search

canariecaf / idp-installer-CAF

The CAF managed version of the idp-installer
Apache License 2.0
10 stars 7 forks source link

Investigate operational monitoring of idp/profile/status page by Federation operator #88

Closed canariecaf closed 9 years ago

canariecaf commented 9 years ago

Investigate if there is a way to have a default way to monitor the installation for version and health status.

Right now it is limited to localhost connections. The enhancement would be to:

(Note that the Federation Operator needs to take into consideration that different software platforms (ADFS, simpleSAMLPHP Ping Federate, etc) do not have this function.

canariecaf commented 9 years ago

likely needs to be an ask in the installer for yes/no for enabling.

canariecaf commented 9 years ago

Here is a sample of what is shown from the status handler:

Operating Environment Information

operating_system: Linux operating_system_version: 3.10.0-229.1.2.el7.x86_64 operating_system_architecture: amd64 jdk_version: 1.8.0_25 available_cores: 8 used_memory: 633 MB maximum_memory: 633 MB

Identity Provider Information

idp_version: 3.1.1 start_time: 2015-08-26T10:18:08-04:00 current_time: 2015-08-26T10:42:50-04:00 uptime: 1481866 ms

service: shibboleth.LoggingService last successful reload attempt: 2015-08-24T20:19:42Z last reload attempt: 2015-08-24T20:19:42Z

service: shibboleth.ReloadableAccessControlService last successful reload attempt: 2015-08-24T20:19:52Z last reload attempt: 2015-08-24T20:19:52Z

service: shibboleth.MetadataResolverService last successful reload attempt: 2015-08-24T20:19:46Z last reload attempt: 2015-08-24T20:19:46Z

    metadata source: ShibbolethMetadata
    last refresh attempt: 2015-08-26T14:20:08Z
    last update: 2015-08-26T14:20:08Z

service: shibboleth.RelyingPartyResolverService last successful reload attempt: 2015-08-24T20:19:45Z last reload attempt: 2015-08-24T20:19:45Z

service: shibboleth.NameIdentifierGenerationService last successful reload attempt: 2015-08-24T20:19:45Z last reload attempt: 2015-08-24T20:19:45Z

service: shibboleth.AttributeResolverService last successful reload attempt: 2015-08-24T20:19:44Z last reload attempt: 2015-08-24T20:19:44Z

service: shibboleth.AttributeFilterService last successful reload attempt: 2015-08-24T20:19:44Z last reload attempt: 2015-08-24T20:19:44Z

canariecaf commented 9 years ago

It will likely be phrased as:

Permit your federation to observe the IdP Status Monitoring page for IdP Health Statistics?

canariecaf commented 9 years ago

TBD -- Anders said go ahead but it will likely be turned off elsewhere.

canariecaf commented 9 years ago

The feature is enabled as a multi state feature to enable a switch for setting certain IP CIDR address blocks access to the /idp/status page. By default it will present the same access as the idp provides out of the box.