Click here to Skip to main content
12,997,060 members (74,636 online)
Click here to Skip to main content
Add your own
alternative version


4 bookmarked
Posted 19 Jun 2014

Extract Keys from Federation Meta Data File (ADFS)

, 19 Jun 2014
Rate this:
Please Sign up or sign in to vote.
Quick routine to extract keys from FederationMetaData.xml


This is a simple routine to extract the keys from a Federationmetadata.xml file as found on ADFS sites.

Using the Code

To use the code, download the zip file above which contains a simple Visual Studio (2013) project that wraps the below code with a basic file dialog. Nothing special in this code, it simple opens the FederationMetaData.xml file as a string, injects the necessary namespaces to query for the Key Node and then extracts the Base64-encoded key.

That key is loaded into an x509 object in order to write it to disk as a .cer file.

Which allows import into the certificate store on Windows.

It writes out to the same location from which the XML was opened, using a hard-coded name of "ExtractedCertificate" and an iterator number (as usually the keys are included seven times in a Federation Meta data file).

Not more than five minutes' work, but hope it saves someone from scratching their head at how to import the certificate needed to trust a remote ADFS system.

System.IO.StreamReader sr = new
        XmlDocument document = new XmlDocument();
        XmlNode root = document.DocumentElement;
        XmlNamespaceManager NS = new XmlNamespaceManager(document.NameTable);
        NS.AddNamespace("default", "urn:oasis:names:tc:SAML:2.0:metadata");
        NS.AddNamespace("keys", "");
        NS.AddNamespace("keys1", "");
         XmlNodeList cert = root.SelectNodes("descendant::keys1:X509Certificate",
         NS); ///KeyDescriptor/KeyInfo/X509Data/X509Certificate
        int i = 1;
        foreach (XmlNode thisNode in cert ){
            string thisText = thisNode.InnerText;
            byte[] keydata = Convert.FromBase64String(thisText);
            var x509c = new X509Certificate2(keydata);
                string newCert = System.IO.Path.GetDirectoryName(openFileDialog1.FileName) +
                "\\ExtractedCertificate" + i + ".cer";
                System.IO.File.WriteAllText(newCert, Convert.ToBase64String(x509c.Export(X509ContentType.Cert)));


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Peter Boyall
Technical Lead
United Kingdom United Kingdom
No Biography provided

You may also be interested in...

Comments and Discussions

-- There are no messages in this forum --
Permalink | Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.170622.1 | Last Updated 20 Jun 2014
Article Copyright 2014 by Peter Boyall
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid