I had a customer using PingFederate for Authentication in Office 365, and they have a test bed environment and a production environment, and during our planning and testing phase we had to switch back and forth a few times, and there was an expectation that they might need to repeat this process later when they patch the PingFederate, or if they are testing new/extended functionality.
So I wrote this script to help you swap out the setting in Azure Active Directory PowerShell (aka MSOLshell)
You will need to edit:
- The $cert value
- The array of domains
- The array of PingFederate strings
- The $ssoURLroot
- Anything else specific to your environment
- Edit the actual set cmdlet to execute instead of write-host once you are comfortable with the script building the commands needed
$cert = "reallylongstringofcharactershere"
$domain = @("companyABC.com", "companyDEF.com", "companyGHI.com", "companyJKL.com")
$string = @("randomcharactersfromping1", "randomcharactersfromping2", "randomcharactersfromping3","randomcharactersfromping4")
$ssoURLroot = "https://sso.companyABC.com/"
$ssomid1 = "idp/"
$ssomid2 = "pf/"
$logonURIend = "/sts.wst"
$logoffURIend = "/prp.wsf"
$metadataend = "/sts_mex.ping?PartnerSpId=urn:federation:MicrosoftOnline"
for ($i=0; $i -lt $domain.length; $i++)
$logonURI = $ssoURLroot + $ssomid1 + $string[$i] + $logonURIend
$LogOffUri = $ssoURLroot + $ssomid1 + $string[$i] + $logoffURIend
$MexchUri = $ssoURLroot + $ssomid2 + $string[$i] + $metadataend
$PassLogOnUri = $ssoURLroot + $ssomid1 + $string[$i] + $logoffURIend
write-host set-msoldomainfederationsettings -signingcertificate $cert -activelogonuri $logonURI -logoffuri $logoffuri -metadataExchangeUri $mexchuri -passivelogonUri $passlogonUri -domainname $domain[$i]
Get-MsolDomainFederationSettings -domainname $domain[$i]
# Change above line from write-host to execute!