Monday Sep 28, 2015

How to Configure Used ID Identification

User-ID's are valuable information

The one piece of information that can answer questions like:
  • Who are my most active users?
  • Who generates the most errors on my website?
  • Which clients had to wait the longest to use my online service?
  • How can I quickly find the data of the user who's complaining to me on the phone about the service? the user-id. Usually the this is the Login name, or e-mail address. 

RUEI can capture the user-id and answer those questions.

Session Tracking Should be Functioning Properly

Before one even looks at the user-id configuration it is vital that session tracking is configured properly and verified to be working as expected.
This is important because the information that makes up the user-id is tied into the session information. If session reporting is not properly working, the user-id information is not going to be of use either.

How RUEI Finds the User ID

The RUEI collector scans each hit that it sees to see if it needs to extract any data from it. It does this based on the configuration that is entered in the RUEI console. In other words, you as the RUEI admin need to instruct RUEI where the user-id can be found.

There are a number of sources that you can pick from to identify the user-id location:

Three frequently used sources are:
  • URL Argument: These are values on the GET string, or in the POST arguments. Like "Paul" in
  • Cookie: A cookie with a static value containing the user-id. Note this is not the same as a session tracking cookie.
  • Custom Pattern: Define a "before" and "after" text match value that always occurs before and after the user-id in the html source.

Two Examples of Finding a User ID

Okay, so it's not really RUEI that finds the user-id, it's me and you as the administrator that have to tell RUEI where to find it. How then do we find the user-id location? Let's have a look at some example's.

URL Argument

In the session tracking document we looked finding a session cookie for Let's continue here find the correct RUEI configuration for user-id on this website if we where to monitor it. 
  1. In both Chrome or Firefox hit F12 to pull up the developer view. Then navigate to the 'Network' tab for insight into cookies being send and received. In this document we will use Chrome.
  2. Ensure that 'Preserve logs' is ticked.

  3. When you click the 'login' button, you are re-directed to where the user-id and password need to be provided:

  4. Since the login details have not yet been provided. It's a good time to clear the data gathered in the network tab thusfar. This will make sure that the next action will be at the top of the list.
    A good thing as the next action is likely going to be where the user-id is provided.

  5. Now, do the login.
  6. The very first hit done by the browser is a POST to auth_cred_submit. When we open the details we can see with POST Argument contains the user-id information.
    Click to enlarge

    Don't worry about the password being visible in plain text. At this stage it's not been encrypted yet, but it has been before it was send to the server.

  7. The configuration we need to enter in the RUEI application configurations is:
    Source Type: URL Argument
    Source Value: ssousername

Custom Pattern

What option do you use if RUEI does not monitor the login action. This happens at times when Single-Sign-On software is used for authentication, but RUEI does not get these interactions, or your security officer does not provide the SSL key to this data for decryption.  This option is also useful when Windows Authentication is used to access the web-application, in which case the user-name is not always present in the traffic.

In this example I will be using a wiki application I used to draft this document.

  1. Look to see if the web-application shows the user-name anywhere visible on the screen right on the landing page.
    Click to enlarge

  2. When found, righ-click on the page and select 'View Source'. This will bring up the HTML source.
  3. Search for the user-id in the source.
    Click to enlarge

  4. Find a suitable 'before' (in green) and 'after' (in red) pattern. Make sure that this text does not contain any variables that may change from user-to-user.
    Click to enlarge

  5. The configuration we need to enter in the RUEI application configuration is:
    Source Type: Custom Pattern
    String Start: <li class="dropdown"><a href="#" class="dropdown-toggle" data-toggle="dropdown">
    String End: <b class="caret"></b></a><ul class="dropdown-menu">

Reference Documentation and Knowledge Base Articles

Friday Sep 25, 2015

How to Configure Session Tracking

A primary feature of RUEI is  to report on web application performance with the context of the user. This is the 'session' related data such as 'All Sessions' as well as the instance data in 'Session Diagnostics'. A Session is the collection of all HTTP interactions performed by a single user and it's related attributes. Session related attributes are value's that do not change over the course of the session, such as the client ip-address, the browser that was used as well as the user-id.

When session tracking is not configured correctly none of the above mentioned value's are expected to make any sense. A Large number of anonymous user-id's are reported, the session to page view ratio is going to be off and even page-load-time is affected.

For this reason it's vital to review the session tracking configuration carefully.
[Read More]

Monday Apr 11, 2011

Oracle Real User Experience Insight 11.1 now available

Today Oracle announced the immediate availability of Oracle Real User Experience Insight 11.1 - an integral part of Oracle's Application Management Suites for E-Business Suite, Siebel, JDEdwards-E1, Peoplesoft and the ADF frameworks. Furthermore, Real User Experience Insight has now become a key part of Oracle's Business Transaction Monitoring and Application Performance Management solutions providing full end-to-end diagnostics from end-user to database SQL.
Oracle Real User Experience Insight (RUEI) remains a flagship product in the Oracle product portfolio and provides state-of-the-art capabilities for monitoring any web based application. It can provide you with valuable insights on the fields of analytics, availability, performance and user behavior monitoring.

The technology offered by Oracle Real User Experience Insight has been adopted by many of Oracle's customers over the past years, among which:

  • China Mobile Group Shandong Co., Ltd. : Ensures Seamless User Experience for 50 Million Subscribers (Full Article)
  • infinitas learning : Increases Customer Satisfaction and Reduces Support Costs (Full Article)
  • Ferrovie dello Stato : Improves Customers' Online Ticketing Experiences by Analyzing User-Behavior (Full Article)
  • DekaBank : Improves Customer Satisfaction with Monitoring of Web-based Business Processes (Full Article)
This latest release, including the documentation can be downloaded from the Oracle Technology Network on the following links for Oracle Real User Experience Insight release 11.1:
[Read More]

Monday Apr 04, 2011

Enterprise Application Management : it is time to retire!

Don't worry - I'm not telling you quit your job a few years early (though probably you wouldn't mind). And I'm not going to tell your boss your job position has just become abundant. But I will be telling you about making the services you manage a lot less complex.

In recent conversations I've shared some interesting thoughts with various customers, all taking a completely different approach on managing their business application lifecycles. Whereas one would always consider retiring functionality built into their business application for each new release, the other did not think about retiring even a single functionality at all in the past 4 years. The result? A steady set of 50 to 60 business functionalities versus a staggering 400 functionalities for the later. But when I asked both about naming the key functionalities - both would come up with about 10 business critical functionalities. Moreover - the companies are about equal in size, and serve a similar user community, with geographically spread offices and about 5 to 10 employees per office (for a total of 150 offices).

[Read More]

Sunday Mar 27, 2011

Dashboards: Find the Right Mix

Wouldn't it be great to see all the information you need for your daily business in the blink of an eye? For sure it would! But it'd probably be utopia to achieve that. First of all - your daily business is much more complex as to fit into a single twitch of your eyelid. Secondly, your business is a dynamic environment and you have to adjust to market changes all the time. That in mind - it's probably more likely you need guidance. Some soft guiderails to simplify the ride in your daily business rollercoaster. Now, that's a much more relaxing and achievable thought...

As we're on that ride; let's compare it to the dashboards you look at when driving your car. As soon as a red light starts to burn, you'll know your car needs urgent attention. An orange light still requires notion, but with less urgency. A green light indicates something's working, and it's working ok. For your car, a manual will be available in which the meaning of every dial and warning is referenced. However, if you were a helicopter pilot, that manual is much more complex, as is the dashboard of the machine he's operating.
[Read More]

Thursday Mar 24, 2011

Handling SSL key and certificate stored in Websphere

The Oracle Real User Experience Insight product offers great capabilities to work with SSL encrypted traffic, just as it would with normal / unencrypted HTTP traffic. There is, however, one strict prerequisite in order to get that done: provide the SSL private key and public certificate from your webserver or SSL encryption device. These then need to be uploaded to the data collector process in order to start the decryption.

While getting that private key and certificate might sound like a fairly straight-forward request, all security concerns put aside, getting them might be a trickier thing. Especially if your webserver is using a keystore or keyring to hold the SSL information. The keyword here is 'store' or 'ring' - it implies that the file(s) containing the SSL key and certificate may hold multiple combinations, including the key and certificate from historical CSR's. Typically you'll find that these might even represent long-expired signatures or signatures which have been overruled by creating multiple CSR's over a short period of time.

Here's how to handle such information if your keystore were held within Websphere 6.1.

[Read More]

Tuesday Mar 01, 2011


In establishing this online corner of Oracle's Real User Experience Insight it became clear that there's a lot on the Real User Monitoring topic which has already been said over time. Blogs about webanalytics, web availability and performance monitoring are plenty available and could give you a plethora of knowledge pieces.


So why this blog then?

[Read More]

Oracle Real User Experience Insight... and beyond!


« July 2016