Issues with x509 certificate and identityserver v2

Question

I know that identity server v2 is deprecated but I'm trying to fix a production issue. We installed a new certificate on the servers and I updated the thumbprint in the web.config file but I'm getting the following error. I'm looked in the sdf file and didn't find anything there. I also tried to get tracing to work but I can't seem to generate log files (I was hoping it could tell me what the break down was) Any ideas?

<system.identityModel>
<identityConfiguration>
          <audienceUris>
            <add value="https://website.com" />
          </audienceUris>
          <certificateValidation certificateValidationMode="None" />
          <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
            <authority name="http://identityserver.v2.thinktecture.com/samples">
              <keys>
                <add thumbprint="thecertificatethumbprint" />
              </keys>
              <validIssuers>
                <add name="http://identityserver.v2.thinktecture.com/samples" />
              </validIssuers>
            </authority>
          </issuerNameRegistry>
        </identityConfiguration>
      </system.identityModel>
      <system.identityModel.services>

Server Error in '/' Application. WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: Description: An > unhandled exception occurred during the execution of the current web request. > Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.IdentityModel.Tokens.SecurityTokenValidationException: > WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'http://identityserver.v2.thinktecture.com/samples'.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityTokenValidationException: WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'http://identityserver.v2.thinktecture.com/samples'.] System.IdentityModel.Tokens.Saml2SecurityTokenHandler.ValidateToken(SecurityToken token) +1333 System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri) +137 System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) +665 System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +467 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +139 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +197 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +8

Answer 1

I ended up using the old thumbprint and it started working.

Answer 2

I had this issue recently when migrating to a new server. For me at least, it was related to the application pool's identity not having access to read the certificate's private key. This can be managed through the certificates mmc view.