Update Thumbprint in Web.Config After Updating ADFS 2.0 Certificate

Recently I had to replace an expired certificate on my ADFS 2.0 machine.  I followed the instruction on the TechNet wiki found here.

http://social.technet.microsoft.com/wiki/contents/articles/2554.ad-fs-2-0-how-to-replace-the-ssl-service-communications-token-signing-and-token-decrypting-certificates.aspx

The instructions were great but there is one more step that you need to complete before your website will connect correctly.

Once you have the thumbprint of the certificate you are using for ADFS 2.0 you must then update the web.config of each website that is utilizing ADFS for authentication.  Be careful when copying the thumbprint from the certificate properties window.  Make sure to remove all the spaces between the data before pasting it into the thumbprint property of the web.config.

image

Comments

  1. Pierre Andre JoubertMay 18, 2014 at 7:08 PM

    Hi Rick,

    Thanks for the great post.

    One thing thing that I have encountered is I have done exactly what you suggest, unfortunatley I still get this error:

    WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'http://adfs.XXXX.XXX/adfs/services/trust'.


    Any thoughts

    Thanks
    Pierre

    ReplyDelete
  2. AnonymousJune 20, 2017 at 3:44 PM

    I found this site today while searching an error I was getting after a cert roll over. You saved me a ton of time and Google-Fu for this answer. Thank you!

    ReplyDelete
  3. UnknownJanuary 25, 2018 at 12:55 PM

    I know this post has been around for a while, but this process still hasn't gotten any easier. I felt I should add here that the Windows certificate dialog will sometimes include an invisible RTL character when copying. I can reproduce it about 50% of the time and it is takes some effort to spot it. In Notepad++, it will not show when turning "show all characters" on. You have to switch to ANSI encoding to see it. Pasting into any non-Unicode application like plain notepad will make it apparent though.

    ReplyDelete
  4. AnonymousMay 25, 2018 at 3:34 AM

    Thank you a lot Mike Podruchny!
    That saved us at least hours, if not days!
    Can't believe Microsoft would do something like that

    ReplyDelete
  5. William JessieMarch 15, 2021 at 11:41 AM

    I appreciate your efforts which you have put into this article.When to write a work certificate Genuinely it is a useful article to increase our knowledge. Thanks for share an article like this.

    ReplyDelete

Post a Comment

Popular posts from this blog

Add User As Local Administrator On Domain Controller

I recently was settting up a new Microsoft SharePoint 2010 machine and had promoted the machine to a domain controller before creating my SharePoint admin accounts.  I needed to add several of my accounts to the local Administrators group.  Unfortunately after you promote a server to a domain controller you can no longer access the GUI for Local Users and Groups.  Instead I had to use the command line to add the users. Open a command promt using the "Run as administrator" function and then run the following command. net localgroup Administrators /add {domain}\{user} Note: do not include the {} brackets.
Read more

Calling Dataverse Web API in PowerShell using Client Credentials

Image
Connecting to Dataverse using PowerShell can be very helpful for data migrations and use within Azure DevOps. Connecting to an instance in a non-interactive way can be tricky though. This article will provide you the links you need for creation and App registration and adding the app user to your environment. You can then utilize the script provided to call Web API requests including ones you define using the new Custom API functionality now available. The script was written so that it is not dependent on any outside libraries such as the Microsoft.Xrm.Tooling connector. This is helpful in situation where involving an outside library will slow down your deployment time by having to be approved in a change control board. If utilizing an outside code library is not a concern you can create a connection to Dataverse utilizing the Microsoft.Xrm.Tooling connector Get-CrmConnection cmdlet. Create App Registration The first thing to do is create an App Registration within Azure AD for
Read more

Windows Server 2008R2 VMs Shut Down After 1 to 2 Hours

Image
When created a lab environment to test ADFS 2.0 I utilized the Windows 2008R2 VM baselines distributed by Microsoft.  After a few days I was told that I had to activate.  The VMs included a 180 day license for use but I didn't feel like adding another network adapter into Hyper-V to connect them to the internet.  I started having issues though where the servers would shut down every hour or so.  I though that maybe there was a memory issue and Hyper-V was shutting them down in order to free up RAM.  Turns out that if Server 2008R2 is not activated it automatically shuts down after a period of time.  After connecting the server to the internet and activating them the problem went away. Finally the madness of the unknown shut downs has ended :)
Read more