Share via

ADFS authentication is broken due to renewed certificate and STS is not working

Michaela Parlin 0 Reputation points
2024-02-21T17:23:13.4233333+00:00

it all started with this .... Error Code: 5000811 Message: Unable to verify token signature. The signing key identifier does not match any valid registered keys. users are unable to use SSO to login to SharePoint, Scan to email is broken and many other trickle down items including Office 365. Steps on updating in ADFS the Relying third party trusts > MS office 365 ID platform - because if i try to TEST the URL - i get and erro to verify proxy server setting....as the URL is apparently not valid?

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator
    2024-02-22T08:28:41.3933333+00:00

    @Michaela Parlin

    Thank you for reaching out to us, looks like certificate got rollover on ADFS due to which there is mismatch info of certificates on ADFS/Microsoft Entra ID.

    Refer to this article - https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-fed-o365-certs it has the steps to update the certificate from ADFS to Microsoft Entra ID, while running this command connect-msolservice use a non-federated Global Admin account (cloud only account) to update the details.

    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.