Monitoring Service Plans and Apps

This topic explains how to monitor Pivotal Single Sign‑On for Pivotal Platform service plans and apps.

Overview

Pivotal Single Sign‑On uses the User Account and Authentication (UAA) service to log security events through Loggregator. UAA security events can be filtered to destinations through a syslog drain. To configure logs to monitor Pivotal Single Sign‑On plan events, app, and UAA client events you need to obtain the IDs for the corresponding plan or app.

To obtain the identity zone ID for Pivotal Single Sign‑On plans, do one of the procedures in Monitor Pivotal Single Sign‑On Plan Events below.

To obtain the client ID for an app or UAA client, do the procedure in Monitor App Events below.

For information about configuring logging in , see Configuring Logging in .

For information about UAA security events, see UAA Logging.

Monitor Pivotal Single Sign‑On Plan Events

All Pivotal Single Sign‑On service plans are given a unique identity zone ID. You can monitor all events for a plan by filtering UAA generated logs using the plan’s identity zone ID.

You can obtain a list of plans and their corresponding identity zone IDs by doing one of the following:

Prerequisites

Before you can use the Pivotal Single Sign‑On API to monitor plan events, you must:

  1. Create an Admin Client.
  2. Create a UAA Identity Zone Admin Client.

Use the Pivotal Single Sign‑On API

To use the Pivotal Single Sign‑On API to obtain plan identity zone IDs, run the following command:

curl -X GET "https://sso-api.YOUR-SYSTEM-DOMAIN/v1/plans" \
-H "Authorization: Bearer YOUR-TOKEN"

Where:

For more information, see Pivotal Single Sign‑On Service Plan Automation API in the Pivotal Single Sign‑On API documentation.

Use the SSO Operator Dashboard

To use the SSO Operator Dashboard to obtain plan identity zone IDs:

  1. Log into the SSO Operator Dashboard at https://p-identity.YOUR-SYSTEM-DOMAIN/dashboard
  2. Click the plan you want to obtain the identity zone ID for and select Edit Plan.
  3. Record the identity zone ID for your plan from the SSO Operator Dashboard URL. The URL looks similar to the one below.

    https://p-identity.YOUR-SYSTEM-DOMAIN/dashboard/edit_plan/IDENTITY-ZONE-ID
    

    Where IDENTITY-ZONE-ID is your plan’s identity zone ID.

Monitor App Events

All apps that use Pivotal Single Sign‑Onhave a unique client ID. You can monitor app and UAA client events using the client ID.

To find your app’s client ID:

  1. Log in to Apps Manager as a Space Developer.
  2. Select the space where your service instance is located.
  3. Under Services, click the Pivotal Single Sign‑On service.
  4. Click Manage next to your Pivotal Single Sign‑On service instance to launch the SSO Developer Dashboard.
  5. Under App, click Credentials near the name of your app.
  6. Record the value of App ID.

App credentials View a larger version of this image.