At one of my clients we have multiple ADFS instances, one for testing purposes and one for production usage. The information on both servers is almost the same, only the endpoints for each relying party are different.
Before we typically copied information from one server to another manually, typing over all the information. Of course this is a a cumbersome and error-prone process. I decided to simplify and automate this process with the help of some Powershell.
The good news was that the hard work was already done for me, as Brad Held already created a script for exactly that purpose:
PowerShell Gallery | Copy-RelyingPartyTrust 1.1
Here is how to use this script:
Copy-RelyingPartyTrust.ps1 -sourceRPID testing:saml:com -path C:\Folder -filename SamlTest.json -import false
As I found the script a little bit confusing I took the freedom to adapt the code and split it out in 2 separate scripts.
Here is the export script:
You can use this script like this:
export.ps1 -rpName ExampleApp Development
This will create a new ExampleApp folder with following files
- relyingparty.json: Contains all relying party data in JSON format
- AuthorizationRules.txt: contains the list of configured authorization rules
- IssuanceRules.txt: contains the list of configured claims transformation rules
- AdditionalAuthenticationrules.txt: contains any additional configured rules
And here is the import script:
You can use this script like this:
import.ps1 -targetRPID http://acceptance.environment.be/exampleapp/ -targetName "ExampleApp" -path C:\exampleapp\
This will create a new relying party using the specified identifier while copying over all other data from the generated files.
Remark: The scripts should be executed directly on the ADFS instance