view the certificate and use SHA1 Fingerprint.
AADSTS700027: The certificate with identifier used to sign the client assertion is not registered on application.
Hi,
I'm following the steps mentioned in https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#second-case-access-token-request-with-a-certificate and https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials to perform client certificate validation and to create client assertion token I am referring https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-net-client-assertions, but I'm getting below error.
{"error":"invalid_client","error_description":"AADSTS700027: The certificate with identifier used to sign the client assertion is not registered on application. [Reason - The key was not found., Thumbprint of key used by client:"}
I am creating Client assertion in Java.
String thumbprint = getThumbprint(cert);
String base64 =Base64.getUrlEncoder().encodeToString(thumbprint.getBytes(StandardCharsets.UTF_8));
This is the thumbprint in Azure portal.
3 answers
Sort by: Most helpful
-
-
Ashish Jhunjhunwala 0 Reputation points
2023-02-22T18:52:27.4666667+00:00 I am facing similar error:
,"error_description":"AADSTS700027: The certificate with identifier used to sign the client assertion is not registered on application. [Reason - The key was not found., Thumbprint of key used by client: '37313131413430454539363337333431434431374131443745444545353437443635433542333541', Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id 'd9e98c63-d918-4f05-b859-e077acbed37c'. Review the documentation at https://docs.microsoft.com/en-us/graph/deployments to determine the corresponding service endpoint and https://docs.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0&tabs=http to build a query request URL, such as 'https://graph.microsoft.com/beta/applications/d9e98c63-d918-4f05-b859-e077acbed37c'].\r\nTrace ID: b1b49b1d-7244-4531-b8a8-df53cf3a1b00\r\nCorrelation ID: c7bdea9d-f335-4851-9edf-bc507c88c1bf\r\nTimestamp: 2023-02-22 18:29:39Z","error_codes":[700027],"timestamp":"2023-02-22 18:29:39Z","trace_id":"b1b49b1d-7244-4531-b8a8-df53cf3a1b00","correlation_id":"c7bdea9d-f335-4851-9edf-bc507c88c1bf","error_uri":"https://login.microsoftonline.com/error?code=700027"
Can you please provide pointers on how to fix this?
-
Idan Mor 5 Reputation points Microsoft Employee
2023-07-10T08:22:12.2033333+00:00 I had the same issue and I fixed it by adding "trustedCertificateSubjects" to the "App registration" Manifest.
"trustedCertificateSubjects": [ { "authorityId": "00000000-0000-0000-0000-000000000001", "subjectName": "XXX.XXXXXXXXXXX.aad.XXXXXX.XX" } ]