Skip to main content
Planview Customer Success Center

SSO cannot sign on after certificate change

Symptoms

Single-Sign-On (SSO) does not work after the certificate on the ADFS server has changed.

Error/warning messages:

ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.IdentityModel.Tokens.SecurityTokenException: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.

Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityTokenException: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.]
  Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims
  Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken
  Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken
  Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken
  Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage
  Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest
  System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute
  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously


Resolution

The new signing thumbprint needs to be added into the web.config file of the RP-STS application.