Get ADFS Token in Powershell

powershell adfs2.0 office365
12,949

Solution 1

This script should get you on your way http://gallery.technet.microsoft.com/scriptcenter/Invoke-ADFSSecurityTokenReq-09e9c90c You will need .Net Framework 4.5

You could also simulate an ADFS logon to Office 365 using the Connect-MSOL cmdlet to connect to a powershell session - if you use an ADFS account an ADFS login will occur.

Solution 2

I work on a product that does federated authentication using WS-Federation and WS-Trust. I believe your case is part of our workflow.

Over the years, I've developed PowerShell automation against our SOAP based API, and at some point I consolidate that knowledge into WcfPS module available on the gallery.

The code for the module is open source and although its in script it depends heavily on .net framework classes and assemblies from the System.ServiceModel and System.IdentityModel assemblies. I mention this because most of the apis inside those assemblies are not available from .NET standard 2, so the module unfortunately will not work non windows operating systems. You can also read more about it in my post WCFPS - PowerShell module to work with SOAP endpoints.

This is an example where you can issue symmetric and bearer tokens depending on your service provider requirements and relying party configuration. The code requires basic understanding of federated security flow, setup and terminology.

# Define the ADFS MEX uri 
$adfsMexUri="https://adfs.example.com/adfs/services/trust/mex"

#region Define authentication endpoints. One for windows and one with username/password
$windowsMixed13AuthenticationEndpoint="https://adfs.example.com/adfs/services/trust/13/windowsmixed"
$usernamePasswordMixed13AuthenticationEndpoint="https://adfs.example.com/adfs/services/trust/13/usernamemixed"
#endregion

#region Define service providers for which we want to issue a symmetric and a bearer token respectively
# Symmatric is for SOAP, WS-Trust
# Bearer is for Web, WS-Federation
$soapServiceProviderAppliesTo="https://myserviceprovider/Soap/"
$webServiceProviderAppliesTo="https://myserviceprovider/Web/"
#endregion

# Parse the MEX and locate the service endpoint
$issuerImporter=New-WcfWsdlImporter -Endpoint $adfsMexUri

#region Issue tokens with windows authentications
$issuerEndpoint=$issuerImporter | New-WcfServiceEndpoint -Endpoint $windowsMixed13AuthenticationEndpoint
$soapToken=New-SecurityToken -Endpoint $issuerEndpoint -AppliesTo $soapServiceProviderAppliesTo -Symmetric
$webToken=New-SecurityToken -Endpoint $issuerEndpoint -AppliesTo $webServiceProviderAppliesTo -Bearer  
#endregion

#region Issue tokens with username/password credentials
$credential=Get-Credential
$issuerEndpoint=$issuerImporter | New-WcfServiceEndpoint -Endpoint $usernamePasswordMixed13AuthenticationEndpoint
$soapToken=New-SecurityToken -Endpoint $issuerEndpoint -Credential $credential -AppliesTo $soapServiceProviderAppliesTo -Symmetric
$webToken=New-SecurityToken -Endpoint $issuerEndpoint -Credential $credential -AppliesTo $webServiceProviderAppliesTo -Bearer    
#endregion
Share:
12,949
Justin
Author by

Justin

Updated on June 28, 2022

Comments

  • Justin
    Justin almost 2 years

    We have an ADFS 2.0 Environment that is used to federate our Active Directory domain with Office 365.

    Recently we had an issue where the cluster stopped responding which in turn broke email/calendar access for all of our users. As we don't have any monitoring for ADFS currently I am trying to write a PowerShell script that will periodically attempt to authenticate to our ADFS cluster and get a valid token similar to the SSO test at testexchangeconnectivity.com works.

    It appears that the token is actually issued by

    /adfs/services/trust/2005/usernamemixed

    but whenever I try to run invoke-webrequest or new-Webservice proxy against this URI and provide local AD credentials I get a 400 Bad Request error.

    What do I have to do in order to properly request a token from this endpoint?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to use powershell to return all exchange distribution groups for a user
How to filter Get-MsolUser
How can I see users' Office 365 Password date (date last changed, date it will expire, etc.)?
Unable to Connect to Office 365 via Powershell on Windows 10
PowerShell List of distribution groups and members? (Office 365)
Office365 Exchange: Cannot open shared two calendars in Outlook
Office365 Auditing - specifically viewing devices logged in to accounts
How to query for AutoMapping on 0365 Mailbox using PowerShell
Update the companyName attribute for an Azure AD user via PowerShell
Get-CsUser error powershell