65.9K
CodeProject is changing. Read more.
Home

Extract Keys from Federation Meta Data File (ADFS)

Peter Boyall
starIconstarIconstarIconstarIconemptyStarIcon

4.00/5 (2 votes)

Jun 20, 2014

CPOL
viewsIcon

14912

downloadIcon

28

Quick routine to extract keys from FederationMetaData.xml

Introduction

This is a simple routine to extract the keys from a Federationmetadata.xml file as found on ADFS sites.

Using the Code

To use the code, download the zip file above which contains a simple Visual Studio (2013) project that wraps the below code with a basic file dialog. Nothing special in this code, it simple opens the FederationMetaData.xml file as a string, injects the necessary namespaces to query for the Key Node and then extracts the Base64-encoded key.

That key is loaded into an x509 object in order to write it to disk as a .cer file.

Which allows import into the certificate store on Windows.

It writes out to the same location from which the XML was opened, using a hard-coded name of "ExtractedCertificate" and an iterator number (as usually the keys are included seven times in a Federation Meta data file).

Not more than five minutes' work, but hope it saves someone from scratching their head at how to import the certificate needed to trust a remote ADFS system.

        System.IO.StreamReader sr = new
                System.IO.StreamReader(openFileDialog1.FileName);
                XmlDocument document = new XmlDocument();
                document.LoadXml(sr.ReadToEnd());
                XmlNode root = document.DocumentElement;
                XmlNamespaceManager NS = new XmlNamespaceManager(document.NameTable);
                NS.AddNamespace("default", "urn:oasis:names:tc:SAML:2.0:metadata");
                NS.AddNamespace("keys", "http://www.w3.org/2000/09/xmldsig");
                NS.AddNamespace("keys1", "http://www.w3.org/2000/09/xmldsig#");
        sr.Close();
                 XmlNodeList cert = root.SelectNodes("descendant::keys1:X509Certificate", 
                 NS); ///KeyDescriptor/KeyInfo/X509Data/X509Certificate
                int i = 1;
                foreach (XmlNode thisNode in cert ){
                    string thisText = thisNode.InnerText;
                    byte[] keydata = Convert.FromBase64String(thisText);
                    var x509c = new X509Certificate2(keydata);
                    if(openFileDialog1.CheckPathExists){
                        string newCert = System.IO.Path.GetDirectoryName(openFileDialog1.FileName) + 
                        "\\ExtractedCertificate" + i + ".cer";
                        System.IO.File.WriteAllText(newCert, Convert.ToBase64String(x509c.Export(X509ContentType.Cert)));
                        i++;
                    }
                }