Share via

SSO login error

Guilherme Monteiro Santos 0 Reputation points
2024-04-30T15:56:17.4433333+00:00

Hi all,

I'm configuring SSO from Google Workspace to Entra ID following the documentation below and I'm receiving an error:

Error message: AADSTS5000811: Unable to verify token signature. The signing key identifier does not match any valid registered keys. Trace ID: c4b24fe3-41ee-43d5-a8d9-a7f808a21000 Correlation ID: 717d903c-8157-4597-aef7-58dda69baef6 Timestamp: 2024-04-30 15:48:43Z

https://learn.microsoft.com/en-us/education/windows/configure-aad-google-trust

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,802 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Olufunso Adewumi 380 Reputation points Microsoft Employee
    2024-05-01T02:09:12.5233333+00:00

    The error message you are encountering typically indicates a problem with the token signing key configuration in your Single Sign-On (SSO) setup. This could mean that the key ID in the SAML token does not match any of the public keys registered in Entra ID for your application. Here are a few steps you can take to troubleshoot this issue:

    1. Check the Token Signing Certificate: Ensure that the certificate used for signing the SAML token in Google Workspace is the same one that is registered in Entra ID for your SSO application. You might need to update the certificate in Entra ID if it has been rotated or changed in Google Workspace.
    2. Review the SSO Configuration: Verify that the SSO configuration settings in both Google Workspace and Entra ID match exactly. This includes the entity IDs, reply URLs, and other related settings.
    3. Examine the SAML Response: You can use tools like SAML Tracer to inspect the SAML response from Google Workspace and check if the signing key identifier matches the one expected by Entra ID.
    0 comments