ADFS Cryptographics Test
The ADFS server uses various cryptographic techniques to secure data and communication. The key aspects of cryptographics are listed below:
Encryption : ADFS uses encryption to protect sensitive data transmitted over the network. Authentication tokens and other data are encrypted to ensure that it cannot be intercepted or tampered with by unauthorized parties. For instance, ADFS uses Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to encrypt communication between the client and the ADFS server.
Digital Signatures : ADFS uses digital signatures to verify the authenticity and integrity of tokens and assertions. When a token is issued by ADFS, it is signed with a private key. The client can verify the token’s authenticity using the corresponding public key. This process ensures that the token has not been altered and it comes from a trusted source.
Key Management : Proper key management is crucial for ADFS. The system uses cryptographic keys to perform encryption and signing operations. These keys must be securely stored and managed to prevent unauthorized access. ADFS supports mechanisms for key rollover and revocation to ensure that cryptographic keys remain secure over time.
Token Encryption : ADFS can encrypt the claims within tokens (e.g., SAML tokens) to ensure that the information is protected when it is sent between parties. This prevents unauthorized parties from reading sensitive information contained within the token.
Certificates : ADFS relies on certificates to establish trust between different entities. For example, certificates are used to encrypt data and to sign tokens. The certificates themselves are issued by trusted Certificate Authorities (CAs) and must be managed properly to maintain security.
ADFS acts as an Identity Provider (IdP), authenticating users and issuing security tokens. In the process, the ADFS provider uses encryption and decryption techniques to ensure the confidentiality and integrity of the data exchanged during authenticating and authorizing the users. To ensure that the authentication and authorization processes run seamlessly and quickly, the ADFS provider should be able to perform the encryption and decryption operations and generate and validate signatures without taking longer time duration. If any delay occur during the above-mentioned processes, it will create delay in the authentication and authorization processes, thus adversely delaying user login process. To avoid such inconveniences, administrators should monitor how quickly the ADFS provider perform the operations and find out if there is any delay in the process. This can be achieved using the ADFS Cryptographics test.
This test auto-discovers the ADFS providers in the AD FS farm and reports the average time taken by each provider to perform decryption and encryption operations. In the process, this test also reveals the time taken by each provider to generate and validate the signatures. This way, the test enables administrator to easily find out the provider who takes maximum time to perform the operations.
Target of the test : An AD FS server
Agent deploying the test : An external agent
Outputs of the test : One set of results for each provider in the AD FS farm
| Parameters | Description |
|---|---|
|
Test Period |
How often should the test be executed. |
|
Host |
The host for which the test is to be configured. |
|
Port |
The port at which the AD FS server listens. |
| Measurement | Description | Measurement Unit | Interpretation |
|---|---|---|---|
|
Average decryption operation time |
Indicates the average time taken by this provider for performing decryption operation. |
Seconds |
Compare the values of these measures across all the providers to find out which provider is taking maximum time to perform decryption and encryption operations. |
|
Average encryption operation time |
Indicates the average time taken for performing encryption operation. |
Seconds |
|
|
Average signature operation time |
Indicates the average time taken for generating the signature. |
Seconds |
Comparing the values of these measures across all the providers will reveal the provider who is taking maximum time to generate and validate the signatures. |
|
Average signature validation operation time |
Indicates the average time taken for validating the signature. |
Seconds |
