SSO issue with “AADSTS50008: Unable to verify token signature.”

Client trying to login to Office 365 portal gets error message

AADSTS50008: Unable to verify token signature. The signing key identifier does not match any valid registered keys.

after replaced ADFS 3.0 Service Communication certificate instead of expired one. Steps were done according to usefull blog article. New cert is valid but clients cannot login to the Portal.


Microsoft recommends to run following command from powershell running on ADFS server only in case if you want manualy renew token signing certificates, but I think it’s good idea to do it in our case:
Update-MSOLFederatedDomain -DomainName [domain name]
The same problem is described here.

How to download inaccessible updates from Microsoft site

If you need download updates for unsupported operating system as is Windows XP, for example NLS support for Remote Desktop Client from URL resp. URL you’ll got error message

We're sorry, this download is no longer available.

There is way how to download it trough Windows Update Catalog site here:

Now you can download the file


That’s all