More Articles in Websites > External Service Checks


Recent Knowledgebase Articles


Monitoring an ADFS SSO Website

ADFS (Active Directory Federation Services) SSO (single sign-on) websites are relatively common. Monitoring is possible by creating a Web Check with form-based authentication. However, there is one additional and unique step that must be taken by a LogicMonitor Web Check when monitoring these types of websites: the Web Check must first "click" a sign-in button before credentials are passed to the web form and authenticated.

As discussed next, there are three general steps that must be taken in order to set up monitoring of an ADFS SSO website:

  1. Make a simple GET request against the URL
  2. Make a POST request to simulate clicking the sign-in button
  3. Make a POST request to pass the credentials to the web form, as well as authenticate credentials and check that the login was successful

Step 1: Make a Simple GET Request Against the URL

To get started, create the Web Check and its general parameters.

  1. Select Websites | Add | Web Check or Websites | Add | Internal Web Check, depending upon whether monitoring will be performed from locations external or internal to your network.
  2. Follow the instructions in Adding a Web Check to set the initial parameters for the Web Check. As part of this process, set these specific parameters:
    • For the Step One URL Path field's request parameters, select GET as the request method.
    • In the Expected status code response field, enter "200".
    • As discussed in Website Properties, add a property to hold the masked password value for the site's login credentials. This password will be called in step 3.
  3. Once you have completed the general parameters for your Web Check, click the Save button.

Step 2: Make a POST Request to Simulate Clicking the Sign-in Button.

This step simulates clicking the website's sign-in button and presents the authentication for for step 3.

  1. Navigate to the Steps tab for your newly saved Web Check and click the Add Step button.
  2. Reference the same root URL and relative URL path used in step 1.
  3. Set these specific request parameters:
    1. Select POST as the request method.
    2. Select Formatted Data as the post data format.
    3. From the dropdown menu that appears, select "x-www-form-urlencoded".
    4. Add three key-value pairs:
      1. Key: SignInIdpSite, Value: SignInIdpSite
      2. Key: SignInSubmit, Value: Sign+In
      3. Key: SingleSignOut, Value: SingleSignOut
  4. In the Expected status code response field, enter "200".
  5. Click the Save button to save the step.

    Note: The Content-Type header will automatically be added with a header value of "application/x-www-form-urlencoded".

    Step 3: Pass and Authenticate Credentials

    The last step is to send the authentication credentials to the web form and successfully sign in. This step is almost identical to step 2, with the major exception being the creation of different key-value pairs and a check for a string in the response.

    1. Navigate to the Steps tab and click the Add Step button to create your third and final step.
    2. Reference the same root URL and relative URL path used in steps 1 and 2.
    3. Set these specific request parameters:
      1. Select POST as the request method.
      2. Select Formatted Data as the post data format.
      3. From the dropdown menu that appears, select "x-www-form-urlencoded".
      4. Add three key-value pairs:
        1. Key: AuthMethod, Value: FormsAuthentication
        2. Key: UserName, Value: [username]
        3. Key: Password, Value: ##password##
    4. Set these specific response parameters:
      1. Select "Plain text/string" from the HTTP Response Format field's dropdown menu.
      2. In the This string field, enter "You are signed in" (enter without the quotes) and indicate that the string must be "present".
      3. In the Expected status code response field, enter "200".
    5. Click the Save button to save the step.