All geek questions in one place

The correct key mapping for securityToken was not found

I am developing a test application to display authenticated authentication claims in MVC-ASP.net (Visual studio 2013) I gave authentication from the active directory as follows.

1. Add a new mvc project to the solution. 2. Click "Change Authentication." 3. Select an organization account 4. Select on premises. 5. Enter the Federation URL 6.App Id url

After starting the application, I get the following error.

WIF10201: The correct key mapping was not found for securityToken: "System.IdentityModel.Tokens.X509SecurityToken" and issuer: http://websso.avanade.com/adfs/services/trust '

This error is only suitable for this federation, for another federation. I can see the claims.

After searching the Internet, I think this is a problem with the certificate (fingerprint). But I do not understand the solutions.

Can someone explain to me why this error throws and a solution for the same.

Thanks in advance!

+6
source share
3 answers

There can be 2 reasons for this error.

  • The fingerprint in the web.config file is missing. Get the actual fingerprint from ADFS and place it in web.config under the fingerprint tag.

  • Port number mismatch between site and ADFS configuration: Update ADFS with a URL containing the correct port number

The second solution fixed this for me ...

+6
source

I came across this while trying to update an outdated MVC application to use AAD.

I based the changes in the newly created project with organizational authentication and noticed that I did not have a connection string named DefaultConnection , which is supposed to be DatabaseIssuerNameRegistry , and I did not have any of the required tables in the database.

Using the Vittorio Bertocci excellent post with all the details , I reorganized the code to integrate the new database tables, created and applied the migration, and inserted the corresponding key and tenant into the new IssuingAuthorityKey and Tenant tables, respectively. I also had to change DatabaseIssueNameRegistry to use an existing DbContext .

+1
source

For solutions created in VS2013 and later, the solution should contain logic for automatic key switching. No need to put the value in the web.config file.

You may encounter this problem when moving a solution from local to another. In this case, you will probably try to point your decision to a new application in Azure Active Directory. Check the following:

  • Make sure all the URLs in web.config point to the correct URL, and not the one that is automatically generated when locally hosted.
  • Remove all enteries from the IssueAuthorityKeys table. Keys will auto-populate when you re-build the solution and run it. On the server, you may need to replace the dll manually so that it updates
  • Last and most important, delete all rows from the Tenants table. When you start a new environment for the first time, an administrator from Active Directory Active Directory must register and authorize the application.

If the values ​​in both tables still do not populate automatically after these steps, check out this article for steps on how to manually get the values.

0
source

Source: https://habr.com/ru/post/971044/

More articles:


All Articles