Make sure when updating your configuration settings of the federated domain for the on-premises Active Directory Federation Services (AD FS) service these settings are updated to the Windows Azure Active Directory (Windows Azure AD) authentication system. Last week I updated my on-premises token-signing certificate without updating federation trust data. This causes the claim that the AD FS service supplies to be malformed and therefore rejected by the Windows Azure AD authentication system.
When a federated user tries to sign in to a Microsoft cloud service such as Office 365, Windows Azure, or Windows Intune from a sign-in webpage whose URL starts with “https://login.microsoftonline.com/login,” authentication for that user fails. Additionally, the user receives the following error message:
Sorry, but we’re having trouble signing you in
Please try again in a few minutes. If this doesn’t work, you might want to contact your admin and report the following error:
80041317 or 80043431