Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Get ADFS Token in Powershell

We have an ADFS 2.0 Environment that is used to federate our Active Directory domain with Office 365.

Recently we had an issue where the cluster stopped responding which in turn broke email/calendar access for all of our users. As we don't have any monitoring for ADFS currently I am trying to write a PowerShell script that will periodically attempt to authenticate to our ADFS cluster and get a valid token similar to the SSO test at testexchangeconnectivity.com works.

It appears that the token is actually issued by

/adfs/services/trust/2005/usernamemixed

but whenever I try to run invoke-webrequest or new-Webservice proxy against this URI and provide local AD credentials I get a 400 Bad Request error.

What do I have to do in order to properly request a token from this endpoint?

like image 310
Justin Avatar asked Nov 22 '12 19:11

Justin


People also ask

How do I get an AD FS token?

Request ID Token and Access Token. To initially sign the user into your app, you can send an OpenID Connect authentication request and get id_token and access token from the AD FS endpoint. The Application (client) ID that the AD FS assigned to your app. Must include id_token for OpenID Connect sign-in.

How do I check my AD FS token?

Optionally, you can check the current signing certificates in AD FS. To do so, run the following command: Get-ADFSCertificate –CertificateType token-signing . Look at the command output to see the Not After dates of any certificates listed.

How do I get my token signing certificate?

You can obtain a token-signing certificate by requesting one from an enterprise CA or a public CA or by creating a self-signed certificate. A private key from one token-signing certificate is shared among all the federation servers in a farm.


1 Answers

This script should get you on your way http://gallery.technet.microsoft.com/scriptcenter/Invoke-ADFSSecurityTokenReq-09e9c90c You will need .Net Framework 4.5

You could also simulate an ADFS logon to Office 365 using the Connect-MSOL cmdlet to connect to a powershell session - if you use an ADFS account an ADFS login will occur.

like image 181
Neossian Avatar answered Sep 20 '22 03:09

Neossian