Get expiration date of signing certificate(s) within a SAML metadata file

Question

I have about 30 SAML configurations from various vendors, all are metadata files that reside on the internet (Azure AD, Auth0 and a couple other identity providers).

Is there a tool that exists to extract the expiration date from the signing cert in the metadata file? So I can keep track of all the expiration? Preferably a CLI.

Answer 1

For workaround you can use this powershell command to get the expiry time of siging certificate that is uploaded in Azure AD application.

Based on your requirements you can edit the code and pull the certificate from metafiles rather than directly from AzureAD application.

$expired  =  Get-AzureADApplication  -All:$true  |  ForEach-Object {
$app  =  $_
@(
Get-AzureADApplicationKeyCredential  -ObjectId  $_.ObjectId
$CustomKeyIdentifier  = (Get-AzureADApplicationKeyCredential  -ObjectId  $_.ObjectID).CustomKeyIdentifier
)|  Where-Object {
$_.EndDate }|  ForEach-Object {
$id  =  "Not set"
if($CustomKeyIdentifier) {
$id  =  [System.Convert]::ToBase64String($CustomKeyIdentifier)
}
[PSCustomObject] @{
App =  $app.DisplayName
ObjectID =  $app.ObjectId
AppId =  $app.AppId
Type =  $_.GetType().name
KeyIdentifier =  $id
EndDate =  $_.EndDate
}
}
}
$expired  |  Export-CSV 'C:\test.csv

Reference : How to retrieve thumbprint expiry date of enterprises application in azuread