Merge pull request #8231 from MicrosoftDocs/main

Auto push to live 2025-02-17 02:00:02

Author: Deland-Han

.openpublishing.redirection.json

@@ -12663,6 +12663,38 @@
     {
       "source_path": "support/dynamics/gp/integration-manager-log-file-does-not-print.md",
       "redirect_url": "/dynamics-gp/installation/developer-tools"
+    },
+    {
+      "source_path": "support/mem/configmgr/client-installation/client-installation-fails-without-bits.md",
+      "redirect_url": "/previous-versions/troubleshoot/configmgr/client-installation-fails-without-bits"
+    },
+    {
+      "source_path": "support/mem/configmgr/client-installation/client-piloting-package-fails-after-site-expansion.md",
+      "redirect_url": "/previous-versions/troubleshoot/configmgr/client-piloting-package-fails-after-site-expansion"
+    },
+    {
+      "source_path": "support/mem/configmgr/client-installation/configmgr-clients-reinstall-every-five-hours.md",
+      "redirect_url": "/previous-versions/troubleshoot/configmgr/configmgr-clients-reinstall-every-five-hours"
+    },
+    {
+      "source_path": "support/mem/configmgr/client-installation/mac-client-enrollment-fails.md",
+      "redirect_url": "/previous-versions/troubleshoot/configmgr/mac-client-enrollment-fails"
+    },
+    {
+      "source_path": "support/mem/configmgr/content-management/anonymous-authentication-disabled.md",
+      "redirect_url": "/previous-versions/troubleshoot/configmgr/anonymous-authentication-disabled"
+    },
+    {
+      "source_path": "support/mem/configmgr/setup-migrate-backup-recovery/management-points-fail-http-500-errors.md",
+      "redirect_url": "/previous-versions/troubleshoot/configmgr/management-points-fail-http-500-errors"
+    },
+    {
+      "source_path": "support/mem/configmgr/update-management/adr-updates-download-failure.md",
+      "redirect_url": "/previous-versions/troubleshoot/configmgr/adr-updates-download-failure"
+    },
+    {
+      "source_path": "support/mem/configmgr/update-management/wsus-not-sync-with-certificate-error-800b0109.md",
+      "redirect_url": "/previous-versions/troubleshoot/configmgr/wsus-not-sync-with-certificate-error-800b0109"
     }
   ]
 }

support/azure/virtual-machines/linux/suse-public-cloud-connectivity-registration-issues.md

@@ -258,7 +258,7 @@ If instances aren't regularly updated, they can become incompatible with our upd
     sudo cd tmp
     sudo tar xvfz suse-public-registration.tgz
     sudo cd rpms
-    sudo zypper --force --no-refresh --no-remote --non-interactive install *.rpm
+    sudo zypper --no-refresh --no-remote --non-interactive install --force *.rpm
     ```
 
 8. Register the VM again:

support/entra/entra-id/app-integration/troubleshoot-wif10201-no-validkey-securitytoken-mvc.md

@@ -0,0 +1,56 @@
+---
+title: ASP.NET MVC Application Error WIF10201 No Valid Key Mapping Found for SecurityToken
+description: This article provides guidance for troubleshooting the error, "WIF10201- No valid key mapping found for securityToken."
+author: genlin
+ms.author: bachoang
+ms.service: entra-id
+ms.topic: troubleshooting-general
+ms.date: 02/05/2025
+ms.custom: sap:Issues Signing In to Applications
+---
+
+# "WIF10201: No valid key mapping found for securityToken" error in ASP.NET application
+
+This article provides guidance for troubleshooting an authentication issue that occurs in an ASP.NET MVC application that uses both [WS-Federation](https://github.com/Azure-Samples/active-directory-dotnet-webapp-wsfederation) OWIN middleware and [Windows Identity Foundation](../../../windows-server/user-profiles-and-logon/windows-identity-foundation.md) (WIF) to authenticate to Microsoft Entra ID.
+
+## Symptoms
+
+The ASP.NET MVC application that was previously working generates the following error message although no changes were made to the application:
+
+```
+Error Details:
+Server Error in '/' Application.
+WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'https://sts.windows.net/<Directory ID>/'.
+
+Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
+
+Exception Details: System.IdentityModel.Tokens.SecurityTokenValidationException: WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'https://sts.windows.net/<Directory ID>/'.
+```
+
+## Cause
+
+To validate the signature of the token that's returned by the Entra ID after a successful sign-in, WIF uses the certificate thumbprints that are in the Web.config file, as shown in the following example:
+
+```web.config
+<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, 
+System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
+<authority name="https://sts.windows.net/<Directory ID>/">
+    <keys>
+    <add thumbprint="C142E..." />
+    <add thumbprint="8BA94..." />
+    <add thumbprint="D92E1..." />
+    </keys>
+    <validIssuers>
+    <add name="https://sts.windows.net/<Directory ID>/" />
+    </validIssuers>
+</authority>
+</issuerNameRegistry>
+```
+
+The "WIF10201" error occurs if none of these certificate thumbprints match the one that's used by Entra ID to sign the token.
+
+The Entra ID uses a [signing key rollover mechanism](/entra/identity-platform/signing-key-rollover) to update the certificate that's used to sign authentication tokens periodically. This key rollover causes the initial certificate thumbprints that are configured in the Web.config file to become invalid.
+
+## Solution
+
+You can either manually update the certificate thumbprints that are in the Web.config file or automate the process through code. For more information, see [Best practices for keys metadata caching and validation](/entra/identity-platform/signing-key-rollover#best-practices-for-keys-metadata-caching-and-validation).

support/entra/entra-id/toc.yml

@@ -51,6 +51,8 @@
     items:
       - name: IDX10501 Error in ASP.NET Core with Azure B2C Custom Policy
         href: app-integration/troubleshoot-error-idx10501-aspnet-b2c.md
+      - name: WIF10201 No valid key mapping found
+        href: app-integration/troubleshoot-wif10201-no-validkey-securitytoken-mvc.md
 
   - name: Troubleshoot adding apps
     href: app-integration/troubleshoot-adding-apps.md