Exoprise CloudReady® Help
Search:     Advanced search

ADFS Sensor Setup Overview

Article ID: 37
Last updated: 25 Sep, 2015

Active Directory Federation Services Sensor Setup Overview

The Active Directory Federation Services Sensor (ADFS Sensor) is a multi-part sensor providing both Active Monitoring as well as performance counter collection for diagnostics.

Multi-part sensors enable customers with smaller environments to deploy a single sensor that both actively tests the ADFS infrastructure as well as provide diagnosis of the environment when things go wrong. For larger customers with distributed networks and infrastructure components, multi-part sensors enable Active Monitoring from various locations but selective performance counter collection closest to the target servers.

Configuring an ADFS Sensor

Configuring an ADFS sensor requires information about the names and locations of the ADFS servers.

Performance Data Collection

CloudReady Monitor requires read-only administrative access to the ADFS servers in order to capture detailed performance statistics for troubleshooting and diagnostics. The ADFS sensor uses both remote performance data collection through PDH counters as well as remote WMI to collect performance information.

For this multi-part sensor, you only need to collect performance information from a single location but can still actively monitor from multiple-locations. If you don't want to collect performance information for this sensor then deselect the 'Enable performance collection' check-box.

Field

Description
Server (required) Enter the fully qualified domain name or IP Address of a real ADFS server. If you are load balancing between multiple ADFS servers then you will need to enter the name of one particular ADFS server and you should setup multiple sensors for each real ADFS server.
Username (required) Enter the account name to be used to retrieve performance information from the server.
Password (required) Enter the required password for this account. The supplied credentials will be validated when you click next.

ADFS Active Monitoring

CloudReady Monitor executes a lightweight SAML transaction against the supplied ADFS server and records the time it takes to execute the transaction as well as its success or failure. Customers can be notified of when the synthetic transaction fails to proactively investigate the problem before it becomes a problem for end-users and employees.

Additionally, the Active Monitor provides a reliable baseline for measuring the performance and health of your ADFS infrastructure. Combined with the performance metrics from the systems customers can quickly diagnose they health of the critical ADFS servers.

For this multi-part sensor, customers can configure Active Monitors from different LANs and network locations but collect performance metrics from CloudReady Monitor locations that are closest to the ADFS servers. To enable ADFS Active Monitoring for this sensor select the 'Enable active monitoring' checkbox and fill out the required fields.

Field

Description
Server (required) Enter the fully qualified domain name or IP Address of an ADFS server or load balanced DNS entry. For Active Monitoring you are only interested in the results of the synthetic transaction.
Username (required) Enter an account name with sufficient permissions to retrieve a SAML token from both the ADFS server and the following endpoint URL.
Password (required) Enter the required password for this account. The supplied credentials will be validated when you click next.
Certificate Issuer (optional) Enter the LDAP binding string for the certificate of your ADFS server. Optionally entering the certificate issuer will validate the certificate with each transaction. Leaving this field blank will omit the validation of the ADFS certificate for the active transaction.
Endpoint URL (required) Enter the web-service that is being validated against. An example web-service for Office 365 is https://login.microsoftonline.com/extSTS.srf
ADFS Authentication URL (required) Enter the ADFS authentication URL to be used for validation. Typically for Active Directory Single Sign-on this is a Windows mixed-mode URL. An example of is https://[server-name]/adfs/services/trust/13/usernamemixed (for ADFS2.0)
Service Principal Name Identity (required) Enter the service principal name for transaction validation. An example Service Principal Name is http/[ADFS FQDN]. Notice the single forward slash and lack of colon.

Validation

Click next when all of the required fields are completed and CloudReady will validate the configuration of the sensor. If errors are detected return and make corrections until the validation succeeds.

For More Information

Additional information about how to work with ADFS2.0 and Windows Authentication can be found in the following blog articles and links:

Prev   Next
Sensor - ADFS     What is a multi-part CloudReady sensor?