Monday, March 20, 2017

ADFS : WIF10201: No valid key mapping found

The error is:

WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'http://MY-ADFS/adfs/services/trust'.

I have a simple WIF application circa VS 2012 that I use to display claims and ported it over to use on ADFS 4.0.

Then I got the above error.

The solution is as per Signing key rollover in Azure Active Directory.

Yes - it says AAD but the client-side code for ADFS is the same since it's all driven from the metadata.

Use the code from: "Web applications protecting resources and created with Visual Studio 2012".

When I compared the web.config changes, the error seemed to be because the server name is "MY-ADFS" (in caps) but I had written "my-adfs" (no caps) in the web.config.

The thumbprint was also in caps. (Although I've never had an issue with that).

It gives you a nice comment:

"Element below commented by: ValidatingIssuerNameRegistry.WriteToConfg on: '20/03/2017 1:00:16 a.m. (UTC)'. Differences were found in the Metadata from: ..."

Enjoy!

2 comments:

Unknown said...

Oh my goodness!!!

Thanks for this post. Amid all the "Check the ThumbPrint" blogs for this error you were the first to hit the reason my installation was not working. The servernames are Case Sensitive in the web.config.

Thanks

Anonymous said...

I am a novice to ADFS and couldn't get my testlab to work. Having no experience with the topic I didn't have much hope resolving the error. Thumbprints were OK. I was on the edge of giving up when I finally read this post. Case sensitive server names in Web.config, I don't believe it!! Updated Web.config, signed in and there was the claim!

Thank you for saving my day!

Thorsten