Update Thumbprint in Web.Config After Updating ADFS 2.0 Certificate

Recently I had to replace an expired certificate on my ADFS 2.0 machine.  I followed the instruction on the TechNet wiki found here.

http://social.technet.microsoft.com/wiki/contents/articles/2554.ad-fs-2-0-how-to-replace-the-ssl-service-communications-token-signing-and-token-decrypting-certificates.aspx

The instructions were great but there is one more step that you need to complete before your website will connect correctly.

Once you have the thumbprint of the certificate you are using for ADFS 2.0 you must then update the web.config of each website that is utilizing ADFS for authentication.  Be careful when copying the thumbprint from the certificate properties window.  Make sure to remove all the spaces between the data before pasting it into the thumbprint property of the web.config.

image

Comments

  1. Hi Rick,

    Thanks for the great post.

    One thing thing that I have encountered is I have done exactly what you suggest, unfortunatley I still get this error:

    WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'http://adfs.XXXX.XXX/adfs/services/trust'.


    Any thoughts

    Thanks
    Pierre

    ReplyDelete
  2. I found this site today while searching an error I was getting after a cert roll over. You saved me a ton of time and Google-Fu for this answer. Thank you!

    ReplyDelete
  3. I know this post has been around for a while, but this process still hasn't gotten any easier. I felt I should add here that the Windows certificate dialog will sometimes include an invisible RTL character when copying. I can reproduce it about 50% of the time and it is takes some effort to spot it. In Notepad++, it will not show when turning "show all characters" on. You have to switch to ANSI encoding to see it. Pasting into any non-Unicode application like plain notepad will make it apparent though.

    ReplyDelete
  4. Thank you a lot Mike Podruchny!
    That saved us at least hours, if not days!
    Can't believe Microsoft would do something like that

    ReplyDelete
  5. I appreciate your efforts which you have put into this article.When to write a work certificate Genuinely it is a useful article to increase our knowledge. Thanks for share an article like this.

    ReplyDelete

Post a Comment

Popular posts from this blog

Add User As Local Administrator On Domain Controller

Calling Dataverse Web API in PowerShell using Client Credentials

Windows Server 2008R2 VMs Shut Down After 1 to 2 Hours