The ADFS provider connects to ADFS PowerShell to read configuration settings, and searches the Windows EventLog to collect claims and request data. The ADFS provider allows time traveling of both ADFS configuration and issued tokens.
Before configuring the ADFS provider you must apply a license key for Claims Panel. Although you can add provider settings without applying the license key it will not be possible to perform a data scan.
To use the ADFS provider you must have a Panel Service agent installed on at least one ADFS server. You must also enable ADFS object access logging to add claims to the Time Traveler. Instructions to enable ADFS event logging may be found here (Technet).
Settings
Start by creating and AFDS Connection in the Providers settings tab.
The ADFS connection must have a unique name. Short names are recommended, since the name will prefixed onto the various token silos.
ADFS Servers – The servers list should contain the NetBIOS names of each ADFS server. This list represents the servers to connect to for retrieving event log data. To enter multiple values press spacebar, comma, or semi-colon.
Data to Monitor – Like the Azure provider, the ADFS provider allows you to create a list of data to collect from ADFS.
ADFS PowerShell Uri – Optional URL of ADFS server PowerShell instance. Using a local installation of Panel Service is preferred to avoid configuring PowerShell remoting.
Data Collection
After setting up data collection you must perform initial load tasks. These may be done with Panel Tools or via schedule steps.
Perform a Config scan, then run an ADFS event log scan.
Schedule Steps
ADFS Config Scan
Uses PowerShell to collect configuration data from the local ADFS server.
Environment – Choose the ADFS provider name in the environment dropdown.
Preferred Servers – Unlike most steps, the ADFS config scan must be dispatched to a Panel Service instance installed on an ADFS server. Since different ADFS servers in a cluster share their configuration, it is only necessary to scan this data on a single server.
ADFS Log Scan
Connects to the event log of a specified server and collects all the ADFS events since the last scan. When scheduling log scans, it is important to run them frequently enough that log data is not lost. It is possible to run multiple log scans in parallel against different target servers.
Environment – Choose the ADFS provider name in the environment dropdown.
Server – Choose the ADFS server to collect data from. Unlike the config scan, it is possible to read the event log data from a remote server.
Comments
0 comments
Please sign in to leave a comment.