Skip to main content


 

Symptoms


Unable to access SMB portal. Getting a WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer '': When accessing the designer.
 

Diagnoses



This error usually is related to the fact that the signing certificate has changed, is expired of has some wrong characters in the database field of the thumbprint column.


 

Resolution

The URL of the certificate thumbprint for the sts uses two signing certificates. after changing the thumbprint of the certificate and performing an K2 Service restart we were able to gain access.

We were able to see the certificates using the federation metadata of the sts Url, copying the encrypted certificate section and saving it as a .cert file so we can open it later and check the thumbprint.

The federation Metadata document XML has two signing certs. Checking the URL

https://STS URL/federationmetadata/2007-06/federationmetadata.xml
Scroll all the way to the bottom
Copy the X509Certificate to Notepad and save as .cer for both (K2 documentation Page 7)
Check the thumbprints, I got them using your federation Metadata document URL above
Thumb 1 -
Thumb 2 -
The Identity.ClaimIssuer (https://sts.windows.....) was using this thumbprint
Thumb 2
Changing it to
Thumb 1
Made it work

 




 
Be the first to reply!

Reply