PowerShell scripts for pulling SAML IdP and SP settings from metadata, with AD FS and Okta examples. Get the last (or only) signing key from WS-Federation FederationMetadata.xml like AD FS publishes for signature certificate rollover (PowerShell)

Get-IdP-Settings-From-SP.ps1

# Get settings to enter on the Identity Provider (IdP) to allow authentication to Service Provider (SP)
function Get-IdP-Settings-From-SP($Metadata) {
    [xml]$SPMetadata = $Metadata
    $SPAssertionConsumerServiceURL = $SPMetadata.EntityDescriptor.SPSSODescriptor.AssertionConsumerService |
    ? {$_.Binding -eq "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"} |
    % {$_.Location}
    $SPIssuerURI = $SPMetadata.EntityDescriptor.entityID
    $SPSignatureCertificate = $SPMetadata.EntityDescriptor.SPSSODescriptor.KeyDescriptor |
    ? {$_.use -eq "signing"} |
    Select-Object -Last 1 |
    % {$_.KeyInfo.X509Data.X509Certificate}
    Write-Host "SP Issuer URI: $SPIssuerURI"
    Write-Host "SP Assertion Consumer Service URL: $SPAssertionConsumerServiceURL"
    Write-Host "SP Signature Certificate:"
    Write-Host $SPSignatureCertificate
}

Get-SP-Settings-From-IdP.ps1

# Get settings to enter on the Service Provider (SP) to have it trust your Identity Provider (IdP)
function Get-SP-Settings-From-IdP($Metadata) {
    [xml]$IdPMetadata = $Metadata
    $IdPSingleSignOnURL = $IdPMetadata.EntityDescriptor.IDPSSODescriptor.SingleSignOnService |
    ? {$_.Binding -eq "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"} |
    % {$_.Location}
    $IdPIssuerURI = $IdPMetadata.EntityDescriptor.entityID
    $IdPSignatureCertificate = $IdPMetadata.EntityDescriptor.IDPSSODescriptor.KeyDescriptor |
    ? {$_.use -eq "signing"} |
    Select-Object -Last 1 |
    % {$_.KeyInfo.X509Data.X509Certificate}
    Write-Host "IdP Issuer URI: $IdPIssuerURI"
    Write-Host "IdP Single Sign-On URL: $IdPSingleSignOnURL"
    Write-Host "IdP Signature Certificate:"
    Write-Host $IdPSignatureCertificate
}

Usage-Example-AD-FS.ps1

# Get settings to enter on the Service Provider (SP) to have it trust your Identity Provider (IdP)
# AD FS is the IdP. Replace idp-fs.contoso.com with your IdP AD FS hostname
$FederationMetadataUri = "https://idp-fs.contoso.com/federationmetadata/2007-06/federationmetadata.xml"
Get-SP-Settings-From-IdP (Invoke-RestMethod -Uri $FederationMetadataUri)

# Get settings to enter on the Identity Provider (IdP) to allow authentication to Service Provider (SP)
# AD FS is the IdP. Replace sp-fs.contoso.com with your SP AD FS hostname
$FederationMetadataUri = "https://sp-fs.contoso.com/federationmetadata/2007-06/federationmetadata.xml"
Get-IdP-Settings-From-SP (Get-Content 'metadata.xml')

Usage-Example-Okta.ps1

# Get settings to enter on the Service Provider (SP) to have it trust your Identity Provider (IdP)
# Download the metadata file from your IdP:
# In the Okta Admin console:
# 1. Navigate to the SAML 2.0 app you created
# 2. Switch to that app's Sign-On tab
# 3. Click the Identity Provider Metadata link
# 4. Rename the downloaded file to idp_metadata.xml
Get-SP-Settings-From-IdP (Get-Content 'idp_metadata.xml')

# Get settings to enter on the Identity Provider (IdP) to allow authentication to Service Provider (SP)
# Download the metadata file from your SP:
# In the Okta Admin console:
# 1. Navigate to the SAML 2.0 Identity Provider you created
# 2. Switch to that app's Sign-On tab
# 3. Click Download Metadata link
# 4. Rename the downloaded file to sp_metadata.xml
Get-IdP-Settings-From-SP (Get-Content 'sp_metadata.xml')

What module of powershell are you using or importing?