Wednesday, April 16, 2014

ADFS : Getting certificate data from metadata

A number of times I've needed to get information about the certificate e.g. to update the WIF thumbprint in the web.config and I've battled to extract this out of the metadata.

For ADFS, you'll find it at:


For Azure Active Directory, you'll find it at:

  • Click on "Active Directory" in the menu on the LHS of the Azure Portal.
  • Click on your tenant name.
  • Click on the "Applications" tab at the top.
  • Click on "View Endpoints" at the bottom.
  • Then navigate to the "Federation Metadata Document" link.

Then I found an easy way to do this based on a post I read.

Open the metadata file in Notepad++ or whatever your particular flavour is and then search for the "X509Certificate" tag.

Copy all the information between that and the closing tag. It's base64 encoded so it will normally end with an "=" sign.

Copy / paste this into a new Notepad++ window. Remove all trailing spaces.

Save the file somewhere with a ".cer" suffix.

Then double-click on the file.

Viola - it opens up the certificate window and you can grab whatever you want.

The thumbprint is found under the "Details" tab - scroll down to the bottom.



Willy said...

Thanks a lot. Saved me some coding ;-)

Anonymous said...

Thanks... This was very helpful!