IdentityServer / IdentityServer2

[deprecated] Thinktecture IdentityServer is a light-weight security token service built with .NET 4.5, MVC 4, Web API and WCF.
Other
409 stars 291 forks source link

ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. #822

Closed cotepatrice closed 9 years ago

cotepatrice commented 9 years ago

Hi !

I have a strange error in IdentityServer. We changed the STS to a new ADFS 3. The old one was ADFS 2. So, I changed the ADFS Integration configuration part to reflect the change. Then I tested it with my test client and got a 500 response.

So I checked the logs on the ADFS server and I saw that a token was succesfully issued to the user for the endpoint. Then I checked the trace logs (that I activated because it's a dev environment) and found the error in the systemIdentityModel.svclog file : ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.

Here is the IdentityServer ADFS Integration page : idsrv_adfs_integration

So you can see the issuer URI and the signin thumbnail. Here's the ADFS properties page now : sts_issuer_uri

And the signin certificate : sts_signin_certificate

And the RP on the ADFS (with proof that there is no encryption whatsoever) adfs_rp

The client code that calls the token endpoint : client_code

And the error message in the systemIdentityModel.svclog file : systemidentitymodel_log

brockallen commented 9 years ago

Odd. We can look into it when we get back home (I think we're both traveling this week -- at least I am).

cotepatrice commented 9 years ago

Thanks guys ! If I find anything in the meantime, I'll let you know.

cotepatrice commented 9 years ago

Did you got time to take a look at it ? I still have the problem and no solution in view.

Thanks !

cotepatrice commented 9 years ago

Finally solved this ! It was a plain stupid bad thumbprint because it probably had been copied directly from the certificate window on the ADFS server.

aluri2 commented 8 years ago

Can some please let me know the resolution for this issue. We have the same issue currently with the ADFS

OferLevi85 commented 8 years ago

I know it's about a year later but still. If anyone come across this issue, know that copying the thumbprint directly from the certificate window may cause additional invisible characters to be added to the beginning of the thumbprint string. Use Notepad++ to view the file. Select "Encoding-> Encode in ANSI". You will see the hidden characters. Delete them and save.

ccellar commented 8 years ago

@OferLevi85 you saved my day 👍 Thank you

OferLevi85 commented 8 years ago

You welcome @ccellar :) glad I could help :)

arulkumar4 commented 7 years ago

@OferLevi85 It solves my problem. Thank You.

Silverlight42 commented 7 years ago

@OferLevi85 Thanks man!