ADFS Provider

Introduction

The ADFS provider connects to ADFS PowerShell to read configuration settings, and searches the Windows EventLog to collect claims and request data. The ADFS provider allows time traveling of both ADFS configuration and issued tokens.

Setup

To use the ADFS provider you must have a Panel Service agent installed on at least one ADFS server. You must also enable ADFS object access logging. Instructions to enable ADFS event logging may be found at https://technet.microsoft.com/en-us/library/cc738766(v=ws.10).aspx#BKMK_97.

Settings

Create an ADFS connection in the Providers settings tab.

ADFS Settings

The ADFS connection must have a unique name. Short names are recommended, since the name will prefixed onto the various token silos.

ADFS Servers The servers list should contain the NetBIOS names of each ADFS server. This list represents the servers to connect to for retrieving event log data. To enter multiple values press spacebar, comma, or semi-colon.

Data to Monitor Like the Azure provider, the ADFS provider allows you to create a list of data to collect from ADFS.

Scheduling Data Collection

The ADFS provider includes two types of schedule step.

ADFS Config Scan

Uses PowerShell to collect configuration data from the local ADFS server.

Environment Choose the ADFS provider name in the environment dropdown.

Preferred Services Unlike most steps, the ADFS config scan must be dispatched to a Panel Service instance installed on an ADFS server. Since different ADFS servers in a cluster share their configuration, it is only necessary to scan this data on a single server.

ADFS Log Scan

Connects to the event log of a specified server and collects all the ADFS events since the last scan. When scheduling log scans, it is important to run them frequently enough that log data is not lost. It is possible to run multiple log scans in parallel against different target servers.

Environment Choose the ADFS provider name in the environment dropdown.

Server Choose the ADFS server to collect data from. Unlike the config scan, it is possible to read the event log data from a remote server.

Copyright © SoftwareIDM

Table of Contents