Forum Discussion
Office 365 SSO
I want to do SSO with Office 365 using thirds Party IDP. After successfully authenticated from IDP got below error .
Please find error for POST request:-
POST error: invalid_grant
error_description: AADSTS70002: Error validating credentials. AADSTS50008: Unable to verify token signature. The signing key identifier does not match any valid registered keys.
I have found above error through SAML tracer plugin in Firefox.
- Hi,
Please make sure token signing certificate on the IDP and O365 are matches if not please update , it will work
Steps to follow...
http://edoras.sk/sso-issue-with-aadsts50008-unable-to-verify-token-signature/By token do you mean SAML token or Microsoft token signing? Under ADFS, in the section that shows token signing certificate I see some other certificate than one in IdP but when I try to update it I see a warning message that basically says automatic rollover of certificate feature would no longer work if I choose to put my own certificate. However, I have updated IdP certificate in ADFS using Set-MsolDomainAuthentication and when I retrieve this certificate using Get-MsolDomainFederationSettings -DomainName domain.com I see SigningCertificate identical to signing certificate in IdP.
