AADSTS700027: The certificate with identifier used to sign the client assertion is not registered on application. [Reason - The key was not found

AWD Capture 0 Reputation points
2023-03-23T08:11:57.6033333+00:00

Trying to generate client assertion by using the Base64 value of the thumbprint as x5t to generate the token . But I receive AADSTS700027: The certificate with identifier used to sign the client assertion is not registered on application. [Reason - The key was not found., Thumbprint of key used by client: 'xxx'

Microsoft Security | Microsoft Graph
{count} votes

2 answers

Sort by: Most helpful
  1. Idan Mor 15 Reputation points Microsoft Employee
    2023-07-10T08:20:12.3833333+00:00

    I had the same issue and I fixed it by adding "trustedCertificateSubjects" to the "App registration" Manifest.

    "trustedCertificateSubjects": [
    		{
    			"authorityId": "00000000-0000-0000-0000-000000000001",
    			"subjectName": "XXX.XXXXXXXXXXXX.aad.XXXXXX.XX"
    		}
    	]
    

    You should update the "subjectName" with your certificate "Subject" (the value after the CN=) or with the "Subject Alternative Name". The certificate should be in your KeyVault.
    User's image

    1 person found this answer helpful.

  2. Shivam Dhiman 6,081 Reputation points
    2023-03-24T06:49:09.45+00:00

    Hi @AWD Capture

    As per the Azure AD error codes, AADSTS700027 describes "Client assertion failed signature validation". Developer error - the app is attempting to sign in without the necessary or correct authentication parameters. the certificate used to sign the assertion was not found in your application. Please ensure it has been added and that you're not targeting a certificate bound to a service principal from another tenant (for multi-tenant applications). You can review and upload your application certificates trough the Azure Portal.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.