search

X-Guardian / AdfsDsc

DSC resources for deployment and configuration of Active Directory Federation Services
MIT License
9 stars 5 forks source link

AdfsRelyingPartyTrust: Add Support for EncryptionCertificate and RequestSigningCertificate #5

Open X-Guardian opened 4 years ago

X-Guardian commented 4 years ago

The AdfsRelyingPartyTrust resource needs to support an Encryption Certificate and Request Signing Certificates.

New resource properties required:

Property Name Type Description
EncryptionCertificate String Specifies the certificate to be used for encrypting claims that are issued to this relying party. This should be in Base64 CER encoded format.
RequestSigningCertificate String Array Specifies an array of certificates to be used to verify the signature on a request from the relying party. This should be in Base64 CER encoded format.

The AdfsRelyingPartyTrust cmdlets expect to be passed values of type System.Security.Cryptography.X509Certificates.X509Certificate2 for these parameters.

The following code can be used to create an X509Certificate2 object from the Base64 CER data:

$certCerAsciiData = '<CertCERData>'
$certCerByteData = [System.Text.Encoding]::UTF8.GetBytes($certCerAsciiData)
$x509Certificate2 = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($certCerByteData)

The following code can be used to extract Base64 CER data from an x509Certificate2 object:

$certCerAsciiData = @(
    '-----BEGIN CERTIFICATE-----'
    [System.Convert]::ToBase64String($x509Certificate2.RawData, 'InsertLineBreaks')
    '-----END CERTIFICATE-----'
) | Out-String
DanielHabenicht commented 9 months ago

Are you open for a PR regarding this issue?

I would use X509 Certificate object as parameter instead.

X-Guardian commented 9 months ago

Yes sure @DanielHabenicht, I'm not sure that you can get the CER data from the x509Certificate object, but I'm happy to review a PR.