Tuesday, September 30, 2014

Automation of Azure Active Directory Federation settings using PingFederate for SSO

OK, I am guessing this will not be a very popular article, but if it helps even one person...  PLEASE COMMENT and tell me!  I am sure this could also be used with other Single Sign On 3rd party vendors with some modifications.

I had a customer using PingFederate for Authentication in Office 365, and they have a test bed environment and a production environment, and during our planning and testing phase we had to switch back and forth a few times, and there was an expectation that they might need to repeat this process later when they patch the PingFederate, or if they are testing new/extended functionality.

So I wrote this script to help you swap out the setting in Azure Active Directory PowerShell (aka MSOLshell)

You will need to edit:
  1. The $cert value
  2. The array of domains
  3. The array of PingFederate strings
  4. The $ssoURLroot
  5. Anything else specific to your environment
  6. Edit the actual set cmdlet to execute instead of write-host once you are comfortable with the script building the commands needed
 Hope this helps someone!

$cert = "reallylongstringofcharactershere"
$domain = @("companyABC.com", "companyDEF.com", "companyGHI.com", "companyJKL.com")
$string = @("randomcharactersfromping1", "randomcharactersfromping2", "randomcharactersfromping3","randomcharactersfromping4")
$ssoURLroot = "https://sso.companyABC.com/"

$ssomid1 = "idp/"
$ssomid2 = "pf/"

$logonURIend = "/sts.wst"
$logoffURIend = "/prp.wsf"
$metadataend = "/sts_mex.ping?PartnerSpId=urn:federation:MicrosoftOnline"

for ($i=0; $i -lt $domain.length; $i++)
    $logonURI = $ssoURLroot + $ssomid1 + $string[$i] + $logonURIend
    $LogOffUri = $ssoURLroot + $ssomid1 + $string[$i] + $logoffURIend
    $MexchUri = $ssoURLroot + $ssomid2 + $string[$i] + $metadataend
    $PassLogOnUri = $ssoURLroot + $ssomid1 + $string[$i] + $logoffURIend
    write-host set-msoldomainfederationsettings -signingcertificate $cert -activelogonuri $logonURI -logoffuri $logoffuri -metadataExchangeUri $mexchuri -passivelogonUri $passlogonUri -domainname $domain[$i]
    sleep 2
Get-MsolDomainFederationSettings -domainname $domain[$i]
    # Change above line from write-host to execute!

No comments: