Attempting to login to K2 with ADFS results in error: "WIF10201: No valid key mapping found for securityToken" 

  • 15 February 2022
  • 0 replies

Userlevel 5
Badge +20

Attempting to login to K2 with ADFS results in error: "WIF10201: No valid key mapping found for securityToken" 


K2 Five
K2 Five (all)
Troubleshooting Document
How to Document
Troubleshooting Tool
This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.


When attempting to login to K2 with ADFS, the following error is presented:





The likeliest cause of this error is hidden characters and/or leading/trailing white spaces.

Copying the thumbprint from the Certificate details window and deleting the in-between spaces will usually introduce this issue:


The default 'UTF-8' encoding will not show these hidden characters. To see it, you can use Notepad++ or another tool with ANSI encoding.

The following PowerShell can be used instead to retrieve the token signing thumbprint and will not introduce hidden characters or white spaces:

Get-AdfsCertificate -CertificateType Token-Signing
$a = Get-AdfsCertificate -CertificateType Token-Signing

Troubleshooting Steps

To check if your thumbprint is valid via SQL Management Studio, replace the placeholder value {NameOfYourADFSClaimIssuer} and run the following SELECT query against your K2 database:

SELECT DATALENGTH([Thumbprint]) FROM [Identity].[ClaimIssuer]
WHERE [Name] = '{NameOfYourADFSClaimIssuer}'

A datalength of 80 indicates a clean thumbprint value.  A datalength greater than 80 indicates hidden characters and/or leading/trailing white space.

Alternatively, you can also export the [ClaimIssuer] table to .csv file, open in NotePad++ (or another tool) and set Encoding to ANSI to see if hidden characters or white spaces exist.

To resolve the issue, navigate to the issuer in the K2 Management site, use 'CTRL + A' to select all characters in the thumbprint textbox (visible or hidden) and delete the value, then manually type in the thumbprint.  You can also use NotePad++ with ANSI encoding to ensure that hidden characters and spaces do not exist if copying and pasting; or the Powershell previously provided.



0 replies

Be the first to reply!