SSO issue with “AADSTS50008: Unable to verify token signature.”

Client trying to login to Office 365 portal gets error message

AADSTS50008: Unable to verify token signature. The signing key identifier does not match any valid registered keys.

after replaced ADFS 3.0 Service Communication certificate instead of expired one. Steps were done according to usefull blog article. New cert is valid but clients cannot login to the Portal.

Solution?

Microsoft recommends to run following command from powershell running on ADFS server only in case if you want manualy renew token signing certificates, but I think it’s good idea to do it in our case:
Update-MSOLFederatedDomain -DomainName [domain name]
The same problem is described here.

  1. Keith left a comment on June 19, 2017 at 4:11 PM

    Is it possible for this to only affect one user?

  2. Sven left a comment on August 21, 2017 at 4:33 PM

    Worked for me !

    Thx !!!

Leave a Comment

Your email address will not be published. Required fields are marked *