Error AADSTS50003 - No signing key configured

This article describes a problem in which you receive the error message "Error AADSTS50003 - No signing key configured." when trying to sign into a SAML-based single sign-on (SSO) configured app that has been integrated with Microsoft Entra ID.


You receive error AADSTS50003 when trying to sign into an application that has been setup to use Microsoft Entra ID for identity management using SAML-based SSO.


The application object is corrupted and Microsoft Entra ID doesn't recognize the certificate configured for the application.


To delete and create a new certificate, follow the steps below:

  1. On the SAML-based SSO configuration screen, select Create new certificate under the SAML signing Certificate section.
  2. Select Expiration date and then click Save.
  3. Check Make new certificate active to override the active certificate. Then, click Save at the top of the pane and accept to activate the rollover certificate.
  4. Under the SAML Signing Certificate section, click remove to remove the Unused certificate.

More Information

For a full list of Active Directory Authentication and authorization error codes see Microsoft Entra authentication and authorization error codes

Contact us for help

If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.