How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I monitor session statistics in AM (All versions)?

Last updated Apr 13, 2021

The purpose of this article is to provide information on monitoring session statistics in AM. This can provide useful troubleshooting information if you are experiencing unexpectedly high session numbers.


1 reader recommends this article

Overview

There are a number of ways you can monitor session statistics in AM, including:

  • Session page - navigate to: Realms > [Realm Name] > Sessions to access the Sessions page, which allows you to view and invalidate active CTS-based user sessions per realm.
  • REST API - you can query the /json/sessions endpoint (see the Using the /json/sessions endpoint section below for further information).
  • Amster - you can use Amster to query sessions (see the Using Amster section below for further information).

By default, only 120 sessions are returned using these methods. You can change this default using the Maximum Number of Search Results setting. See Reference › Session Search for further details.

Session details

Session management information, including attribute values such as login time, logout time, time out limits, session creations and terminations, are logged in the amSSO.access log file (typically located in the /path/to/openam/var/audit directory (AM 7 and later) or the /path/to/openAM/log directory (pre-AM 7)). You will also see session information in the CoreSystem, Authentication and Session debug files (/path/to/openam/var/debug (AM 7 and later) or /path/to/openAM/debug (pre-AM 7)).

Using the /json/sessions endpoint

You can query the /json/sessions endpoint to find session details. For example, to find sessions in the top level realm, you would use a call such as:

$ curl -X GET -H 'Accept: application/json' 'http://host1.example.com:8080/openam/json/sessions?_queryFilter=realm%20eq%20%22%2F%22'

The easiest way to find the relevant command is by using the API Explorer:

  1. Access the API Explorer. You can either access it from the Help icon in the console or from one of the following URLs:
    • AM 7 and later: http://host1.example.com:8080/openam/ui-admin/#api/explorer/applications
    • Pre-AM 7:  http://host1.example.com:8080/openam/XUI/#api/explorer/applications
  2. Navigate to /sessions > Sessions V2.0 > sessions#2.0_query_filter.
  3. Populate the query fields as required; _queryFilter is a required field. For example, to query the top level realm, enter realm eq "/".
  4. Click Try it Out! This returns session details and also provides the curl command you can use in future.

See Getting Started with REST › REST API Explorer and Getting Started with REST › Query for further information.

Using Amster

You can use Amster to query session details using the query Sessions command. For example:

am> query Sessions --realm / --filter 'realm eq "/"'

Example response:

===> [ { "username": "amAdmin", "universalId": "id=amAdmin,ou=user,dc=example,dc=com", "realm": "/", "sessionHandle": "shandle:4r8SsX6XJj0oAbLBmexqyUsbC7Y.*AAJTSQACMDEAAlNLABxJNEhkVlRlMnNHRzVKUTlOa1hMQ3BiRzZad0E9AAJTMQAA*", "latestAccessTime": "2018-05-01T12:36:54.487Z", "maxIdleExpirationTime": "2018-05-01T13:06:54Z", "maxSessionExpirationTime": "2018-05-01T14:31:23Z", "_rev": "746064345" }, { "username": "demo", "universalId": "id=demo,ou=user,dc=example,dc=com", "realm": "/", "sessionHandle": "shandle:rn3PS1zCIBxmY5qnMtbbqJOLgkQ.*AAJTSQACMDEAAlNLABxNR2JvL0tUenQxc2N1YnU4MkN2YjNkeGY2UTQ9AAJTMQAA*", "latestAccessTime": "2018-05-01T12:36:50.448Z", "maxIdleExpirationTime": "2018-05-01T13:06:50Z", "maxSessionExpirationTime": "2018-05-01T14:36:50Z", "_rev": "856832111" } ]

See Entity Reference › Sessions for further information.

See Also

Agent and IG session numbers keep growing in the CTS store in AM (All versions)

Sessions Guide › Managing Sessions (REST)

Sessions Guide › Managing Sessions (Console)

Maintenance Guide › Monitoring Instances

Related Training

N/A

Related Issue Tracker IDs

OPENAM-9738 (Enable CTS segregation to allow each token type to write to a different CTS instance)


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.