This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 50%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I have encountered a problem with an ADFS in Exchange Server 2019. x-adfserror: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
Im using keycloak as IDP to login to OWA. The connection between is setup like this OWA - ADFS - KEYCLOAK(our mfa handling) - ADFS - OWA.
In relying party trust in ADFS for OWA i have put identifier: https://link/owa/. Should it be https://link/adfs/services/trust/? Tried but im getting 503 error while accessing this link.
I saw that there is a STS configuration, but cannot find what exacly it is doing for ADFS.
A robust email, calendaring, and collaboration platform developed by Microsoft, designed for enterprise-level communication and data management.Miscellaneous topics that do not fit into specific categories.
The administration and maintenance of Microsoft Exchange Server to ensure secure, reliable, and efficient email and collaboration services across an organization.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi,
Looks like the issue is more related to Windows Server, please kindly understand that the Exchange tag here we mainly focus on general issues about Exchange Server.
In order to help you get a more professional answer, I will add the Windows Server tag for you.
Thanks, i added issuernameregistry section to web.config but still no results. Dont know if i put right thumbprint/issuername. How can i verify this/
AI answer
The error message "ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry" indicates that the ADFS is not recognizing the issuer of the security token. To resolve this issue, you need to configure the IssuerNameRegistry to return a valid name for this issuer.
In the relying party trust in ADFS for OWA, the identifier should be set to the URL of the OWA application, which in this case is "https://link/owa/". It should not be set to "https://link/adfs/services/trust/".
The STS (Security Token Service) is responsible for issuing and validating security tokens. It is used by ADFS to issue security tokens to clients that request them.
References:
