0

This question likely doesn't require actual knowledge of ADFS, but I'm providing that for context. The command "Set-AdfsRelyingPartyTrust -Name X -SamlEndpoint Y" overwrites all SAML endpoints with what you specify. What I'd like to do is create a script that takes the existing SAML endpoints and sets them as variables so that I can then add them all back along with the new endpoint.

If there's only one existing endpoint, I can put it into a variable using this and it works:

$EP = New-AdfsSamlEndpoint -Binding "POST" -Protocol "SAMLAssertionConsumer" -Uri "https://test.com" -Index 1
$EP1 = Get-ADFSRelyingPartyTrust -Name "X" | Select-Object -ExpandProperty SamlEndpoints 
Set-AdfsRelyingPartyTrust -TargetName "PsTest" -SamlEndpoint $EP,$EP1

The problem with this is that, if multiple endpoints exist, expand-property returns them all as a single value which breaks the function. Using "-limit 1" doesn't work because the whole output of expand-property is considered 1.

What I can do is to generate a numbered list of each index value using this command:

Get-AdfsRelyingPartyTrust -Name "X" | Select-Object -ExpandProperty SamlEndpoints | Select-Object -ExpandProperty Index

and then create a unique variable for each corresponding index value

$EP1 = Get-ADFSRelyingPartyTrust -Name "X" | Select-Object -ExpandProperty SamlEndpoints | Where-Object {$_.Index -eq 2}

But in order to completely script this rather than setting variables by hand, I'd need automate setting "$_.Index -eq" to each index value that's output from "-ExpandProperty Index", and to assign a unique variable to each of those, which is where I'm stuck. What's the best way to approach this?

J. Scott
  • 11
  • 2

1 Answers1

0

I don't have access to these command so I am having to guess a little here, but it looks like your command

Set-AdfsRelyingPartyTrust -TargetName "PsTest" -SamlEndpoint $EP,$EP1

accepts an array for the -samlEndpoint parameter.

What I would do it work with the arrays like so.

$EP = New-AdfsSamlEndpoint -Binding "POST" -Protocol "SAMLAssertionConsumer" -Uri "https://test.com" -Index 1
$EndPoints = @(Get-ADFSRelyingPartyTrust -Name "X" | Select-Object -ExpandProperty SamlEndpoints)

$Endpoints += $EP
Set-AdfsRelyingPartyTrust -TargetName "PsTest" -SamlEndpoint $EndPoints
WayneA
  • 339
  • 1
  • 7
  • Unfortunately the output of "$EndPoints = @(Get-ADFSRelyingPartyTrust -Name "pstest" | Select-Object -ExpandProperty SamlEndpoints)" is spit out as one single response including all endpoints. $EndPoints winds up including everything, and it looks like $EP contains nothing. Running that command results in error "Object reference not set to an instance of an object." – J. Scott Jul 18 '18 at 20:27
  • It may look like 1 long item, but it should be an array. Check the value of $Endpoints.count to confirm... And if $EP is nothing you need to double check the code you posted, it is a straight copy/paste from your question. – WayneA Jul 19 '18 at 01:17