Table of Contents

Metrics: phenix-saml

Metrics Shared Tags

Shared tags are being set by default, for more information, see the article Metrics Configuration for the default configuration and other details.

Common Module Tags

This is a PAS module. Since modules might be deployed multiple times, ex. due to being referenced in multiple places, or being deployed in multiple instances, or being redeployed due to reconfigurations, each instance of the module might have some common tags set in order to differentiate between the meter instances.

Tag name Description
module.deployment.registration.id The deployment registration id

Meters Overview

Meter Description
phenix.saml.metadata.entry.retrieved Time since the metadata was retrieved from the source.
phenix.saml.metadata.entry.loaded Time since the metadata entry was loaded the last time
phenix.saml.metadata.entry.error.last Time since the last failed update attempt for the metadata entry
phenix.saml.metadata.entry.expiration Time until the metadata entry expires
phenix.saml.metadata.entity.certificate.expiration.last Time until latest certificate expiry for saml entity.

Meter Details

phenix.saml.metadata.entry.retrieved

Time since the metadata was retrieved from the source.

  • Meter type: TimeGauge
  • Accuracy: milliseconds

This will be the same as for phenix.saml.metadata.entry.loaded, unless:

  • The source is an URL

  • The metadata was retrieved from the disk cache, ex due to:

    • Reconfiguration of the system
    • The last metadata retrieval attempt failed

  • Tags

    • metadata.type: The type of metadata (internal or external)

    • metadata.source: The source of the metadata (url, resource in configuration or internal)

    • metadata.source.id: Where the metadata is loaded from

      • In case the source in an url, this will be the url
      • In case the source is a resource, this will be the id of the resource in the configuration
      • In case the source is internal, this will be the id of the first entity

phenix.saml.metadata.entry.loaded

Time since the metadata entry was loaded the last time

  • Meter type: TimeGauge

  • Accuracy: milliseconds

  • Tags

    • metadata.type: The type of metadata (internal or external)

    • metadata.source: The source of the metadata (url, resource in configuration or internal)

    • metadata.source.id: Where the metadata is loaded from

      • In case the source in an url, this will be the url
      • In case the source is a resource, this will be the id of the resource in the configuration
      • In case the source is internal, this will be the id of the first entity

phenix.saml.metadata.entry.error.last

Time since the last failed update attempt for the metadata entry

  • Meter type: TimeGauge

  • Accuracy: milliseconds

  • Tags

    • metadata.type: The type of metadata (internal or external)

    • metadata.source: The source of the metadata (url, resource in configuration or internal)

    • metadata.source.id: Where the metadata is loaded from

      • In case the source in an url, this will be the url
      • In case the source is a resource, this will be the id of the resource in the configuration
      • In case the source is internal, this will be the id of the first entity

phenix.saml.metadata.entry.expiration

Time until the metadata entry expires

  • Meter type: TimeGauge

  • Accuracy: milliseconds

  • Tags

    • metadata.type: The type of metadata (internal or external)

    • metadata.source: The source of the metadata (url, resource in configuration or internal)

    • metadata.source.id: Where the metadata is loaded from

      • In case the source in an url, this will be the url
      • In case the source is a resource, this will be the id of the resource in the configuration
      • In case the source is internal, this will be the id of the first entity

phenix.saml.metadata.entity.certificate.expiration.last

Time until latest certificate expiry for saml entity.

  • Meter type: TimeGauge
  • Accuracy: milliseconds

In SAML metadata, it's common to have multiple certificates in order to achieve controlled key rollover - this lets old assertions issued by older certificates to stay valid, but also letting newer assertions be signed with a newer certificate. This meter tracks the expiration of the certificate that will be the last one to expire, at which point SAML will stop working entirely.

  • Tags

    • metadata.type: The type of metadata (internal or external)

    • metadata.source: The source of the metadata (url, resource in configuration or internal)

    • metadata.source.id: Where the metadata is loaded from

      • In case the source in an url, this will be the url
      • In case the source is a resource, this will be the id of the resource in the configuration
      • In case the source is internal, this will be the id of the first entity

    • entity.id: The entity id of the meta data entry

Operations & Monitoring