attempting to get the sampleapp (a claims aware web forms application) available from mircosoft https://msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/telligent.evolution.components.attachements/01/8598/00/00/03/64/54/88/SampApp%20and%20Rules.zip to run on our web server.
our adfs server is www.fedsvc3copa.beta.pa.gov the sample app is hosted at application is https://costa.beta.pa.gov/ our federation metadata is https://www.fedsvc3copa.beta.pa.gov/federationmetadata/2007-06/FederationMetadata.xml
unfortunately believe I have something/s incorrect in my web config and struggling to find it. when I browse to https://costa.beta.pa.gov/ I receive
WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'http://www.fedsvc3copa.beta.pa.gov/adfs/services/trust'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.IdentityModel.Tokens.SecurityTokenValidationException: WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'http://www.fedsvc3copa.beta.pa.gov/adfs/services/trust'.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SecurityTokenValidationException: WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'http://www.fedsvc3copa.beta.pa.gov/adfs/services/trust'.]
System.IdentityModel.Tokens.SamlSecurityTokenHandler.ValidateToken(SecurityToken token) +1461
System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri) +135
System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) +666
System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +467
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +139 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +195 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +88Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.3163.0
I have included my web config below if anyone notices anything that is incorrect.
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<customErrors mode="Off"/>
<authorization>
<deny users="?" />
</authorization>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" requestValidationMode="4.5" />
<machineKey decryptionKey="5D497CFB20EB5927CB3FC44F65DBD3C6D6C366ACFCF20DC5" validationKey="80546F84BEDD8B38A995CCDD44E01C1794861685E605ECBFB5A231EAA7EAD9A99977312362EBDD2B9727F9357AF9A161F97AD49DD6E34E7CFC22D572BD4B90FD" />
</system.web>
<appSettings>
<add key="ida:FederationMetadataLocation" value="https://www.fedsvc3copa.beta.pa.gov/federationmetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Issuer" value="https://www.fedsvc3copa.beta.pa.gov/adfs/ls/" />
<add key="ida:ProviderSelection" value="productionSTS" />
<add key="ida:EnforceIssuerValidation" value="false" />
</appSettings>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://costa.beta.pa.gov/" />
</audienceUris>
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="http://sts.costa.beta.pa.gov/adfs/services/trust"><keys><add thumbprint="I put my thumbprint here" /></keys><validIssuers><add name="sts.contoso.com" /></validIssuers></authority></issuerNameRegistry>-->
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="http://sts.costa.beta.pa.gov/adfs/services/trust"><keys><add thumbprint="?I put my thumbprint here" /></keys><validIssuers><add name="sts.contoso.com" /></validIssuers></authority></issuerNameRegistry>-->
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="https://www.fedsvc3copa.beta.pa.gov/adfs/services/trust">
<keys>
<add thumbprint="I put my thumbrint here " />
</keys>
<validIssuers>
<add name="https://www.fedsvc3copa.beta.pa.gov/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true" issuer="https://www.fedsvc3copa.beta.pa.gov/adfs/ls/" realm="https://costa.beta.pa.gov/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
</configuration>
From memory, it's because that certificate that matches that thumbprint isn't in the certificate store - local computer.