Add more ADFS metrics from AD FS CounterSet

Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Reformat adfsCollector struct Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Add metrics to ADFS collector documentation Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Update ADFS collector with useful queries and links to documentation Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Remove bad table formatter Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Reformat ADFS collector using gofmt Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Fix ADFS Config and Artifact DB Query time metrics Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Update ADFS collector for Config and Artifact DB Query time from gauge to counter Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com> Update ADFS collector for Config and Artifact DB Query time from gauge to counter Signed-off-by: Austin D. Krauza <krauza.austin@gmail.com>
2026-02-07 21:46:37 +00:00 · 2021-11-29 19:46:43 -05:00
parent e08a0411d6
commit 2ed0ae837c
2 changed files with 520 additions and 23 deletions
--- a/docs/collector.adfs.md
+++ b/docs/collector.adfs.md
@@ -1,6 +1,6 @@
 # adfs collector

-The adfs collector exposes metrics about Active Directory Federation Services. Note that this collector has only been tested against ADFS 4.0 (2016).
+The ADFS collector exposes metrics about Active Directory Federation Services. Note that this collector has only been tested against ADFS 4.0/ [Farm Behavior (FLB) 3](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server#ad-fs-farm-behavior-levels-fbl) (Server 2016).
 Other ADFS versions may work but are not tested.

 |||
@@ -28,6 +28,49 @@ Name | Description | Type | Labels
 `windows_adfs_password_change_succeeded_total` | Total number of succeeded password changes. The Password Change Portal must be enabled in the AD FS Management tool in order to allow user password changes | counter | None
 `windows_adfs_token_requests_total` | Total number of requested access tokens | counter | None
 `windows_adfs_windows_integrated_authentications_total` | Total number of Windows integrated authentications using Kerberos or NTLM | counter | None
+`ad_login_connection_failures_total` | Total number of connection failures to an Active Directory domain controller | counter | None
+`certificate_authentications_total` | Total number of User Certificate authentications | counter | None
+`device_authentications_total` | Total number of Device authentications | counter | None
+`extranet_account_lockouts_total` | Total number of Extranet Account Lockouts | counter | None
+`federated_authentications_total` | Total number of authentications from a federated source | counter | None
+`passport_authentications_total` | Total number of Microsoft Passport SSO authentications | counter | None
+`passive_requests_total` | Total number of passive (browser-based) requests | counter | None
+`password_change_failed_total` | Total number of failed password changes | counter | None
+`password_change_succeeded_total` | Total number of successful password changes | counter | None
+`token_requests_total` | Total number of token requests | counter | None
+`windows_integrated_authentications_total` | Total number of Windows integrated authentications (Kerberos/NTLM) | counter | None
+`oauth_authorization_requests_total` | Total number of incoming requests to the OAuth Authorization endpoint | counter | None
+`oauth_client_authentication_success_total` | Total number of successful OAuth client Authentications | counter | None
+`oauth_client_authentication_failure_total` | Total number of failed OAuth client Authentications | counter | None
+`oauth_client_credentials_failure_total` | Total number of failed OAuth Client Credentials Requests | counter | None
+`oauth_client_credentials_success_total` | Total number of successful RP tokens issued for OAuth Client Credentials Requests | counter | None
+`oauth_client_privkey_jtw_authentication_failure_total` | Total number of failed OAuth Client Private Key Jwt Authentications | counter | None
+`oauth_client_privkey_jwt_authentications_success_total` | Total number of successful OAuth Client Private Key Jwt Authentications | counter | None
+`oauth_client_secret_basic_authentications_failure_total` | Total number of failed OAuth Client Secret Basic Authentications | counter | None
+`oauth_client_secret_basic_authentications_success_total` | Total number of successful OAuth Client Secret Basic Authentications | counter | None
+`oauth_client_secret_post_authentications_failure_total` | Total number of failed OAuth Client Secret Post Authentications | counter | None
+`oauth_client_secret_post_authentications_success_total` | Total number of successful OAuth Client Secret Post Authentications | counter | None
+`oauth_client_windows_authentications_failure_total` | Total number of failed OAuth Client Windows Integrated Authentications | counter | None
+`oauth_client_windows_authentications_success_total` | Total number of successful OAuth Client Windows Integrated Authentications | counter | None
+`oauth_logon_certificate_requests_failure_total` | Total number of failed OAuth Logon Certificate Requests | counter | None
+`oauth_logon_certificate_token_requests_success_total` | Total number of successful RP tokens issued for OAuth Logon Certificate Requests | counter | None
+`oauth_password_grant_requests_failure_total` | Total number of failed OAuth Password Grant Requests | counter | None
+`oauth_password_grant_requests_success_total` | Total number of successful OAuth Password Grant Requests | counter | None
+`oauth_token_requests_success_total` | Total number of successful RP tokens issued over OAuth protocol | counter | None
+`samlp_token_requests_success_total` | Total number of successful RP tokens issued over SAML-P protocol | counter | None
+`sso_authentications_failure_total` | Total number of failed SSO authentications | counter | None
+`sso_authentications_success_total` | Total number of successful SSO authentications | counter | None
+`wsfed_token_requests_success_total` | Total number of successful RP tokens issued over WS-Fed protocol | counter | None
+`wstrust_token_requests_success_total` | Total number of successful RP tokens issued over WS-Trust protocol | counter | None
+`userpassword_authentications_failure_total` | Total number of failed AD U/P authentications | counter | None
+`userpassword_authentications_success_total` | Total number of successful AD U/P authentications | counter | None
+`external_authentications_failure_total` | Total number of failed authentications from external MFA providers | counter | None
+`external_authentications_success_total` | Total number of successful authentications from external MFA providers | counter | None
+`db_artifact_failure_total` | Total number of failures connecting to the artifact database | counter | None
+`db_artifact_query_time_seconds_total` | Accumulator of time taken for an artifact database query | counter | None
+`db_config_failure_total` | Total number of failures connecting to the configuration database | counter | None
+`db_config_query_time_seconds_total` | Accumulator of time taken for a configuration database query | counter | None
+`federation_metadata_requests_total` | Total number of Federation Metadata requests | counter | None

 ### Example metric
 Show rate of device authentications in AD FS:
@@ -37,6 +80,11 @@ rate(windows_adfs_device_authentications)[2m]

 ## Useful queries

+|Query|Description|
+|---|----|
+|`rate(windows_adfs_oauth_password_grant_requests_failure_total[5m])`| Rate of OAuth requests failing due to bad client/resource values|
+|`rate(windows_adfs_userpassword_authentications_failures_total[5m])`| Rate of `/adfs/oauth2/token/` requests failing due to bad username/password values (possible credential spraying)|
+
 ## Alerting examples
 **prometheus.rules**
 ```yaml