View previous topic :: View next topic |
Author |
Message |
RogerSpraggon
Joined: 19 Mar 2012 Posts: 59
|
Posted: Mon Jun 05, 2017 7:42 pm Post subject: ADFS token certificate expiration monitoring |
|
|
We monitor number of our certificates for expiry purposes and this works fine.
What we are trying to do now is monitor ADFS Token Signing certificates as these auto renew but some of our Relying Party Trusts to not accept auto update and we need to advise them that certificate is about to change.
Is there a way to do this? |
|
Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006 Posts: 2832
|
Posted: Tue Jun 06, 2017 12:41 pm Post subject: |
|
|
You may use "Shell Script" test method with cusom Powershell script:
Code: | $statusUnknown = "ScriptRes:Unknown:"
$statusOk = "ScriptRes:Ok:"
$statusBad = "ScriptRes:Bad:"
if (!$args[0]) {
echo $statusUnknown"Cartificate expiration threshold is required."
exit
}
$CertLimit = $args[0]
$CertExp = (NEW-TIMESPAN –Start (Get-Date) –End (Get-ADFSCertificate -CertificateType "Token-Signing" | where-object {$_.IsPrimary}).Certificate.NotAfter).Days
if ($CertExp -le $CertLimit) { echo $statusBad$CertExp }
else { echo $statusOk$CertExp } |
Start cmd: powershell.exe %script% %params%
Script retrieves ADFS Token Signing active certificate and returns amount of days left to certificate expiration. |
|
Back to top |
|
|
RogerSpraggon
Joined: 19 Mar 2012 Posts: 59
|
Posted: Tue Jun 06, 2017 4:43 pm Post subject: |
|
|
Thank you script is brilliant and works when I run locally from PowerShell on our ADFS server.
Only thing I am struggling with now is how to get the host monitor system to execute this script on our ADFS server |
|
Back to top |
|
|
RogerSpraggon
Joined: 19 Mar 2012 Posts: 59
|
Posted: Tue Jun 06, 2017 5:13 pm Post subject: |
|
|
Its ok, I set up RMA on ADFS server and it works fine.
Thank you very much for a very prompt and fully working solution. |
|
Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006 Posts: 2832
|
Posted: Wed Jun 07, 2017 2:00 am Post subject: |
|
|
You are welcome ! |
|
Back to top |
|
|
|