Skip to main content


 

Symptoms


When browsing to designer I am redirected to ADFS and can successfully login. I am then redirected back to designer and I receive an error stating "WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'http://adfs.azdps.gov/adfs/services/trust'."
 

Diagnoses


There was a realm entry for ADFS that was incorrect.
 

Resolution

We fixed the "No valid key mapping found for securityToken" by updating a value in the claims tables. The Issuer column of the Identity.ClaimIssuer table for ADFS was set to 'httpS://adfs.azdps.gov/adfs/services/trust' and clearly the error shows that the expectation is an http:// value. (No 's') Updating the entry fixed the issue.

Additional issues...
This error occurred when we tried to navigate to a smartform url.
Server Error :
Exception of type 'System.Web.HttpUnhandledException' was thrown.
Argument 'userFqn' may not be null or empty
Parameter name: userFqn

We reproduced this by taking the Name claim out of the Relying Party Trust claim rules for both SmartForms Designer and Runtime in ADFS. After adding sais entries to the client environment, we resolved the userFQN error.

The next issue, was that we were unable to deploy the K2 for SharePoint app to site collections. When clicking the "Activate" button, nothing happens. (No browser network traces, no fiddler traces, no errors in HS logs, not IIS errors, nothing in the SP ULS logs.)

The was a "known issue" that was addressed in a fix that LABS provided for us. We installed the fix, and we were able to activate the app on the AppCatalog site.

When we tried to appify a list or library, it appears as if we navigate to the AppCatalog site, but when there, we got a "Unknown Error" and things stopped there.
Looking at the SP ULS logs, Emile Kimme found that it appears as if we were not able to find the app. This was because the K2Service account was lacking permissions on the SP search DB.
We need to search for the K2 App, and seeing as we did not have rights to do that, things failed. After giving the K2Service account rights on that DB, we resolved that issue.

When we tried to appify a list or library after that, we saw the "artifacts page", but then saw a 401 and 403 error. After playing around with some scripts to see it the claim was properly hydrated (Which it was) we found that the ADFS configuration was a little "strange". There were multiple "Nick Patterson" users, and after giving the correct user rights, all was well.




 
Be the first to reply!

Reply