Attempting to login to K2 with ADFS results in error: "WIF10201: No valid key mapping found for securityToken"
KBS100258
PRODUCTIssue
When attempting to login to K2 with ADFS, the following error is presented:
ADFS was configured as per:
https://help.k2.com/onlinehelp/k2five/icg/5.3/default.htm#Configure/SF/MultiAuthADFS.htm
Symptoms
The likeliest cause of this error is hidden characters and/or leading/trailing white spaces.
Copying the thumbprint from the Certificate details window and deleting the in-between spaces will usually introduce this issue:
The following PowerShell can be used instead to retrieve the token signing thumbprint and will not introduce hidden characters or white spaces:
$a = Get-AdfsCertificate -CertificateType Token-Signing
$a.Thumbprint
Troubleshooting Steps
To check if your thumbprint is valid via SQL Management Studio, replace the placeholder value {NameOfYourADFSClaimIssuer} and run the following SELECT query against your K2 database:
WHERE [Name] = '{NameOfYourADFSClaimIssuer}'
A datalength of 80 indicates a clean thumbprint value. A datalength greater than 80 indicates hidden characters and/or leading/trailing white space.
Alternatively, you can also export the [ClaimIssuer] table to .csv file, open in NotePad++ (or another tool) and set Encoding to ANSI to see if hidden characters or white spaces exist.
To resolve the issue, navigate to the issuer in the K2 Management site, use 'CTRL + A' to select all characters in the thumbprint textbox (visible or hidden) and delete the value, then manually type in the thumbprint. You can also use NotePad++ with ANSI encoding to ensure that hidden characters and spaces do not exist if copying and pasting; or the Powershell previously provided.