< class="prominent-subhead ">

Unable to log into K2 sites with error appearing: "WIF10201: No valid key mapping found for securityToken"

This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.


Users are unable to log on to K2 sites (Designer/Runtime/Management) with AAD credentials and receives the following error:

"WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'https://sts.windows.net/{YOUR_AAD_ID}/'"


This issue occurs on a regular basis (approximately every 2 months) and requires a manual certificate thumbprint update following the procedure described here.


This is known issue. As a workaround you can use a manual certificate thumbprint update following the procedure described here, but to resolve it permanently you need to apply updates to the K2 platform:

For K2 4.7 the fix is included in November 2017 CU or newer CU/FP, see release notes  - "Implemented support for rollover of the Azure Active Directory certificate thumbprints."

The same fix should be included in RTM versions of K2 5.0 - 5.1.

For K2 5.2 there is an additional fix included into FP1 - https://help.k2.com/kb002748, which should be also included into 5.3 release as this one includes all fixes from K2 Five (5.2) Fix Packs 1 to 29 (as per release notes)