The error:
ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
The situation: I have 3 or 4 asp.net apps running on a single IIS server (my QA environment), that this morning began returning this error. I start out on an anonymous site, click a link to a secure section, get redirected to my federation services proxy, authenticate, and am redirected back to my secure page, but this error appears.
This link and a bunch of others indicate that the thumbprint in my web.config is wrong, but I can prove (via history in TFS) that the thumbprint in my web.config file has not changed.
I've tried re-running the fedutil, but still get the same message (though that comes up with a different thumbprint). Any ideas?
Hate to answer my own question, but it looks like I got bit by AutoCertificateRollover because it worked, and we then re-deployed, replacing the web.config and breaking the authentication.
This was actually a good thing, because our production cert expires in about 6 weeks, and production doesn't have auto rollover enabled - I would have had some serious issues in production and that's never good.