Citrix FAS User Certificate Details Test

Citirx FAS authorizes users to login to the Citrix environment by issuing certificates to the users. To know how many users were issued certificates and what fraction of these certificates are expired, use the Citrix FAS User Certificate Details test.

This test monitors the user certificates managed by Citrix FAS, tracks the usage of these certificates, and reports the count of users who were issued certificates. The test also reports the number of expired certificates, with detailed diagnosis throwing light on which certificates expired and when.

Target of the test : Citrix Federated Authentication Server

Agent deploying the test : An internal agent

Outputs of the test : One set of the results for the Citrix FAS server being monitored

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed. By default, this is set to 5 minutes.

Host

The IP address of the host for which this test is to be configured.

Port

The port at which the specified host listens.

Show Total User DD

The detailed diagnosis of the Total Users measure, if enabled, provides detailed information regarding all certificates that Citrix FAS issued to users. In a typical Citrix environment, the Citrix FAS could be managing certificates for hundreds or even thousands of users. In such environments, the detailed metrics of the Total Users measure, if collected, may put considerable strain on the eG database. This is why, by default, eG Enterprise DOES NOT provide detailed metrics for the Total Users measure. Accordingly, the Show Total User DD flag is set to No. However, if you have a well-sized, well-tuned eG database, then you can set this flag to Yes, and enable the collection of detailed diagnostics for the Total Users measure.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise suite embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

Total users

Indicates the total number of users who were issued certificates.

Number

By default, the test does not collect detailed metrics for this measure. However, if the SHOW TOTAL USERS DD flag is set to Yes, then detailed diagnostics will be reported for this measure. Such detailed insights include the definition, expiry date, role, and thumbprint of every certificate managed by the Citrix FAS.

Total unique users

Indicates the unique users who were issued certificates.

Number

 

Total expired users

Indicates the total number users whose certificates have expired.

Number

Use the detailed diagnosis of this measure to determine which certificates expired and when.

Total unique expired users

Indicates the total number of unique users whose certificates have expired.

Number