Claims authentication help

  • 19 February 2015
  • 0 replies
  • 3 views

Badge +4


 

Symptoms


Claims authentication help:

System.IdentityModel.Tokens.X509SecurityToken
 

Diagnoses


We are getting this error when accessing k2:
WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'http://adfs/adfs/services/trust'.

We are using claims authentication with our k2 server. Upon further investigation our adfs server auto renewed it's token signing certficate. So I suspect that is what is causing this error. I have exported the cert from adfs and have attempted to install new certificate on the k2 server but the error still persists. I've restarted after adding the new cert also. Is there something else I need to do from a k2 perspective to take the new cert if that is even the problem?
 

Resolution


After the certificate was renewed, the thumbprint for the new ADFS Signing certificate must be updated in the database. After Matt did this the issue persisted. There is a known issue with the GUI of the Certificates when you copy the Thumbprint directly, It has Invisible UNICODE characters in it. So when you update the thumbprint directly from certificate GUI to the database column it will contain the hidden characters. So, to fix or prevent this:

1. Open a new notepad text file.
2. Type the certificate thumbprint in upper caps.
3. Update the identity.Claimissuer thumbprint column with the thumbprint copied from notepad.
4. Save it and restart the K2 Service.

If you want to know if the thumbprint value from the database contains Unicode in it:

1. Copy the value from the Thumbprint column to a new notepad text file.
2. Save it and if it contains it will show an warning about it contains Unicode and should be saved as UNICODE.

Here is the MS link with the full explanation:

http://support.microsoft.com/kb/2023835.




 

0 replies

Be the first to reply!

Reply