Subscription Manager Login Error

Problem:

When we login to the Subscription Manager, sometimes we get the following error:

Solution:

Step 1: To know the exact error first we need to enable logging for the Subscription Manager.  To enable logging, follow the instructions in “Troubleshooting: How to enable logging in the Subscription Manager“.

Step 2: Once we enable the logging, navigate to the log.txt file “Subscription Manager” root folder to view the error details.  There could be a possibility to get the following error details in log file.

11/06/2018 12:04:21 +11:00 [Error] (IdentityServer3.Core.Configuration.Hosting.ErrorPageFilterAttribute)
Exception accessing: /xmidentity/identity/connect/authorize
System.InvalidOperationException: IDX10614: AsymmetricSecurityKey.GetSignatureFormater( 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' ) threw an exception.
Key: 'System.IdentityModel. Tokens.X509AsymmetricSecurityKey'
SignatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', check to make sure the SignatureAlgorithm is supported.
Exception:'System.Security.Cryptography.CryptographicException: Keyset does not exist

Step 3: When we get this error, it could be the “Subscription Manager” Application Pool identity account doesn’t have access to the Subscription Manager Certificate.

Step 4: To resolve the issue search for Certificate in the Windows search bar and open Manage computer certificates.

Step 5: Navigate to the corresponding “Subscription Manager” certificate.

Right-click on the corresponding Certificate and Navigate to All Tasks > Manage Private Keys and provide Read Write access Application Pools Identity. For example, if the Application Pool is using a service account for its Identity, provide the service account with the Read Write access.