locked
Cannot find certificate to validate message/token signature obtained from claims provider RRS feed

  • Question

  • Hi,

    I get this error when authenticating a user in Azure AD through ACS and ADFS.

    My scenario, ACS as claim provider trust in ADFS.

    ACS Identity provider is Office 365 (Azure AD)

    My web app connect to ACS provider in ADFS but as per the error message, looks like ADFS can't validate the token received as is missing a certificate, which certificate is this?

    What I have done to create the claims provider trust is to import data using with the Office 365 fedaration metadata, as I did in the past for other ACS.

    Do you know which certificate could be missing?

    Tuesday, August 29, 2017 11:36 AM

Answers

  • Hi, It was an issue with the signing certificate in the ACS!
    • Marked as answer by RDevelopment Wednesday, August 30, 2017 10:55 AM
    Wednesday, August 30, 2017 10:55 AM

All replies

  • This is Event 371 - where the claims provider trust configuration is out of date. You can verify that the claims provider trust configuration is up to date. Specifically, verify that the claims provider trust has the current certificates in its configuration.

    Ref: Troubleshooting token acceptance problems with ADFS 2.0

    ---------------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Tuesday, August 29, 2017 1:29 PM
  • Yes, claims provider has it's certificate.

    I just created and updated the claims provider today, and the ACS was created this week, so I don't see how this can be out of date.

    Any other input please?

    Tuesday, August 29, 2017 1:35 PM
  • Hi, It was an issue with the signing certificate in the ACS!
    • Marked as answer by RDevelopment Wednesday, August 30, 2017 10:55 AM
    Wednesday, August 30, 2017 10:55 AM