SAML Metadata exporter for Prometheus.
Features
- Tests if the SAML endpoint is reachable and exposes related http metrics
- Exposes metrics related to all encryption and signing x509 certificates
- Supports multiple SAML endpoints
Installation
Get the exporter either as a binaray from the latest release or packaged as a Docker image.
Helm Chart
For kubernetes users there is an official helm chart.
Please read the installation instructions here.
helm template saml-exporter oci://ghcr.io/doodlescheduling/charts/saml-exporter --set samlMetadataURLSlice='{http://idp/metadata}'
Docker
You can run the exporter using docker:
docker run ghcr.io/doodlescheduling/saml-exporter:latest http://idp/metadata
Usage
saml-exporter
Use the -help
flag to get help information.
Access metrics
The metrics are by default exposed at /metrics
.
curl localhost:9412/metrics
Exporter configuration
The exporter can be configured by either command line flags (saml-exporter -h
) or by defining env variables.
Env variable |
Description |
Default |
URL |
Comma separated list of http URL to SAML metadata |
`` |
LOG_LEVEL |
Log level |
info |
LOG_ENCODING |
Log format |
json |
BIND |
Bind address for the HTTP server |
:9412 |
METRICS_PATH |
Metrics endpoint |
/metrics |
HEALTH_PATH |
Health probe endpoint |
/health |
USER_AGENT |
HTTP request User agent |
saml-exporter (go-http-client) |
Exposed metrics
Name |
Description |
Type |
Labels |
saml_exporter_build_info |
Build info SAML exporter |
Gauge |
"branch", "goversion", "revision", "revision" |
http_client_requests_total |
HTTP client request |
Counter |
"host", "code", "method" |
saml_metadata_errors_total |
Errors encountered while parsing SAML metadata |
Counter |
"url" |
saml_x509_read_errors_total |
Errors encountered while parsing SAML X509 certificates |
Counter |
"entityid", "use" |
saml_x509_cert_not_valid_after |
SAML X509 certificate expiration date |
Gauge |
"entityid", "use", "serial_number", "issuer_C", "issuer_CN", "issuer_L", "issuer_O", "issuer_ST", "subject_C", "subject_CN", "subject_L", "subject_O" |
saml_x509_cert_not_valid_before |
SAML X509 certificate not valid before |
Gauge |
"entityid", "use", "serial_number", "issuer_C", "issuer_CN", "issuer_L", "issuer_O", "issuer_ST", "subject_C", "subject_CN", "subject_L", "subject_O" |
Grafana dashboard
This exporter comes with a read to use grafana dashboard, see ./grafana/dashboard.json
Note: The helm chart as well as the kustomize base will deploy the grafana dashboard as a ConfigMap.