Not able to set an application specific signing key

Kalisto 0 Reputation points
2024-10-22T12:44:54.4333333+00:00

We have a multi-tenant application and we want to provide a custom claim (we want to add onPremisesImmutableId) in the identity token. According to the documentation, we should avoid modifying the acceptMappedClaims property (https://learn.microsoft.com/en-us/entra/identity-platform/jwt-claims-customization?WT.mc_id=Portal-Microsoft_AAD_IAM#add-application-specific-claims) and instead use an application-specific signing key. We created and set a self-signed certificate and updated the service principal to use that certificate. However, we are still unable to log in due to the following error: ‘AADSTS50146: This application is required to be configured with an application-specific signing key. It is either not configured with one, or the key has expired or is not yet valid.’

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,192 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.