Find token signing thumbprint
If Powerframe is installed you can run the command Get-PFADFSThumbprint
to get the thumbprint from the ad fs token singning certificate. If not you can import the function bellow.
function Get-AdfsThumbprint($adfsServer) { $adfsUrl = "https://{0}/FederationMetadata/2007-06/FederationMetadata.xml" -f $adfsServer $webClient = New-Object System.Net.WebClient [xml]$federationMetadata = $webClient.DownloadString($adfsUrl) $return = @() $signInfo = $federationMetadata.EntityDescriptor.SPSSODescriptor.KeyDescriptor |? { $_.use -eq "signing" } $signInfo |% { $x509Data = $_.KeyInfo.X509Data.X509Certificate $binData = [Convert]::FromBase64String($x509Data) $x509Certificate = new-object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList @(,$binData) $return += $x509Certificate.Thumbprint } return $return }
You call the function like this
Get-AdfsThumbprint "authx3.dev.zipper.se"