Next post of the series, is a problema that happen once time in one of our customers farm
If your ADFS cert is expiring, the SharePoint site will throw this error: The SAML Assertion is either not signed or the signature’s KeyIdentifier cannot be resolved to a SecurityToken. Ensure that the appropriate issuer tokens are present on the token resolver
To resolve this, just go into your ADFS server, export the new Token Signing certificate, then run this in CA server:
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(“D:SSL CertificateADFSCert.cer”)
New-SPTrustedRootAuthority -Name “Token Signing Certificate” -Certificate $cert $sts =
Get-SPTrustedIdentityTokenIssuer $sts | Set-SPTrustedIdentityTokenIssuer -ImportTrustCertificate $cert
And voila! it will start working again.