WIF10201: No valid key mapping found for securityToken
This was the error that just kept on coming back.
First solution: I had to pick a key (on my Identity Server) that could be used for signing. Not all keys will work. Next, I had to make sure the key was readable by the machine (or equiv app pool identity) and select it within Identity Server’s Key Configuration screen.
Second solution: I had the wrong values in the web.config (not identity server. This was in the web config on my “RP” site). The \system.identityModel\identityConfiguration\issuerNameRegistry\authority:name needed to be set properly. This is the URL and path to your ID server.
Third solution: I made the mistake of putting the server name as a “validIssuer”. The Identity Server URL is NOT NECESSARILY the same value that goes under the .\authority\validIssuers\add:name entries. The proper name for .\validIssuers\ is supposed to come from the (Identity Server) FederationMetadata.xml on the first line. It is the entityID.
For me, the entityID had VERY similar name to the server’s URL (but not exactly), and I stared at it for a few hours without noticing the difference. Of course, you can add several entries for validIssuers. So try several values until you get it right and then later, you can remove the ones that you don’t need. Or just leave them in there. Whatever.