diff --git a/src/Microsoft.Owin.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.Owin.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
index 779faab2..91283c5a 100644
--- a/src/Microsoft.Owin.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
+++ b/src/Microsoft.Owin.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
@@ -354,13 +354,12 @@ namespace Microsoft.Owin.Security.OpenIdConnect
             {
                 _logger.WriteError("Exception occurred while processing message: '" + authFailedEx.ToString());
 
-                /* TODO:
-                if (authFailedEx.GetType().Equals(typeof(Secu)))
+                // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
+                if (authFailedEx.SourceException.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
                 {
-                    Options.MetadataManager.RequestRefresh();
+                    Options.ConfigurationManager.RequestRefresh();
                 }
-                */
-                // Post preview release: user can update metadata, need consistent messaging.
+
                 var authenticationFailedNotification = new AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
                 {
                     ProtocolMessage = openIdConnectMessage,
diff --git a/src/Microsoft.Owin.Security.WsFederation/WsFederationAuthenticationHandler.cs b/src/Microsoft.Owin.Security.WsFederation/WsFederationAuthenticationHandler.cs
index ef2da18c..2aaa43dd 100644
--- a/src/Microsoft.Owin.Security.WsFederation/WsFederationAuthenticationHandler.cs
+++ b/src/Microsoft.Owin.Security.WsFederation/WsFederationAuthenticationHandler.cs
@@ -317,13 +317,12 @@ namespace Microsoft.Owin.Security.WsFederation
                     {
                         _logger.WriteError("Exception occurred while processing message: ", authFailedEx.SourceException);
 
-                        /* TODO:
-                        if (authFailedEx.GetType().Equals(typeof(Secu)))
+                        // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
+                        if (authFailedEx.SourceException.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
                         {
-                            Options.MetadataManager.RequestRefresh();
+                            Options.ConfigurationManager.RequestRefresh();
                         }
-                        */
-                        // Post preview release: user can update metadata, need consistent messaging.
+
                         var authenticationFailedNotification = new AuthenticationFailedNotification<WsFederationMessage, WsFederationAuthenticationOptions>(Context, Options)
                         {
                             ProtocolMessage = wsFederationMessage,
@@ -339,6 +338,7 @@ namespace Microsoft.Owin.Security.WsFederation
                         {
                             return null;
                         }
+
                         authFailedEx.Throw();
                     }
                 }