KS-Soft. Network Management Solutions
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister    ProfileProfile    Log inLog in 

ADFS token certificate expiration monitoring

 
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting
View previous topic :: View next topic  
Author Message
RogerSpraggon



Joined: 19 Mar 2012
Posts: 59

PostPosted: Mon Jun 05, 2017 7:42 pm    Post subject: ADFS token certificate expiration monitoring Reply with quote

We monitor number of our certificates for expiry purposes and this works fine.
What we are trying to do now is monitor ADFS Token Signing certificates as these auto renew but some of our Relying Party Trusts to not accept auto update and we need to advise them that certificate is about to change.
Is there a way to do this?
Back to top
View user's profile Send private message
KS-Soft Europe



Joined: 16 May 2006
Posts: 2832

PostPosted: Tue Jun 06, 2017 12:41 pm    Post subject: Reply with quote

You may use "Shell Script" test method with cusom Powershell script:

Code:
$statusUnknown     = "ScriptRes:Unknown:"
$statusOk          = "ScriptRes:Ok:"
$statusBad         = "ScriptRes:Bad:"

if (!$args[0]) {
  echo  $statusUnknown"Cartificate expiration threshold is required."
  exit
}

$CertLimit = $args[0]
$CertExp = (NEW-TIMESPAN –Start (Get-Date) –End (Get-ADFSCertificate -CertificateType "Token-Signing" | where-object {$_.IsPrimary}).Certificate.NotAfter).Days
 
if ($CertExp -le $CertLimit)  {    echo $statusBad$CertExp }
else {    echo $statusOk$CertExp }

Start cmd: powershell.exe %script% %params%

Script retrieves ADFS Token Signing active certificate and returns amount of days left to certificate expiration.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
RogerSpraggon



Joined: 19 Mar 2012
Posts: 59

PostPosted: Tue Jun 06, 2017 4:43 pm    Post subject: Reply with quote

Thank you script is brilliant and works when I run locally from PowerShell on our ADFS server.
Only thing I am struggling with now is how to get the host monitor system to execute this script on our ADFS server
Back to top
View user's profile Send private message
RogerSpraggon



Joined: 19 Mar 2012
Posts: 59

PostPosted: Tue Jun 06, 2017 5:13 pm    Post subject: Reply with quote

Its ok, I set up RMA on ADFS server and it works fine.
Thank you very much for a very prompt and fully working solution.
Back to top
View user's profile Send private message
KS-Soft Europe



Joined: 16 May 2006
Posts: 2832

PostPosted: Wed Jun 07, 2017 2:00 am    Post subject: Reply with quote

You are welcome !
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

KS-Soft Forum Index