Reputation: 119
ADFS Certificate expiration notification job
I have over 20 applications utilizing ADFS SSO authentication. Last year the token signing certificate expired and I went through the whole sky is falling - chasing down 3rd party vendors to schedule the refreshing of the metadata files to try to make the transition to the new cert as seamless as possible. I have already added calendar reminders 3+ months before their next expiration but I would like to be a little bit more prepared and have a job/script that runs and send me an email when the certificate is 90+ days from expiration. Does anyone know of or have a script that could do accomplish that? Also, is there a way I could do the same per RPT signature certs? I currently have most if not all set to automatically update but would like the notification anyway if possible.
Upvotes: 1
Views: 1138
Answers (1)
Reputation: 46773
There are a few around e.g. this.
"This script will query AD FS certificates (via Get-AdfsCertficate) and Relying Party Trust certificates (via Get-AdfsRelyingPartyTrust) and check if the certificates expire within a user-defined threshold (or the default 30 days if not specified). It will then output details about expiring certificates, and, optionally, send an alert email."
Upvotes: 0
Related Questions
- Keycloak - ADFS SAML Automatic Certificate Rollover
- ADFS token expiration settings - not working
- AD FS 2.0 certificate issue
- ADFS 2.0 - request token for service in different AD
- Active Directory Federation Services Token-Signing Certificate Expiration
- ADFS Claims Trust Provider with expired certificate
- ADFS 2.0 time out and relation between Freshness Value,TokenLifetime and WebSSOLifetime parameters
- ADFS 2.0 - using claim rules to find out when password expires
- Force user enter credential when token lifetime expires (Avoid automatic login) ADFS 2.0
- ADFS 2.0 token expiration time