WIF10201: No valid key mapping found for securityToken (part 2)

YSOD:

Server Error in ‘/RPTestSite’ Application.

WIF10201: No valid key mapping found for securityToken: ‘System.IdentityModel.Tokens.X509SecurityToken’ and issuer: ‘htt…com/IdentityServer’.

This one was caused by Load-balanced Identity Servers. Somehow, my admin got two different certificates with similar names. Normally, if you are not using the exact same cert on both servers, one server will work and the other server will have errors. However, since Identity Server seems to look up the certificates by their names, if the names (of the certificates) are the same, then the identity server will use the two different certificates without an error, but the thumbprints will be different.

In that case, your RP (config) needs to add thumbprints for both servers (they DEFINITELY will be different).

So, for your RP, in the web.config, under

\system.identityModel\identityConfiguration\issuerNameRegistry\authority\
  name=(certificate issuer)
  (and under)
  .\keys\ 

make sure there is one “add thumbprint” entry for each server.

Advertisements

About Tim Golisch

I'm a geek. I do geeky things.
This entry was posted in Errors, Lessons Learned and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s