Update Thumbprint in Web.Config After Updating ADFS 2.0 Certificate

Recently I had to replace an expired certificate on my ADFS 2.0 machine.  I followed the instruction on the TechNet wiki found here.

http://social.technet.microsoft.com/wiki/contents/articles/2554.ad-fs-2-0-how-to-replace-the-ssl-service-communications-token-signing-and-token-decrypting-certificates.aspx

The instructions were great but there is one more step that you need to complete before your website will connect correctly.

Once you have the thumbprint of the certificate you are using for ADFS 2.0 you must then update the web.config of each website that is utilizing ADFS for authentication.  Be careful when copying the thumbprint from the certificate properties window.  Make sure to remove all the spaces between the data before pasting it into the thumbprint property of the web.config.

image

Comments

Hi Rick,

Thanks for the great post.

One thing thing that I have encountered is I have done exactly what you suggest, unfortunatley I still get this error:

WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'http://adfs.XXXX.XXX/adfs/services/trust'.


Any thoughts

Thanks
Pierre
Dave Dwyer, Jr. said…
I found this site today while searching an error I was getting after a cert roll over. You saved me a ton of time and Google-Fu for this answer. Thank you!
Mike Podruchny said…
I know this post has been around for a while, but this process still hasn't gotten any easier. I felt I should add here that the Windows certificate dialog will sometimes include an invisible RTL character when copying. I can reproduce it about 50% of the time and it is takes some effort to spot it. In Notepad++, it will not show when turning "show all characters" on. You have to switch to ANSI encoding to see it. Pasting into any non-Unicode application like plain notepad will make it apparent though.
Anonymous said…
Thank you a lot Mike Podruchny!
That saved us at least hours, if not days!
Can't believe Microsoft would do something like that

Popular posts from this blog

Add User As Local Administrator On Domain Controller

An error occurred while applying security information to

Display ADFS 2.0 Forms Authentication Login Page Instead of Windows Authentication Prompt