ADFS Attribute Stores Test

User accounts and computer accounts that require access to a resource that is protected by Active Directory Federation Services (AD FS) are stored in an attribute store, such as Active Directory Domain Services (AD DS). Once an identity provider (IdP) is configured, AD FS uses attribute stores to retrieve user attributes from various sources like Active Directory or LDAP directories, which are then used in claims-based authentication. The retrieved attribute values help a web application or service to make the appropriate authorization decisions when a federated user (a user whose account is stored in the identity provider organization) tries to access the application or service. In addition, the claims issuance engine uses the attribute stores to gather data that is necessary to issue claims. If significant delay or failures occur when the attribute stores process the queries, the application/service may not be able to authorize the users and deny them the access. This in turn will adversely impact the user productivity and experience. To prevent such inconveniences, administrators must be able to quickly detect the delay and failures and take remedial actions to prevent them. This can be easily achieved using the ADFS Attribute Stores test.

This test continuously monitors the attribute stores added to the AD FS server and for each attribute store, reports the average time taken to process the queries. The value of this measure helps administrators to find out how quickly each attribute store processes the queries. In addition, this test also reports the number of failures encountered by each attribute store, thus helping administrators to quickly spot the problematic attribute store.

Target of the test : An AD FS server

Agent deploying the test : An external agent.

Outputs of the test : One set of results for each attribute store added to the AD FS server being monitored

Configurable parameters for the test
Parameters Description

Test Period

How often should the test be executed.

Host

The host for which the test is to be configured.

Port

The port at which the AD FS server listens.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Average attribute store query time

Indicates the average time taken by this attribute store to process the queries.

Seconds

Compare the value of this measure across the attribute stores to identify the attribute store that took maximum time to process the queries.

Attribute store query failures

Indicates the number of failures that this attribute store encountered while processing the queries.

Number

Comparing the value of this measure across the attribute stores to figure out which attribute store encountered maximum number of failures while processing the queries.