No valid key mapping found for securityToken

2019-03-28 03:42发布

I am developing test application for displaying claims of authenticated identity in MVC-ASP.net (Visual studio 2013) I have given authentication from active directory in following way.

1.Add new mvc project in solution . 2.click on Change authentication. 3.select organization account 4.select on premises. 5.given federation url 6.App Id url

After running the application i am getting following error.

WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'http://websso.avanade.com/adfs/services/trust'

This error is coming only for this federation for other federation i am able to see claims.

After searching on internet i am thinking that it is certificate(thumbprint) issue. But I am not clear with solutions.

Can anybody explain me why this error throwing and solution for the same.

Thanks in Advance !!!

3条回答
够拽才男人
2楼-- · 2019-03-28 03:52

I ran into this while trying to update a legacy MVC application to use AAD.

I based the changes on a newly created project with organizational authentication and noticed I did not have a connection string named DefaultConnection, which the DatabaseIssuerNameRegistry assumes you will, nor did I have either of the required tables in the database.

Using Vittorio Bertocci's great post with all the details, I refactored the code to integrate the new database tables, created and applied a migration, and inserted the appropriate key and tenant in the new IssuingAuthorityKey and Tenant tables, respectively. I also had to make sure to change the DatabaseIssueNameRegistry to use the existing DbContext.

查看更多
啃猪蹄的小仙女
3楼-- · 2019-03-28 04:03

For solutions created in VS2013 and later, the solution should contain the logic to roll over keys automatically. No need to put the value in the web.config file.

You might run into this issue when migrating your solution from local to another environment. In that case you will probably try to point your solution to a new application in Azure Active Directory. Check the following:

  • Make sure all urls in the web.config are pointing to the correct url not the one automatically generated when you set it up locally
  • Remove all enteries from IssuingAuthorityKeys table. The keys will autopopulate when you re-build the solution and run it. On the server you might need to replace the dlls manually for it to refresh
  • Last and most important, delete all rows from the Tenants table. On the first run on the new environment, an Admin from the owning Active Directory has to sign up and authorize the application.

If the values in both tables are still not populated automatically after these steps, check this article for steps on how to manually get the values.

查看更多
太酷不给撩
4楼-- · 2019-03-28 04:10

There could be 2 causes for this error.

  1. Missing thumbprint in web.config: Get the actual thumbprint from ADFS and put in web.config under the thumbprint tag

  2. Mismatch in port number between the site and ADFS configuration: Update ADFS configuration with the url containing the correct port number

The second solution fixed it for me...

查看更多
登录 后发表回答