Problem: You unable to log on to K2 sites (Designer/Runtime/Management) using AAD credentials (AAD integration configured without SharePoint online as described here) and receiving the following error:
WIF10201: No valid key mapping found for securityToken: 'System.IdentityModel.Tokens.X509SecurityToken' and issuer: 'https://sts.windows.net/{YOUR_AAD_ID}/'.
Resolution steps:
1) Open your K2 AAD app Federation Metadata Document using the following URL:
https://login.microsoftonline.com/{YOUR_DIRECTORY ID}/federationmetadata/2007-06/federationmetadata.xml
2) Inside metadata XML document you need to search for a certificate value within <X509Certificate></X509Certificate> tags and copy it.
3) Open online Calculate Fingerprint tool and paste this value into X.509 cert field of this page, make sure sha1 selected as algorithm and click on Calculate Fingerprint button:
4) Navigate to K2 Management > Authentication > Claims > Issuers. Select your AAD issuer, click edit and paste unformatted FingerPrint value into Thumbprint field of Edit Claim Issuer dialog:
5) Try AAD logon again, clearing browser cache if necessary.
