No valid key mapping found for securityToken

Question

I am developing test application for displaying claims of authenticated identity in MVC-ASP.net (Visual studio 2013) I have given authentication from active directory in following way.

1.Add new mvc project in solution . 2.click on Change authentication. 3.select organization account 4.select on premises. 5.given federation url 6.App Id url

After running the application i am getting following error.

WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'http://websso.avanade.com/adfs/services/trust'

This error is coming only for this federation for other federation i am able to see claims.

After searching on internet i am thinking that it is certificate(thumbprint) issue. But I am not clear with solutions.

Can anybody explain me why this error throwing and solution for the same.

Thanks in Advance !!!

Answer 1

There could be 2 causes for this error.

1. Missing thumbprint in web.config: Get the actual thumbprint from ADFS and put in web.config under the thumbprint tag

2. Mismatch in port number between the site and ADFS configuration: Update ADFS configuration with the url containing the correct port number

The second solution fixed it for me...

Answer 2

I ran into this while trying to update a legacy MVC application to use AAD.

I based the changes on a newly created project with organizational authentication and noticed I did not have a connection string named DefaultConnection, which the DatabaseIssuerNameRegistry assumes you will, nor did I have either of the required tables in the database.

Using Vittorio Bertocci's great post with all the details, I refactored the code to integrate the new database tables, created and applied a migration, and inserted the appropriate key and tenant in the new IssuingAuthorityKey and Tenant tables, respectively. I also had to make sure to change the DatabaseIssueNameRegistry to use the existing DbContext.