Tag Archives: WIF10201

Unable to logon to K2 using AAD credentials: “WIF10201: No valid key mapping found for securityToken”

Problem: You unable to log on to K2 sites (Designer/Runtime/Management) using AAD credentials (AAD integration configured without SharePoint online as described here) and receiving the following error:

Resolution steps:

1) Open your K2 AAD app Federation Metadata Document using the following URL: 

https://login.microsoftonline.com/{YOUR_DIRECTORY ID}/federationmetadata/2007-06/federationmetadata.xml

2) Inside metadata XML document you need to search for a certificate value within <X509Certificate></X509Certificate> tags and copy it. You need very first value from <Signature> section. It looks like it gets changed from time to time causing this issue.

3) Open online Calculate Fingerprint tool and paste this value into X.509 cert field of this page, make sure sha1 selected as algorithm and click on Calculate Fingerprint button:

4) Navigate to K2 Management > Authentication > Claims > Issuers. Select your AAD issuer, click Edit and paste unformatted FingerPrint value into Thumbprint field of Edit Claim Issuer dialog:

This completes required changes, no K2 service restart required after this, and you can proceed to step (5) immediately.

5) Try AAD logon again, clearing browser cache if necessary.