Error "WIF10201: No valid key mapping found" when trying to create claims from SAML

Gaurav picture Gaurav · Jul 29, 2014 · Viewed 8.5k times · Source

I am trying to validate a SAML response which is coming from Siteminder IDP from a third party. I have installed the certificate provided by them. When I call the ValidateToken method (System.IdentityModel.Tokens) to create claims, I get following error :

WIF10201: No valid key mapping found for securityToken:'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'issuer uri'

I dug in deep to find the error and its being thrown by method GetIssuerName (System.IdentityModel.Tokens).

Where is the problem? I googled for this issue but didn't find anything specific to my case. Does the SAML token from my client have a problem or there is something I am missing in implementation. I am fairly new to federated auth so please excuse any inaccuracy with the terminology used.

Gaurav

Answer

Gaurav picture Gaurav · Jul 31, 2014

Ok found the solution but could't quite understand the readon behind it (complete noob, will update the answer when I know more).

Followed this approach of converting the SAML2 response to WSFed response, then on that new token I ran my code, now the error is gone.

http://blogs.msdn.com/b/bradleycotier/archive/2012/10/28/saml-2-0-tokens-and-wif-bridging-the-divide.aspx

Note : you still have to override the validate token method (which I had originally done) to avoid the following error :

“ID4154: A Saml2SecurityToken cannot be created from the Saml2Assertion because it contains a SubjectConfirmationData which specifies an InResponseTo value. Enforcement of this value is not supported by default. To customize SubjectConfirmationData processing, extend Saml2SecurityTokenHandler and override ValidateConfirmationData.”

Thanks.