This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice This article is not considered official documentation for K2 software and is provided “as is” with no warranties.

Issue

This occurs when you have an environment set up using SQL Azure sign in which used to work before upgrading to K2 Five. When you attempt to sign in via SmartForms you will see the error displayed:

"WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'https://sts.windows.net/ac8e7aa0-66a4-48cb-9769-f638ba74eb3e/'"

This seems to be an Azure configuration issue, which does not allow you to proceed any further. The claim mapping configuration appears to be fine as well. 

Symptoms

You will see the following error: "WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken'"

Troubleshooting Steps

Please make sure that the fingerprint is being generated via the site: https://www.samltool.com/format_x509cert.php

You will need to to go into the K2 AAD App configuration metadata document using the following URL: https://login.microsoftonline.com/{YOUR_DIRECTORY ID}/federationmetadata/2007-06/federationmetadata.xml
- From here you will be able have a look at the Metaxml document.

The first one under the X509 Certificate signature entry (the binary) will have to be copied into the SAML tool for this to be formatted. After the formatting has completed, you can then paste this to generate the fingerprint. This should then create the correct thumbprint and you will be able to carry on with the AAD configuration as per normal. 
- This should stop the error from occuring again.

Further information on AAD configuration can be found here: http://help.k2.com/onlinehelp/k2five/icg/5.1/default.htm#configure/sf/multiauthaad.htm