I’m working with some values I have in an ADFS configuration. I’m trying to add values back in, based on values I’m pulling back out of a CLIXML file.
Manually, I can do the commands I need all day. I’m wanting to automate the process, but I’m lacking some of the skills to handle what I want to do. Any help is appreciated.
Here is the example of how to add SAMLEndpoints on a ClaimsProviderTrust:
$samlEndpoint1 = New-ADFSSamlEndpoint -Protocol 'SAMLAssertionConsumer' -Uri 'https://samlsts1.contoso.com/samlprp-0/' -Binding 'POST' -IsDefault $false -Index 0
$samlEndpoint2 = New-ADFSSamlEndpoint -Protocol 'SAMLAssertionConsumer' -Uri ''https://samlsts1.contoso.com/samlprp-0/samlprp-0/Consumer.aspx' -Binding 'POST' -IsDefault $true -Index 1
$samlEndpoint3 = New-ADFSSamlEndpoint -Protocol 'SAMLLogout' -Uri ''https://samlsts1.contoso.com/samlprp-0/Logout.aspx' -ResponseUri ''https://samlsts1.contoso.com/samlprp-0/LogoutResponse.aspx' -Binding 'Redirect'
$samlEndpoint4 = New-ADFSSamlEndpoint -Protocol 'SAMLLogout' -Uri ''https://samlsts1.contoso.com/samlprp-0/Logout.aspx' -ResponseUri ''https://samlsts1.contoso.com/samlprp-0/LogoutResponse.aspx' -Binding 'POST'
Set-ADFSRelyingPartyTrust -TargetName samlpsite3-0 -SamlEndpoint @($samlEndpoint1, $samlEndpoint2, $samlEndpoint3, $samlEndpoint4)
The first lines build the variables, the last line applies them. Easy enough.
The challenge comes in for me, because nothing is static in the configurations, I’m not sure how to automate it in a script.
For example, it could have 1 endpoint, it could have 4 endpoints, etc.
Here is a sample:
Binding : Redirect
BindingUri : urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
Index : 0
IsDefault : False
Location : https://contoso.com/Consumer.aspx
Protocol : SAMLSingleSignOn
ResponseLocation :
Binding : POST
BindingUri : urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Index : 0
IsDefault : False
Location : https://someotherurl.com/sso
Protocol : SAMLSingleSignOn
ResponseLocation :
I’m not sure how to determine how to count the endpoints, then add them back in based on the number.
I can get the total count with $v.SamlEndpoints.Count (in this example, it’s 2).
I was going to build several sections of code based on the count # like this:
If ($v.SamlEndpoints.Count -eq 1) {
$samlEndpoint1 = New-ADFSSamlEndpoint -Protocol $v.SamlEndpoints.Protocol -Uri $v.SamlEndpoints.Location -Binding $v.SamlEndpoints.Binding -IsDefault $v.SamlEndpoints.IsDefault -Index $v.SamlEndpoints.Index -ResponseUri $v.SamlEndpoints.ResponseLocation
Set-ADFSRelyingPartyTrust -TargetName samlpsite3-0 -SamlEndpoint @($samlEndpoint1)
}
ElseIf ($v.SamlEndpoints.Count -eq 2) {
$samlEndpoint1 = New-ADFSSamlEndpoint -Protocol $v.SamlEndpoints.Item(1).Protocol -Uri $v.SamlEndpoints.Item(1).Location -Binding $v.SamlEndpoints.Item(1).Binding -IsDefault $v.SamlEndpoints.Item(1).IsDefault -Index $v.SamlEndpoints.Item(1).Index -ResponseUri $v.SamlEndpoints.Item(1).ResponseLocation
$samlEndpoint1 = New-ADFSSamlEndpoint -Protocol $v.SamlEndpoints.Item(2).Protocol -Uri $v.SamlEndpoints.Item(2).Location -Binding $v.SamlEndpoints.Item(2).Binding -IsDefault $v.SamlEndpoints.Item(2).IsDefault -Index $v.SamlEndpoints.Item(2).Index -ResponseUri $v.SamlEndpoints.Item(2).ResponseLocation
Set-ADFSRelyingPartyTrust -TargetName samlpsite3-0 -SamlEndpoint @($samlEndpoint1, $samlEndpoint2)
}
Although I think that will work, it seems like there is a better way. Any suggestions?