most cases the defaults suffice and the real configuration, if any, takes place in ","type":"text"},{"text":"conf/admin/metrics.xml","type":"text","marks":[{"type":"em"}]},{"text":".","type":"text"}]},{"type":"paragraph","content":[{"text":"There are two main features you can configure:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Naming custom groupings of metrics for ease of access, and access control.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Applying specific access control policies to metrics or groups of metrics.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"By default, the REST API provides access to either all metrics (via ","type":"text"},{"text":"/idp/profile/admin/metrics","type":"text","marks":[{"type":"em"}]},{"text":"), or to a specific metric by attaching the name to the end of the path (e.g., ","type":"text"},{"text":"/idp/profile/admin/metrics/net.shibboleth.idp.version).","type":"text","marks":[{"type":"em"}]}]},{"type":"paragraph","content":[{"text":"In addition, a number of predefined \"groups\" are configured for you by default, in a bean named ","type":"text"},{"text":"shibboleth.metrics.MetricGroups","type":"text","marks":[{"type":"strong"}]},{"text":". The groups associate an object that implements the ","type":"text"},{"text":"MetricFilter","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricFilter.html"}}]},{"text":" interface with a shorthand name, and allow you to access all the metrics that satisfy the filter by using the group name on the end of the path in place of a specific metric name. For example, the default configuration allows a number of metrics related to the metadata layer to be accessed via ","type":"text"},{"text":"/idp/profile/admin/metrics/metadata","type":"text","marks":[{"type":"em"}]},{"text":".","type":"text"}]},{"type":"paragraph","content":[{"text":"The other purpose of these groups is for access control. By default, access to the entire REST API is governed by a default policy identified by ","type":"text"},{"text":"shibboleth.metrics.DefaultAccessPolicy","type":"text","marks":[{"type":"strong"}]},{"text":". If you need more fine-grained control, you can fill in the map defined by ","type":"text"},{"text":"shibboleth.metrics.AccessPolicyMap","type":"text","marks":[{"type":"strong"}]},{"text":" with entries connecting a metric name or metric group name with a named policy to apply.","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Note that metrics may be accessed by multiple paths (e.g., directly by themselves or via a group), so typically group or specific metric policies would be used to \"open up\" broader access to a set of metrics beyond the default policy, which would remain more locked down.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"A couple of additional obscure features: it's possible to control the \"Access-Control-Allow-Origin\" header and turn the feed into a JSONP callback using String beans (see the Reference below) for more exotic uses of the API.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"HTTP Reporters","type":"text"}]},{"type":"paragraph","content":[{"text":"As an alternative to a pull model, the IdP can push metric information out to an HTTP server as a collection point. This is not enabled by default, but some basic configuration support is provided inside a comment in ","type":"text"},{"text":"conf/admin/metrics.xml","type":"text","marks":[{"type":"em"}]},{"text":".","type":"text"}]},{"type":"paragraph","content":[{"text":"You can define any number of reporters using the parent bean ","type":"text"},{"text":"shibboleth.metrics.HTTPReporter","type":"text","marks":[{"type":"strong"}]},{"text":". The reporter bean is configured with the URL to access, and can be injected with an HttpClient bean for control over many aspects of the HTTP connection, such as timeouts, how to evaluate a server's TLS certificate, etc. It's also possible to add a ","type":"text"},{"text":"MetricFilter","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricFilter.html"}}]},{"text":" constructor argument to limit which metrics are actually included.","type":"text"}]},{"type":"paragraph","content":[{"text":"In addition to defining the bean itself, it must be \"scheduled\" by calling its \"start\" method with a timer interval, as illustrated in the default file.","type":"text"}]},{"type":"paragraph","content":[{"text":"The format of the data is identical to the format returned by the REST API.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Per-Profile Instrumentation","type":"text"}]},{"type":"paragraph","content":[{"text":"In addition to the built-in metrics, support exists across a number of components (primarily the ","type":"text"},{"text":"Action","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631863"}}]},{"text":" beans and a few of the major services like the Attribute Resolver and Attribute Filter) to add counters and timers to specific requests. This is done by providing a script (or alternative Java code, but a script is simpler) to add the counters and timers to install.","type":"text"}]},{"type":"paragraph","content":[{"text":"The names of the metrics are arbitrary; the metrics are attached to specific objects based on an identifier for the object that usually will consist of either the Spring bean ID or the simple name of a Java class. This usually requires some specific knowledge of the internals of the system, but advice is available on the support list about how to measure particular parts of the system.","type":"text"}]},{"type":"paragraph","content":[{"text":"The two kinds of metrics supported are simple counters that measure how often a component runs, and timers that measure the time elapsed between a starting and stopping point. With respect to profile actions, the system will check to see if the execution of the action should be counted and if a timer should be started (at the beginning of execution) or stopped (at the end). The latter means that it's possible to start a timer in one action and stop it in another, bracketing larger parts of a request than just a single action.","type":"text"}]},{"type":"paragraph","content":[{"text":"(The above is best explained with an example, so keep reading.)","type":"text"}]},{"type":"paragraph","content":[{"text":"Control over the installation of these metrics is managed by a bean of type Function<","type":"text"},{"text":"ProfileRequestContext","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-opensaml.cgi/org.opensaml.profile.context.ProfileRequestContext"}}]},{"text":",Boolean> named ","type":"text"},{"text":"shibboleth.metrics.MetricStrategy","type":"text","marks":[{"type":"strong"}]},{"text":". The function's job is to manipulate a ","type":"text"},{"text":"MetricContext","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-opensaml.cgi/org.opensaml.profile.context.MetricContext"}}]},{"text":" child context to configure the metrics to activate for the request. The javadoc for that child context class describes the methods available to add counters and timers.","type":"text"}]},{"type":"paragraph","content":[{"text":"The example provided by default illustrates a simple use case: measuring the time it takes to resolve attributes during the request. In the example, a timer named \"idp.attribute.resolution\" is installed that starts when the \"ResolveAttributes\" action starts and stops when the \"FilterAttributes\" action finishes. This demonstrates that timers can extend beyond a single step in a flow. You could just as easily time only the \"ResolveAttributes\" action alone by using the same ID for both parameters.","type":"text"}]},{"type":"expand","attrs":{"title":"Timing attribute resolution"},"content":[{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\t","type":"text"}]}]},{"type":"paragraph","content":[{"text":"Another example demonstrates the use of a counter tracking the number of times the SAML 1.1 Attribute Query flow executes based on counting each time the \"DecodeMessage\" action runs. It shows how, because the function is run dynamically, it's possible to conditionally enable metrics based on the specific profile flow being run.","type":"text"}]},{"type":"expand","attrs":{"title":"Counter of SAML 1 queries"},"content":[{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\t","type":"text"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Reference","type":"text"}]},{"type":"paragraph","content":[{"text":"V4.0 and upgraded systems include a bean defined in ","type":"text"},{"text":"conf/admin/general-admin.xml","type":"text","marks":[{"type":"em"}]},{"text":" to control aspects of the flow's behavior.","type":"text"}]},{"type":"paragraph","content":[{"text":"V4.1 includes properties to control various aspects of the flow's behavior using an internally-defined bean that may be overridden if required.","type":"text"}]},{"type":"expand","attrs":{"title":"Beans"},"content":[{"type":"table","attrs":{"layout":"full-width","localId":"13d908b3-2af7-4dfe-b295-2ef59853251c"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"Name","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"Type","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.MetricRegistry","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"FilteredMetricRegistry","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-opensaml.cgi/org.opensaml.core.metrics.FilteredMetricRegistry"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Registry of all metrics known to the system","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.RegisterMetricSets","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"MethodInvokingBean","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Spring parent bean for invoking the ","type":"text"},{"text":"registerMultiple","type":"text","marks":[{"type":"code"}]},{"text":" method on the registry","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.RegisterMetricSet","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"MethodInvokingBean ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Spring parent bean for invoking the ","type":"text"},{"text":"register","type":"text","marks":[{"type":"code"}]},{"text":" method on the registry","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.CoreGaugeSet","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"MetricSet","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricSet.html"}}]},{"text":" / ","type":"text"},{"text":"MetricFilter","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricFilter.html"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Low-level gauges for OS, Java, and memory information","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.IdPGaugeSet","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"MetricSet","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricSet.html"}}]},{"text":" / ","type":"text"},{"text":"MetricFilter","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricFilter.html"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Basic IdP system information (version, uptime)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.LoggingGaugeSet","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"MetricSet","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricSet.html"}}]},{"text":" / ","type":"text"},{"text":"MetricFilter","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricFilter.html"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Information about the ","type":"text"},{"text":"logging","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631710"}}]},{"text":" service","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.AccessControlGaugeSet","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"MetricSet","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricSet.html"}}]},{"text":" / ","type":"text"},{"text":"MetricFilter","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricFilter.html"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Information about the ","type":"text"},{"text":"access control","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631516"}}]},{"text":" service","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.MetadataGaugeSet","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"MetricSet","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricSet.html"}}]},{"text":" / ","type":"text"},{"text":"MetricFilter","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricFilter.html"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Information about the ","type":"text"},{"text":"metadata resolver","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631635"}}]},{"text":" service","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.RelyingPartyGaugeSet","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"MetricSet","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricSet.html"}}]},{"text":" / ","type":"text"},{"text":"MetricFilter","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricFilter.html"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Information about the ","type":"text"},{"text":"RelyingParty configuration","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631678"}}]},{"text":" service","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.NameIdentifierGaugeSet","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"MetricSet","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricSet.html"}}]},{"text":" / ","type":"text"},{"text":"MetricFilter","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricFilter.html"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Information about the ","type":"text"},{"text":"Name Identifier generation","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631671"}}]},{"text":" service","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.AttributeResolverGaugeSet ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"MetricSet","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricSet.html"}}]},{"text":" / ","type":"text"},{"text":"MetricFilter","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricFilter.html"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Information about the ","type":"text"},{"text":"attribute resolver","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631549"}}]},{"text":" service","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.AttributeFilterGaugeSet","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"MetricSet","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricSet.html"}}]},{"text":" / ","type":"text"},{"text":"MetricFilter","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricFilter.html"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Information about the ","type":"text"},{"text":"attribute filter","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631517"}}]},{"text":" service","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.AttributeRegistryGaugeSet ","type":"text"},{"text":"4.1","type":"text","marks":[{"type":"subsup","attrs":{"type":"sup"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"MetricSet","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricSet.html"}}]},{"text":" / ","type":"text"},{"text":"MetricFilter","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricFilter.html"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Information about the ","type":"text"},{"text":"attribute registry","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1272054306"}}]},{"text":" service","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.HTTPReporter","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"HTTPReporter","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-idp.cgi/net.shibboleth.idp.metrics.impl.HTTPReporter"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"A schedulable background reporter that sends a JSON feed of metrics to a URL","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.MetricGroups","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"Map","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.Map"}}]},{"text":"<","type":"text"},{"text":"String","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.String"}}]},{"text":",","type":"text"},{"text":"MetricFilter","type":"text","marks":[{"type":"link","attrs":{"href":"http://metrics.dropwizard.io/3.1.0/apidocs/com/codahale/metrics/MetricFilter.html"}}]},{"text":">","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Associates metrics matching a supplied filter with a string label that \"names\" that set of metrics","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.MetricLevelMap","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"Map","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.Map"}}]},{"text":"<","type":"text"},{"text":"String","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.String"}}]},{"text":",","type":"text"},{"text":"Level","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-opensaml.cgi/org.opensaml.core.metrics.LoggerDrivenMetricFilter"}}]},{"text":">","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Optional mapping of metric names to logging levels to associate with the metric","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.DefaultAccessPolicy","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"String","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.String"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Name of the ","type":"text"},{"text":"access control","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631516"}}]},{"text":" policy to apply to the metrics API in the absence of a more specific policy","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.AccessPolicyMap","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"Map","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.Map"}}]},{"text":"<","type":"text"},{"text":"String","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.String"}}]},{"text":",","type":"text"},{"text":"String","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.String"}}]},{"text":">","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Maps a named metric group/filter from the \"shibboleth.metrics.MetricGroups\" bean to a named ","type":"text"},{"text":"access control","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631516"}}]},{"text":" policy to apply when accessing that group via the API","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.AccessPolicyStrategy","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"Function","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.function.Function"}}]},{"text":"<","type":"text"},{"text":"ProfileRequestContext","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-opensaml.cgi/org.opensaml.profile.context.ProfileRequestContext"}}]},{"text":",","type":"text"},{"text":"String","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.String"}}]},{"text":">","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"A mechanism to determine the ","type":"text"},{"text":"access control","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631516"}}]},{"text":" policy to apply to a request to the metrics API, normally relies on the two previous beans but can be replaced if desired","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.AllowedOrigin","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"String","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.String"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Optional \"Access-Control-Allow-Origin\" header value to return within REST API response","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.JSONPCallback","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"String","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.String"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Optional name of JSONP callback function to pass the REST API response","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.MetricStrategy","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"Function","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.function.Function"}}]},{"text":"<","type":"text"},{"text":"ProfileRequestContext","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-opensaml.cgi/org.opensaml.profile.context.ProfileRequestContext"}}]},{"text":",","type":"text"},{"text":"Boolean","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.Boolean"}}]},{"text":">","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"A hook to provide a function to execute at the beginning of every request that can programmatically enable timers and counters for objects during the execution of that request","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[372.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.metrics.ExposedProperties ","type":"text"},{"text":"4.1","type":"text","marks":[{"type":"subsup","attrs":{"type":"sup"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[327.0]},"content":[{"type":"paragraph","content":[{"text":"Set","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.Set"}}]},{"text":"<","type":"text"},{"text":"String","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.String"}}]},{"text":">","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[506.0]},"content":[{"type":"paragraph","content":[{"text":"Collection of property names to expose as IdP metric gauges. Take care not to expose confidental information through this hook.","type":"text"}]}]}]}]}]},{"type":"expand","attrs":{"title":"Properties (V4.1+)"},"content":[{"type":"paragraph","content":[{"text":"The general properties configuring this flow via ","type":"text"},{"text":"admin/admin.properties","type":"text","marks":[{"type":"em"}]},{"text":" are:","type":"text"}]},{"type":"table","attrs":{"layout":"wide","localId":"a3634066-895b-4d66-b68f-4aa27f7af44c"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[298.0]},"content":[{"type":"paragraph","content":[{"text":"Name","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[110.0]},"content":[{"type":"paragraph","content":[{"text":"Default","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[871.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[298.0]},"content":[{"type":"paragraph","content":[{"text":"idp.metrics.logging","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[110.0]},"content":[{"type":"paragraph","content":[{"text":"Metrics","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[871.0]},"content":[{"type":"paragraph","content":[{"text":"Audit log identifier for flow","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[298.0]},"content":[{"type":"paragraph","content":[{"text":"idp.metrics.authenticated","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[110.0]},"content":[{"type":"paragraph","content":[{"text":"false","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[871.0]},"content":[{"type":"paragraph","content":[{"text":"Whether authentication should be performed prior to access control evaluation","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[298.0]},"content":[{"type":"paragraph","content":[{"text":"idp.metrics.nonBrowserSupported","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[110.0]},"content":[{"type":"paragraph","content":[{"text":"false","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[871.0]},"content":[{"type":"paragraph","content":[{"text":"Whether the flow should allow for non-browser clients during authentication","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[298.0]},"content":[{"type":"paragraph","content":[{"text":"idp.metrics.resolveAttributes","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[110.0]},"content":[{"type":"paragraph","content":[{"text":"false","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[871.0]},"content":[{"type":"paragraph","content":[{"text":"Whether attributes should be resolved prior to access control evaluation","type":"text"}]}]}]}]}]},{"type":"expand","attrs":{"title":"Flow Descriptor XML (V4.1+)"},"content":[{"type":"paragraph","content":[{"text":"To replace the internally defined flow descriptor bean, the following XML is required:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n \n \n \n","type":"text"}]},{"type":"paragraph","content":[{"text":"In older versions and upgraded systems, this list is defined in ","type":"text"},{"text":"conf/admin/general-admin.xml","type":"text","marks":[{"type":"em"}]},{"text":". In V4.1+, no default version of the list is provided and it may simply be placed in ","type":"text"},{"text":"conf/global.xml","type":"text","marks":[{"type":"em"}]},{"text":" if needed.","type":"text"}]}]},{"type":"paragraph"}],"version":1}

Browser not supported