Add more ADFS metrics from AD FS CounterSet

Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Reformat adfsCollector struct Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Add metrics to ADFS collector documentation Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Update ADFS collector with useful queries and links to documentation Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Remove bad table formatter Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Reformat ADFS collector using gofmt Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Fix ADFS Config and Artifact DB Query time metrics Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Update ADFS collector for Config and Artifact DB Query time from gauge to counter Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Update ADFS collector for Config and Artifact DB Query time from gauge to counter Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com>
2026-02-08 05:56:37 +00:00 · 2021-11-29 19:46:43 -05:00
parent e08a0411d6
commit 2ed0ae837c
2 changed files with 520 additions and 23 deletions
--- a/collector/adfs.go
+++ b/collector/adfs.go
@@ -5,6 +5,7 @@ package collector

 import (
 	"github.com/prometheus/client_golang/prometheus"
+	"math"
 )

 func init() {
@@ -12,17 +13,49 @@ func init() {
 }

 type adfsCollector struct {
-	adLoginConnectionFailures        *prometheus.Desc
-	certificateAuthentications       *prometheus.Desc
-	deviceAuthentications            *prometheus.Desc
-	extranetAccountLockouts          *prometheus.Desc
-	federatedAuthentications         *prometheus.Desc
-	passportAuthentications          *prometheus.Desc
-	passiveRequests                  *prometheus.Desc
-	passwordChangeFailed             *prometheus.Desc
-	passwordChangeSucceeded          *prometheus.Desc
-	tokenRequests                    *prometheus.Desc
-	windowsIntegratedAuthentications *prometheus.Desc
+	adLoginConnectionFailures                          *prometheus.Desc
+	certificateAuthentications                         *prometheus.Desc
+	deviceAuthentications                              *prometheus.Desc
+	extranetAccountLockouts                            *prometheus.Desc
+	federatedAuthentications                           *prometheus.Desc
+	passportAuthentications                            *prometheus.Desc
+	passiveRequests                                    *prometheus.Desc
+	passwordChangeFailed                               *prometheus.Desc
+	passwordChangeSucceeded                            *prometheus.Desc
+	tokenRequests                                      *prometheus.Desc
+	windowsIntegratedAuthentications                   *prometheus.Desc
+	oAuthAuthZRequests                                 *prometheus.Desc
+	oAuthClientAuthentications                         *prometheus.Desc
+	oAuthClientAuthenticationsFailures                 *prometheus.Desc
+	oAuthClientCredentialsRequestFailures              *prometheus.Desc
+	oAuthClientCredentialsRequests                     *prometheus.Desc
+	oAuthClientPrivateKeyJwtAuthenticationFailures     *prometheus.Desc
+	oAuthClientPrivateKeyJwtAuthentications            *prometheus.Desc
+	oAuthClientSecretBasicAuthenticationFailures       *prometheus.Desc
+	oAuthClientSecretBasicAuthentications              *prometheus.Desc
+	oAuthClientSecretPostAuthenticationFailures        *prometheus.Desc
+	oAuthClientSecretPostAuthentications               *prometheus.Desc
+	oAuthClientWindowsIntegratedAuthenticationFailures *prometheus.Desc
+	oAuthClientWindowsIntegratedAuthentications        *prometheus.Desc
+	oAuthLogonCertificateRequestFailures               *prometheus.Desc
+	oAuthLogonCertificateTokenRequests                 *prometheus.Desc
+	oAuthPasswordGrantRequestFailures                  *prometheus.Desc
+	oAuthPasswordGrantRequests                         *prometheus.Desc
+	oAuthTokenRequests                                 *prometheus.Desc
+	samlPTokenRequests                                 *prometheus.Desc
+	ssoAuthenticationFailures                          *prometheus.Desc
+	ssoAuthentications                                 *prometheus.Desc
+	wsfedTokenRequests                                 *prometheus.Desc
+	wstrustTokenRequests                               *prometheus.Desc
+	upAuthenticationFailures                           *prometheus.Desc
+	upAuthentications                                  *prometheus.Desc
+	externalAuthenticationFailures                     *prometheus.Desc
+	externalAuthentications                            *prometheus.Desc
+	artifactDBFailures                                 *prometheus.Desc
+	avgArtifactDBQueryTime                             *prometheus.Desc
+	configDBFailures                                   *prometheus.Desc
+	avgConfigDBQueryTime                               *prometheus.Desc
+	federationMetadataRequests                         *prometheus.Desc
 }

 // newADFSCollector constructs a new adfsCollector
@@ -96,21 +129,245 @@ func newADFSCollector() (Collector, error) {
 			nil,
 			nil,
 		),
+		oAuthAuthZRequests: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_authorization_requests_total"),
+			"Total number of incoming requests to the OAuth Authorization endpoint",
+			nil,
+			nil,
+		),
+		oAuthClientAuthentications: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_client_authentication_success_total"),
+			"Total number of successful OAuth client Authentications",
+			nil,
+			nil,
+		),
+		oAuthClientAuthenticationsFailures: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_client_authentication_failure_total"),
+			"Total number of failed OAuth client Authentications",
+			nil,
+			nil,
+		),
+		oAuthClientCredentialsRequestFailures: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_client_credentials_failure_total"),
+			"Total number of failed OAuth Client Credentials Requests",
+			nil,
+			nil,
+		),
+		oAuthClientCredentialsRequests: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_client_credentials_success_total"),
+			"Total number of successful RP tokens issued for OAuth Client Credentials Requests",
+			nil,
+			nil,
+		),
+		oAuthClientPrivateKeyJwtAuthenticationFailures: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_client_privkey_jtw_authentication_failure_total"),
+			"Total number of failed OAuth Client Private Key Jwt Authentications",
+			nil,
+			nil,
+		),
+		oAuthClientPrivateKeyJwtAuthentications: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_client_privkey_jwt_authentications_success_total"),
+			"Total number of successful OAuth Client Private Key Jwt Authentications",
+			nil,
+			nil,
+		),
+		oAuthClientSecretBasicAuthenticationFailures: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_client_secret_basic_authentications_failure_total"),
+			"Total number of failed OAuth Client Secret Basic Authentications",
+			nil,
+			nil,
+		),
+		oAuthClientSecretBasicAuthentications: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_client_secret_basic_authentications_success_total"),
+			"Total number of successful OAuth Client Secret Basic Authentications",
+			nil,
+			nil,
+		),
+		oAuthClientSecretPostAuthenticationFailures: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_client_secret_post_authentications_failure_total"),
+			"Total number of failed OAuth Client Secret Post Authentications",
+			nil,
+			nil,
+		),
+		oAuthClientSecretPostAuthentications: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_client_secret_post_authentications_success_total"),
+			"Total number of successful OAuth Client Secret Post Authentications",
+			nil,
+			nil,
+		),
+		oAuthClientWindowsIntegratedAuthenticationFailures: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_client_windows_authentications_failure_total"),
+			"Total number of failed OAuth Client Windows Integrated Authentications",
+			nil,
+			nil,
+		),
+		oAuthClientWindowsIntegratedAuthentications: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_client_windows_authentications_success_total"),
+			"Total number of successful OAuth Client Windows Integrated Authentications",
+			nil,
+			nil,
+		),
+		oAuthLogonCertificateRequestFailures: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_logon_certificate_requests_failure_total"),
+			"Total number of failed OAuth Logon Certificate Requests",
+			nil,
+			nil,
+		),
+		oAuthLogonCertificateTokenRequests: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_logon_certificate_token_requests_success_total"),
+			"Total number of successful RP tokens issued for OAuth Logon Certificate Requests",
+			nil,
+			nil,
+		),
+		oAuthPasswordGrantRequestFailures: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_password_grant_requests_failure_total"),
+			"Total number of failed OAuth Password Grant Requests",
+			nil,
+			nil,
+		),
+		oAuthPasswordGrantRequests: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_password_grant_requests_success_total"),
+			"Total number of successful OAuth Password Grant Requests",
+			nil,
+			nil,
+		),
+		oAuthTokenRequests: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "oauth_token_requests_success_total"),
+			"Total number of successful RP tokens issued over OAuth protocol",
+			nil,
+			nil,
+		),
+		samlPTokenRequests: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "samlp_token_requests_success_total"),
+			"Total number of successful RP tokens issued over SAML-P protocol",
+			nil,
+			nil,
+		),
+		ssoAuthenticationFailures: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "sso_authentications_failure_total"),
+			"Total number of failed SSO authentications",
+			nil,
+			nil,
+		),
+		ssoAuthentications: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "sso_authentications_success_total"),
+			"Total number of successful SSO authentications",
+			nil,
+			nil,
+		),
+		wsfedTokenRequests: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "wsfed_token_requests_success_total"),
+			"Total number of successful RP tokens issued over WS-Fed protocol",
+			nil,
+			nil,
+		),
+		wstrustTokenRequests: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "wstrust_token_requests_success_total"),
+			"Total number of successful RP tokens issued over WS-Trust protocol",
+			nil,
+			nil,
+		),
+		upAuthenticationFailures: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "userpassword_authentications_failure_total"),
+			"Total number of failed AD U/P authentications",
+			nil,
+			nil,
+		),
+		upAuthentications: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "userpassword_authentications_success_total"),
+			"Total number of successful AD U/P authentications",
+			nil,
+			nil,
+		),
+		externalAuthenticationFailures: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "external_authentications_failure_total"),
+			"Total number of failed authentications from external MFA providers",
+			nil,
+			nil,
+		),
+		externalAuthentications: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "external_authentications_success_total"),
+			"Total number of successful authentications from external MFA providers",
+			nil,
+			nil,
+		),
+		artifactDBFailures: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "db_artifact_failure_total"),
+			"Total number of failures connecting to the artifact database",
+			nil,
+			nil,
+		),
+		avgArtifactDBQueryTime: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "db_artifact_query_time_seconds_total"),
+			"Accumulator of time taken for an artifact database query",
+			nil,
+			nil,
+		),
+		configDBFailures: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "db_config_failure_total"),
+			"Total number of failures connecting to the configuration database",
+			nil,
+			nil,
+		),
+		avgConfigDBQueryTime: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "db_config_query_time_seconds_total"),
+			"Accumulator of time taken for a configuration database query",
+			nil,
+			nil,
+		),
+		federationMetadataRequests: prometheus.NewDesc(
+			prometheus.BuildFQName(Namespace, subsystem, "federation_metadata_requests_total"),
+			"Total number of Federation Metadata requests",
+			nil,
+			nil,
+		),
 	}, nil
 }

 type perflibADFS struct {
-	AdLoginConnectionFailures        float64 `perflib:"AD login Connection Failures"`
-	CertificateAuthentications       float64 `perflib:"Certificate Authentications"`
-	DeviceAuthentications            float64 `perflib:"Device Authentications"`
-	ExtranetAccountLockouts          float64 `perflib:"Extranet Account Lockouts"`
-	FederatedAuthentications         float64 `perflib:"Federated Authentications"`
-	PassportAuthentications          float64 `perflib:"Microsoft Passport Authentications"`
-	PassiveRequests                  float64 `perflib:"Passive Requests"`
-	PasswordChangeFailed             float64 `perflib:"Password Change Failed Requests"`
-	PasswordChangeSucceeded          float64 `perflib:"Password Change Successful Requests"`
-	TokenRequests                    float64 `perflib:"Token Requests"`
-	WindowsIntegratedAuthentications float64 `perflib:"Windows Integrated Authentications"`
+	AdLoginConnectionFailures            float64 `perflib:"AD Login Connection Failures"`
+	CertificateAuthentications           float64 `perflib:"Certificate Authentications"`
+	DeviceAuthentications                float64 `perflib:"Device Authentications"`
+	ExtranetAccountLockouts              float64 `perflib:"Extranet Account Lockouts"`
+	FederatedAuthentications             float64 `perflib:"Federated Authentications"`
+	PassportAuthentications              float64 `perflib:"Microsoft Passport Authentications"`
+	PassiveRequests                      float64 `perflib:"Passive Requests"`
+	PasswordChangeFailed                 float64 `perflib:"Password Change Failed Requests"`
+	PasswordChangeSucceeded              float64 `perflib:"Password Change Successful Requests"`
+	TokenRequests                        float64 `perflib:"Token Requests"`
+	WindowsIntegratedAuthentications     float64 `perflib:"Windows Integrated Authentications"`
+	OAuthAuthZRequests                   float64 `perflib:"OAuth AuthZ Requests"`
+	OAuthClientAuthentications           float64 `perflib:"OAuth Client Authentications"`
+	OAuthClientAuthenticationFailures    float64 `perflib:"OAuth Client Authentications Failures"`
+	OAuthClientCredentialRequestFailures float64 `perflib:"OAuth Client Credentials Request Failures"`
+	OAuthClientCredentialRequests        float64 `perflib:"OAuth Client Credentials Requests"`
+	OAuthClientPrivKeyJWTAuthnFailures   float64 `perflib:"OAuth Client Private Key Jwt Authentication Failures"`
+	OAuthClientPrivKeyJWTAuthentications float64 `perflib:"OAuth Client Private Key Jwt Authentications"`
+	OAuthClientBasicAuthnFailures        float64 `perflib:"OAuth Client Secret Basic Authentication Failures"`
+	OAuthClientBasicAuthentications      float64 `perflib:"OAuth Client Secret Basic Authentication Requests"`
+	OAuthClientSecretPostAuthnFailures   float64 `perflib:"OAuth Client Secret Post Authentication Failures"`
+	OAuthClientSecretPostAuthentications float64 `perflib:"OAuth Client Secret Post Authentications"`
+	OAuthClientWindowsAuthnFailures      float64 `perflib:"OAuth Client Windows Integrated Authentication Failures"`
+	OAuthClientWindowsAuthentications    float64 `perflib:"OAuth Client Windows Integrated Authentications"`
+	OAuthLogonCertRequestFailures        float64 `perflib:"OAuth Logon Certificate Request Failures"`
+	OAuthLogonCertTokenRequests          float64 `perflib:"OAuth Logon Certificate Token Requests"`
+	OAuthPasswordGrantRequestFailures    float64 `perflib:"OAuth Password Grant Request Failures"`
+	OAuthPasswordGrantRequests           float64 `perflib:"OAuth Password Grant Requests"`
+	OAuthTokenRequests                   float64 `perflib:"OAuth Token Requests"`
+	SAMLPTokenRequests                   float64 `perflib:"SAML-P Token Requests"`
+	SSOAuthenticationFailures            float64 `perflib:"SSO Authentication Failures"`
+	SSOAuthentications                   float64 `perflib:"SSO Authentications"`
+	WSFedTokenRequests                   float64 `perflib:"WS-Fed Token Requests"`
+	WSTrustTokenRequests                 float64 `perflib:"WS-Trust Token Requests"`
+	UsernamePasswordAuthnFailures        float64 `perflib:"U/P Authentication Failures"`
+	UsernamePasswordAuthentications      float64 `perflib:"U/P Authentications"`
+	ExternalAuthentications              float64 `perflib:"External Authentications"`
+	ExternalAuthNFailures                float64 `perflib:"External Authentication Failures"`
+	ArtifactDBFailures                   float64 `perflib:"Artifact Database Connection Failures"`
+	AvgArtifactDBQueryTime               float64 `perflib:"Average Artifact Database Query Time"`
+	ConfigDBFailures                     float64 `perflib:"Configuration Database Connection Failures"`
+	AvgConfigDBQueryTime                 float64 `perflib:"Average Config Database Query Time"`
+	FederationMetadataRequests           float64 `perflib:"Federation Metadata Requests"`
 }

 func (c *adfsCollector) Collect(ctx *ScrapeContext, ch chan<- prometheus.Metric) error {
@@ -185,5 +442,197 @@ func (c *adfsCollector) Collect(ctx *ScrapeContext, ch chan<- prometheus.Metric)
 		prometheus.CounterValue,
 		adfsData[0].WindowsIntegratedAuthentications,
 	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthAuthZRequests,
+		prometheus.CounterValue,
+		adfsData[0].OAuthAuthZRequests,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthClientAuthentications,
+		prometheus.CounterValue,
+		adfsData[0].OAuthClientAuthentications,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthClientAuthenticationsFailures,
+		prometheus.CounterValue,
+		adfsData[0].OAuthClientAuthenticationFailures,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthClientCredentialsRequestFailures,
+		prometheus.CounterValue,
+		adfsData[0].OAuthClientCredentialRequestFailures,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthClientCredentialsRequests,
+		prometheus.CounterValue,
+		adfsData[0].OAuthClientCredentialRequests,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthClientPrivateKeyJwtAuthenticationFailures,
+		prometheus.CounterValue,
+		adfsData[0].OAuthClientPrivKeyJWTAuthnFailures,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthClientPrivateKeyJwtAuthentications,
+		prometheus.CounterValue,
+		adfsData[0].OAuthClientPrivKeyJWTAuthentications,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthClientSecretBasicAuthenticationFailures,
+		prometheus.CounterValue,
+		adfsData[0].OAuthClientBasicAuthnFailures,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthClientSecretBasicAuthentications,
+		prometheus.CounterValue,
+		adfsData[0].OAuthClientBasicAuthentications,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthClientSecretPostAuthenticationFailures,
+		prometheus.CounterValue,
+		adfsData[0].OAuthClientSecretPostAuthnFailures,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthClientSecretPostAuthentications,
+		prometheus.CounterValue,
+		adfsData[0].OAuthClientSecretPostAuthentications,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthClientWindowsIntegratedAuthenticationFailures,
+		prometheus.CounterValue,
+		adfsData[0].OAuthClientWindowsAuthnFailures,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthClientWindowsIntegratedAuthentications,
+		prometheus.CounterValue,
+		adfsData[0].OAuthClientWindowsAuthentications,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthLogonCertificateRequestFailures,
+		prometheus.CounterValue,
+		adfsData[0].OAuthLogonCertRequestFailures,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthLogonCertificateTokenRequests,
+		prometheus.CounterValue,
+		adfsData[0].OAuthLogonCertTokenRequests,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthPasswordGrantRequestFailures,
+		prometheus.CounterValue,
+		adfsData[0].OAuthPasswordGrantRequestFailures,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthPasswordGrantRequests,
+		prometheus.CounterValue,
+		adfsData[0].OAuthPasswordGrantRequests,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.oAuthTokenRequests,
+		prometheus.CounterValue,
+		adfsData[0].OAuthTokenRequests,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.samlPTokenRequests,
+		prometheus.CounterValue,
+		adfsData[0].SAMLPTokenRequests,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.ssoAuthenticationFailures,
+		prometheus.CounterValue,
+		adfsData[0].SSOAuthenticationFailures,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.ssoAuthentications,
+		prometheus.CounterValue,
+		adfsData[0].SSOAuthentications,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.wsfedTokenRequests,
+		prometheus.CounterValue,
+		adfsData[0].WSFedTokenRequests,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.wstrustTokenRequests,
+		prometheus.CounterValue,
+		adfsData[0].WSTrustTokenRequests,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.upAuthenticationFailures,
+		prometheus.CounterValue,
+		adfsData[0].UsernamePasswordAuthnFailures,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.upAuthentications,
+		prometheus.CounterValue,
+		adfsData[0].UsernamePasswordAuthentications,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.externalAuthenticationFailures,
+		prometheus.CounterValue,
+		adfsData[0].ExternalAuthNFailures,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.externalAuthentications,
+		prometheus.CounterValue,
+		adfsData[0].ExternalAuthentications,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.artifactDBFailures,
+		prometheus.CounterValue,
+		adfsData[0].ArtifactDBFailures,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.avgArtifactDBQueryTime,
+		prometheus.CounterValue,
+		adfsData[0].AvgArtifactDBQueryTime*math.Pow(10, -8),
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.configDBFailures,
+		prometheus.CounterValue,
+		adfsData[0].ConfigDBFailures,
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.avgConfigDBQueryTime,
+		prometheus.CounterValue,
+		adfsData[0].AvgConfigDBQueryTime*math.Pow(10, -8),
+	)
+
+	ch <- prometheus.MustNewConstMetric(
+		c.federationMetadataRequests,
+		prometheus.CounterValue,
+		adfsData[0].FederationMetadataRequests,
+	)
 	return nil
 }
--- a/docs/collector.adfs.md
+++ b/docs/collector.adfs.md
@@ -1,6 +1,6 @@
 # adfs collector

-The adfs collector exposes metrics about Active Directory Federation Services. Note that this collector has only been tested against ADFS 4.0 (2016).
+The ADFS collector exposes metrics about Active Directory Federation Services. Note that this collector has only been tested against ADFS 4.0/ [Farm Behavior (FLB) 3](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server#ad-fs-farm-behavior-levels-fbl) (Server 2016).
 Other ADFS versions may work but are not tested.

 |||
@@ -28,6 +28,49 @@ Name | Description | Type | Labels
 `windows_adfs_password_change_succeeded_total` | Total number of succeeded password changes. The Password Change Portal must be enabled in the AD FS Management tool in order to allow user password changes | counter | None
 `windows_adfs_token_requests_total` | Total number of requested access tokens | counter | None
 `windows_adfs_windows_integrated_authentications_total` | Total number of Windows integrated authentications using Kerberos or NTLM | counter | None
+`ad_login_connection_failures_total` | Total number of connection failures to an Active Directory domain controller | counter | None
+`certificate_authentications_total` | Total number of User Certificate authentications | counter | None
+`device_authentications_total` | Total number of Device authentications | counter | None
+`extranet_account_lockouts_total` | Total number of Extranet Account Lockouts | counter | None
+`federated_authentications_total` | Total number of authentications from a federated source | counter | None
+`passport_authentications_total` | Total number of Microsoft Passport SSO authentications | counter | None
+`passive_requests_total` | Total number of passive (browser-based) requests | counter | None
+`password_change_failed_total` | Total number of failed password changes | counter | None
+`password_change_succeeded_total` | Total number of successful password changes | counter | None
+`token_requests_total` | Total number of token requests | counter | None
+`windows_integrated_authentications_total` | Total number of Windows integrated authentications (Kerberos/NTLM) | counter | None
+`oauth_authorization_requests_total` | Total number of incoming requests to the OAuth Authorization endpoint | counter | None
+`oauth_client_authentication_success_total` | Total number of successful OAuth client Authentications | counter | None
+`oauth_client_authentication_failure_total` | Total number of failed OAuth client Authentications | counter | None
+`oauth_client_credentials_failure_total` | Total number of failed OAuth Client Credentials Requests | counter | None
+`oauth_client_credentials_success_total` | Total number of successful RP tokens issued for OAuth Client Credentials Requests | counter | None
+`oauth_client_privkey_jtw_authentication_failure_total` | Total number of failed OAuth Client Private Key Jwt Authentications | counter | None
+`oauth_client_privkey_jwt_authentications_success_total` | Total number of successful OAuth Client Private Key Jwt Authentications | counter | None
+`oauth_client_secret_basic_authentications_failure_total` | Total number of failed OAuth Client Secret Basic Authentications | counter | None
+`oauth_client_secret_basic_authentications_success_total` | Total number of successful OAuth Client Secret Basic Authentications | counter | None
+`oauth_client_secret_post_authentications_failure_total` | Total number of failed OAuth Client Secret Post Authentications | counter | None
+`oauth_client_secret_post_authentications_success_total` | Total number of successful OAuth Client Secret Post Authentications | counter | None
+`oauth_client_windows_authentications_failure_total` | Total number of failed OAuth Client Windows Integrated Authentications | counter | None
+`oauth_client_windows_authentications_success_total` | Total number of successful OAuth Client Windows Integrated Authentications | counter | None
+`oauth_logon_certificate_requests_failure_total` | Total number of failed OAuth Logon Certificate Requests | counter | None
+`oauth_logon_certificate_token_requests_success_total` | Total number of successful RP tokens issued for OAuth Logon Certificate Requests | counter | None
+`oauth_password_grant_requests_failure_total` | Total number of failed OAuth Password Grant Requests | counter | None
+`oauth_password_grant_requests_success_total` | Total number of successful OAuth Password Grant Requests | counter | None
+`oauth_token_requests_success_total` | Total number of successful RP tokens issued over OAuth protocol | counter | None
+`samlp_token_requests_success_total` | Total number of successful RP tokens issued over SAML-P protocol | counter | None
+`sso_authentications_failure_total` | Total number of failed SSO authentications | counter | None
+`sso_authentications_success_total` | Total number of successful SSO authentications | counter | None
+`wsfed_token_requests_success_total` | Total number of successful RP tokens issued over WS-Fed protocol | counter | None
+`wstrust_token_requests_success_total` | Total number of successful RP tokens issued over WS-Trust protocol | counter | None
+`userpassword_authentications_failure_total` | Total number of failed AD U/P authentications | counter | None
+`userpassword_authentications_success_total` | Total number of successful AD U/P authentications | counter | None
+`external_authentications_failure_total` | Total number of failed authentications from external MFA providers | counter | None
+`external_authentications_success_total` | Total number of successful authentications from external MFA providers | counter | None
+`db_artifact_failure_total` | Total number of failures connecting to the artifact database | counter | None
+`db_artifact_query_time_seconds_total` | Accumulator of time taken for an artifact database query | counter | None
+`db_config_failure_total` | Total number of failures connecting to the configuration database | counter | None
+`db_config_query_time_seconds_total` | Accumulator of time taken for a configuration database query | counter | None
+`federation_metadata_requests_total` | Total number of Federation Metadata requests | counter | None

 ### Example metric
 Show rate of device authentications in AD FS:
@@ -37,6 +80,11 @@ rate(windows_adfs_device_authentications)[2m]

 ## Useful queries

+|Query|Description|
+|---|----|
+|`rate(windows_adfs_oauth_password_grant_requests_failure_total[5m])`| Rate of OAuth requests failing due to bad client/resource values|
+|`rate(windows_adfs_userpassword_authentications_failures_total[5m])`| Rate of `/adfs/oauth2/token/` requests failing due to bad username/password values (possible credential spraying)|
+
 ## Alerting examples
 **prometheus.rules**
 ```yaml