Client trying to login to Office 365 portal gets error message
AADSTS50008: Unable to verify token signature. The signing key identifier does not match any valid registered keys.
after replaced ADFS 3.0 Service Communication certificate instead of expired one. Steps were done according to usefull blog article. New cert is valid but clients cannot login to the Portal.
Solution?
Microsoft recommends to run following command from powershell running on ADFS server only in case if you want manualy renew token signing certificates, but I think it’s good idea to do it in our case:
Update-MSOLFederatedDomain -DomainName [domain name]
The same problem is described here.