Unable to verify token signature. The signing key identifier does not match any valid registered keys.

Naeem Chougle 1 Reputation point
2022-08-29T13:45:22.03+00:00

getting this below error for all new starter, and if we change the password on old user they are not able to login on O365.

Sign-in error code
5000811
Failure reason
Unable to verify token signature. The signing key identifier does not match any valid registered keys.

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
997 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pierre Audonnet - MSFT 10,066 Reputation points Microsoft Employee
    2022-08-30T13:46:34.45+00:00

    Maybe your token signins certificate expired on AD FS. It does not impact those who have an Azure PRT already but will affect all new users and users for which the PRT is invalidated (like a password change). You can follow this procedure to make sure it is matching: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-o365-certs