Error The token was issued by an authority that is not trusted when using SAML ADFS 3.0 with Tomcat

Document ID : KB000117557
Last Modified Date : 16/10/2018
Show Technical Document Details

Attempt to access SDM Tomcat URL via after setting up SDM Tomcat for SAML results in an error:


audienceUris1 <><> 
audienceUris2 <><> 
com.auth10.federation.FederationException: The token was issued by an authority that is not trusted 
at com.auth10.federation.SamlTokenValidator.validate( 
at com.auth10.federation.FederatedLoginManager.authenticate( 
at com.auth10.federation.WSFederationFilter.authenticateWithToken(

Check the certificate thumbprint in the NX_ROOT/bopcfg/www/CATALINA_BASE/shared/resources/ file

This thumbprint is obtained (from an ADFS administrator) from the certificate listed on ADFS -> Service -> Certificates -> Token-Signing cert.

If the thumbprint here is copied and pasted directly into file, it might leave some unicode characters like this: 

‎‎‎e5 bc 83 19 20 a3 8a ab 21 a4 50 fd 9d 71 85 94 37 b6 22 b6

These unicode/special characters should not be present in the file. In addition to this, there should not be spaces between the pairs of characters in the thumbprint above. Those spaces need to be manually removed before using the thumbprint.

So, a good thumbprint should look like: 

Save the file and then restart SDM Tomcat.

Additional Information: