Topic
After following the instructions from the help documentation to manually configuring K2 to use AAD for authentication, users are still unable to login to K2 with their AAD credentials, and the following error message is shown:
WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'https://sts.windows.net/...'
Instructions
Go to K2 Management > Authentication > Claims > Issuers, edit the issuer you have configured for AAD. Make sure there is no whitespace appended or prepended to URI, Issuer and Thumbprint. The values for these 3 fields should not have any whitespace.
Alternatively, you can run the following on K2 database to check for whitespaces:
SELECT [ID], [Name], [Description], '[' + [Issuer] + ']' AS [Issuer], '[' + [Thumbprint] + ']' AS [Thumbprint], '[' + [Uri] + ']' AS [Uri], [MetadataUrl]FROM [Identity].[ClaimIssuer]WHERE [Issuer] LIKE '%https://sts.windows.net%'
The above query has included brackets to enclose the values for Issuer, Thumbprint and Uri to help spot for whitespaces. Look out for whitespaces that appear between the brackets and the actual value in the results.
If you spot any whitespace, remove it with K2 Management, save the changes, restart K2 service and perform IISRESET.