bankid-saml-idp
Monitoring the BankID IdP Application
The BankID IdP application uses the Spring Boot Actuator feature that enables monitoring over HTTP. See the Spring Boot Documentation for details.
Health Monitoring
The health-endpoint of the BankID IdP delivers information about a number of sub-components of the
IdP. If all sub-components reports the status “UP”, the overall status is “UP” and everything is fine.
However, if the status is something else, the monitoring team should act.
Note: See the Management and Supervision section on the configuration page for how to configure the health-endpoint to fit your needs.
Health Indicators
Below follows a listing of all health indicators and the type of errors or warnings that can be reported.
Diskspace
The diskSpace-indicator monitors the available diskspace and reports errors if not enough diskspace
remains.
Ping
A silly indicator. The ping-indicator always reports “UP”.
Redis
If Redis is being used, the redis-indicator checks that the Redis server is up and running.
Relying Party Certificate
The rpCertificate-indicator monitors all the BankID Relying Party-certificates and reports an
error if any of them has expired. If a certificate is about to expire (based on the bankid.health.rp-certificate-warn-threshold setting) a warning will be reported.
The operations team should act on warnings and order, and install, new RP certificates in good time before they expire.
SAML Metadata
The samlMetadata-indicator ensures that the IdP has access to valid SAML-metadata for all
configured Relying Parties. If the SAML metadata for a configured RP is not available, “DOWN”
will be reported.
The operations team should act on this, and contact the SAML federation operator or the Relying Party’s support.
Example
Below follows an example result of a call to the health-endpoint (curl -k https://<domain>:8444/actuator/health | jq):
{
"status": "UP",
"components": {
"api": {
"status": "UP"
},
"diskSpace": {
"status": "UP",
"details": {
"total": 994662584320,
"free": 793263566848,
"threshold": 10485760,
"exists": true
}
},
"ping": {
"status": "UP"
},
"redis": {
"status": "UP",
"details": {
"version": "6.2.13"
}
},
"rpCertificate": {
"status": "UP",
"details": {
"test-my-eid": {
"expirationDate": "2024-08-18T21:59:59.000+00:00",
"expired": false,
"expiresSoon": false
}
}
},
"samlMetadata": {
"status": "UP",
"details": {
"test-my-eid": [
{
"entityId": "http://sandbox.swedenconnect.se/testmyeid",
"metadataPresent": true
},
{
"entityId": "http://sandbox.swedenconnect.se/testmyeid-sign",
"metadataPresent": true
}
]
}
}
}
}
Metrics Monitoring with Prometheus
The BankID IdP supports metrics monitoring with Prometheus. Read more about this feature at https://www.callicoder.com/spring-boot-actuator-metrics-monitoring-dashboard-prometheus-grafana/.
Copyright © 2023, Myndigheten för digital förvaltning - Swedish Agency for Digital Government (DIGG). Licensed under version 2.0 of the Apache License.