ADFS Inter-Node Communications Test

In Active Directory Federation Services (AD FS) farm, nodes are the components or entities that work together to provide federated authentication and authorization services. This test monitors all the nodes in the AD FS farm and reveals how quickly each node processes the artifact queries that are sent to the identity provider by the service provider which has received the artifact to retrieve the actual security token or assertion. In addition, this test also sheds light on the connection failures encountered by each node while processing the artifact queries.

Target of the test : An AD FS server

Agent deploying the test : An external agent

Outputs of the test : One set of results for each node in the AD FS farm

Configurable parameters for the test
Parameters Description

Test Period

How often should the test be executed.

Host

The host for which the test is to be configured.

Port

The port at which the AD FS server listens.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Average artifact query time

Indicates the time taken by this node to process artifact queries.

Seconds

AD FS server generates an artifact (a reference token) instead of sending the actual SAML claim (such as user identity or attributes) directly to a service provider when a user attempts to access a service that requires authentication. The service provider, which has received the artifact, needs to retrieve the actual security token or assertion. To do this, it sends an artifact query to the identity provider. The query includes the artifact received from the IdP.

AD FS uses artifacts to reduce the amount of data exchanged between the service provider and the identity provider and prevent the risk of exposure of sensitive information.

Compare the value of this measure across the nodes to identify which node took maximum time to process the artifact queries.

Artifact query connection failures

Indicates the number of connection failures encountered by this node while processing the artifact queries.

Number

Ideally, the value of this measure should be zero.