cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Office 365 SSO

scl-family_1
Copper Contributor

‎Dec 10 2018 05:45 AM

‎Dec 10 2018 05:45 AM

Office 365 SSO

I want to do SSO with Office 365 using thirds Party IDP. After successfully authenticated from IDP got below error .

Please find error for POST request:-

POST error: invalid_grant

error_description: AADSTS70002: Error validating credentials. AADSTS50008: Unable to verify token signature. The signing key identifier does not match any valid registered keys.

 

I have found above error through SAML tracer plugin in Firefox.

 

 

 

 

Labels:
4,702 Views
0 Likes
2 Replies
Reply
2 Replies
Thuyavan Ganesan

‎Dec 10 2018 08:26 AM

‎Dec 10 2018 08:26 AM

Re: Office 365 SSO

Hi,

Please make sure token signing certificate on the IDP and O365 are matches if not please update , it will work

Steps to follow...

http://edoras.sk/sso-issue-with-aadsts50008-unable-to-verify-token-signature/
0 Likes
Reply
scl-family_1

‎Dec 10 2018 11:22 PM

‎Dec 10 2018 11:22 PM

Re: Office 365 SSO

By token do you mean SAML token or Microsoft token signing? Under ADFS,  in the section that shows token signing certificate I see some other certificate than one in IdP but when I try to update it I see a warning message that basically says automatic rollover of certificate feature would no longer work if I choose to put my own certificate. However, I have updated IdP certificate in ADFS using Set-MsolDomainAuthentication and when I retrieve this certificate using Get-MsolDomainFederationSettings -DomainName domain.com I see SigningCertificate identical to signing certificate in IdP.

0 Likes
Reply