Skip to content

Instantly share code, notes, and snippets.

@tcartwright

tcartwright/TestJWKS.ps1

Created June 14, 2025 19:52
Show Gist options
  • Save tcartwright/ef461f8a9c7c76a8888d47e1b95f3bc8 to your computer and use it in GitHub Desktop.
Save tcartwright/ef461f8a9c7c76a8888d47e1b95f3bc8 to your computer and use it in GitHub Desktop.
Download ZIP
POWERSHELL: Test SSO Server JWKS
Raw
TestJWKS.ps1
param (
[string]$JwksUrl = "https://sso.server.com/.well-known/openid-configuration/jwks"
)
Clear-Host
try {
Write-Host "Fetching JWKS from $JwksUrl ..."
$jwksJson = Invoke-RestMethod -Uri $JwksUrl -UseBasicParsing
foreach ($key in $jwksJson.keys) {
if ($key.x5c.Count -gt 0) {
$certBase64 = $key.x5c[0]
$certPem = @"
-----BEGIN CERTIFICATE-----
$certBase64
-----END CERTIFICATE-----
"@
$tempPath = [System.IO.Path]::GetTempFileName() + ".pem"
Set-Content -Path $tempPath -Value $certPem
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($tempPath)
Write-Host "======================="
Write-Host "Key ID: $($key.kid)"
Write-Host "Subject: $($cert.Subject)"
Write-Host "Issuer: $($cert.Issuer)"
Write-Host "Valid From: $($cert.NotBefore.ToUniversalTime()) UTC"
Write-Host "Valid To: $($cert.NotAfter.ToUniversalTime()) UTC"
Write-Host "Thumbprint: $($cert.Thumbprint)"
Write-Host "======================="
Test-Certificate -Cert $cert -ErrorAction SilentlyContinue | Out-Null
Remove-Item $tempPath -Force
} else {
Write-Warning "Key $($key.kid) does not contain an x5c entry."
}
}
}
catch {
Write-Error "Failed to fetch or parse JWKS: $_"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment