Unable to verify token signature. The signing key identifier does not match any valid registered keys.

Naeem Chougle 1 Reputation point
2022-08-29T13:45:22.03+00:00

getting this below error for all new starter, and if we change the password on old user they are not able to login on O365.

Sign-in error code
5000811
Failure reason
Unable to verify token signature. The signing key identifier does not match any valid registered keys.

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
    2022-08-30T13:46:34.45+00:00

    Maybe your token signins certificate expired on AD FS. It does not impact those who have an Azure PRT already but will affect all new users and users for which the PRT is invalidated (like a password change). You can follow this procedure to make sure it is matching: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-o365-certs

    1 person found this answer helpful.

  2. Jordan Pressman 0 Reputation points
    2024-03-11T10:39:40.2366667+00:00

    Have the same issue. Can't log in to try any of the fixes so now what?

    0 comments No comments