Metrics

OpenGate IAM exposes Prometheus-compatible metrics on every service via Spring Boot Actuator. Scrape with Prometheus and visualize in Grafana.

Key Metrics

HTTP Metrics

Metric	Description
`http_server_requests_seconds_count`	Total HTTP request count per endpoint
`http_server_requests_seconds_sum`	Total request duration
`http_server_requests_seconds_max`	Max request duration

JVM Metrics

Metric	Description
`jvm_memory_used_bytes`	JVM heap and non-heap usage
`jvm_gc_pause_seconds`	GC pause duration
`jvm_threads_live_threads`	Active thread count

Database Metrics (HikariCP)

Metric	Description
`hikaricp_connections_active`	Active DB connections
`hikaricp_connections_pending`	Waiting for connection
`hikaricp_connections_timeout_total`	Connection timeout count

Custom Auth Metrics

Metric	Description
`opengate_login_success_total`	Successful logins per realm
`opengate_login_failure_total`	Failed logins per realm
`opengate_token_issued_total`	Tokens issued per grant type
`opengate_session_created_total`	Sessions created
`opengate_mfa_challenge_total`	MFA challenges issued

Prometheus Scrape Config

prometheus.ymlyaml

global:
scrape_interval: 15s

scrape_configs:
- job_name: 'opengate-gateway'
  static_configs:
    - targets: ['localhost:8080']
  metrics_path: /actuator/prometheus

- job_name: 'opengate-auth'
  static_configs:
    - targets: ['localhost:8081']
  metrics_path: /actuator/prometheus

- job_name: 'opengate-user'
  static_configs:
    - targets: ['localhost:8082']
  metrics_path: /actuator/prometheus

# Repeat for ports 8083–8089...

Run Prometheus with Docker:

docker run -d \
-p 9090:9090 \
-v $(pwd)/prometheus.yml:/etc/prometheus/prometheus.yml \
prom/prometheus:latest

Grafana Setup

docker-compose.observability.ymlyaml

services:
prometheus:
  image: prom/prometheus:latest
  ports: ["9090:9090"]
  volumes:
    - ./prometheus.yml:/etc/prometheus/prometheus.yml

grafana:
  image: grafana/grafana:latest
  ports: ["3002:3000"]
  environment:
    GF_SECURITY_ADMIN_PASSWORD: admin
  volumes:
    - grafana_data:/var/lib/grafana

volumes:
grafana_data:

Open http://localhost:3002 → Login: admin / admin
Add Prometheus data source: http://prometheus:9090
Import dashboard ID 4701 (JVM Micrometer) from Grafana.com

Alerting Rules

alerts.ymlyaml

groups:
- name: opengate
  rules:
    - alert: HighLoginFailureRate
      expr: rate(opengate_login_failure_total[5m]) > 10
      for: 1m
      labels:
        severity: warning
      annotations:
        summary: "High login failure rate — possible brute force"

    - alert: ServiceDown
      expr: up{job=~"opengate-.*"} == 0
      for: 30s
      labels:
        severity: critical
      annotations:
        summary: "OpenGate service {{ $labels.job }} is down"

Scraping tip

All services run on predictable ports (8080–8089). In Kubernetes, use auto-discovery with pod annotations instead of static targets.