| Measurement |
Description |
Measurement
Unit |
Interpretation |
| Login_calls |
The number of login attempts made by this Web agent during the last measurement period |
Number |
|
| Login_errors |
The number of errors that occurred during the login attempts made in the last measurement period |
Number |
An error indicates a communication failure between the Web agent and the Policy server. Therefore, a very high value of this measure could indicate a problem condition requiring investigation.
|
| Login_failures |
The number of failed login attempts during the last measurement period |
Number |
A login attempt can fail if users are not authorized or authenticated by the Policy server.
|
| Login_time |
The time taken by the user to log into a resource |
Secs |
Ideally, this value should be low.
|
| Validation_calls |
The number of times, in the last measurement period, this Web agent attempted to validate a session cookie against the Policy server to authenticate a user, instead of matching the user's credentials to a user directory entry |
Number |
The Web Agent creates a session cookie on the user's browser when a user is successfully authenticated, and uses that cookie to authenticate the user on subsequent requests for new resources.The following conditions affect this measure:
- User Session Cache size-If a Web Agent's user session cache is set to a value greater than 0, the user's session information is stored in the cache. The Web agent validates the session against the session cache instead of the Policy server, so the value of this measure does not increase. If the user session cache is set to 0, this measure increases each time a user requests a protected resource because the Web agent must validate the session against the Policy Server.
- Multi-thread vs. Multi-process cache- Web agents that use multi-threaded cache, such as IIS Web Agents, iPlanet 4.x and 6.0 Web Agents (on Windows operating systems, and Domino Web Agents (on Windows and UNIX operating systems), add a session to the session cache (if the session cache size is greater than 0) when a user is successfully authenticated. If that user requests additional resources from the same realm, the Web agent validates the user against the session cache, so the Validation_calls measure does not increase. Apache and iPlanet 4.x and 6.0 Web Agents running on UNIX operating systems, which use multi-process cache, do not add the session cookie to the session cache until the user presents the cookie to the Web agent during a request for another resource in the realm where she was authenticated. The Web agent validates the first request made with a session cookie against the Policy Server, which increases the ValidationCount. Subsequent requests are validated against the cache.
|
| Validation_errors |
The number of errors that occurred when this Web agent attempted to validate a user session during the last measurement period |
Number |
Errors indicate a communication failure between the Web agent and the Policy server. A high value of this measure therefore, is indicative of a problem.
|
| Validation_failures |
The number of times, in the last measurement period, this Web Agent has failed to validate a user session because of an invalid session cookie |
Number |
Ideally, this value should be low.
|
| Valid_success_pct |
The percentage of validation attempts that were successful, currently |
Percent |
A high success percentage is an indicator of good health.
|
| Validation_time |
The time this Web agent took to validate a cookie used to authenticate a user |
Secs |
Ideally, this value should be low.
|
| Authz_calls |
The number of authorization attempts made by this Web Agent during the last measurement period |
Number |
An authorization attempt occurs when a user supplies credentials to the Policy Server in order to access a protected resource.
|
| Authz_errors |
The number of errors that occurred during authorization attempts made by this Web Agent during the last measurement period |
Number |
An error indicates a communication failure between the Web Agent and Policy Server during an authorization call.
|
| Authz_failures |
The failed authorization attempts during the last measurement period |
Number |
An authorization attempt fails when a user enters invalid credentials.
|
| Authz_success_pct |
The percentage of authorization attempts that were currently successful |
Percent |
|
| Authz_time |
The average time it takes to authorize a user |
Secs |
Ideally, this value should be low.
|