SecurityTokenInvalidIssuerException: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.

[DaveSenn]

Is there an existing issue for this?

• [X] I have searched the existing issues

Describe the bug

The following exeption occures when using ADFS auth.

SecurityTokenInvalidIssuerException: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.

Microsoft.IdentityModel.Tokens.Validators.ValidateIssuerAsync(string issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
AggregateException: One or more errors occurred. (IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.) (IDX30011: Unable to read XML. Expecting XmlReader to be at ns.element: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.].[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', found: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.].[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.) (IDX14100: JWT is not well formed, there are no dots (.).
The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.)

Microsoft.IdentityModel.Tokens.Validators.ValidateIssuerAsync(string issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
SecurityTokenException: No token validator or token handler was found for the given token.

Microsoft.AspNetCore.Authentication.WsFederation.WsFederationHandler.HandleRemoteAuthenticateAsync()
AuthenticationFailureException: An error was encountered while handling the remote login.

Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions>.HandleRequestAsync()

Expected Behavior

No response

Steps To Reproduce

See sample here: https://github.com/DaveSenn/AdfsTest/tree/master

Exceptions (if any)

fail: Microsoft.AspNetCore.Authentication.WsFederation.WsFederationHandler[3]
      Exception occurred while processing message.
      Microsoft.IdentityModel.Tokens.SecurityTokenException: No token validator or token handler was found for the given token.
       ---> System.AggregateException: One or more errors occurred. (IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.) (IDX30011: Unable to read XML. Expecting XmlReader to be at ns.element: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.].[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', found: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.].[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.) (IDX14100: JWT is not well formed, there are no dots (.).
The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.)
       ---> Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.
         at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuerAsync(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
         at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
         at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters)
         at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters)
         at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateSignature(Saml2SecurityToken samlToken, String token, TokenValidationParameters validationParameters)
         at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
         at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
         at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(String token, TokenValidationParameters validationParameters)
         --- End of inner exception stack trace ---
       ---> (Inner Exception #1) Microsoft.IdentityModel.Xml.XmlReadException: IDX30011: Unable to read XML. Expecting XmlReader to be at ns.element: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.].[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', found: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.].[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
         at Microsoft.IdentityModel.Xml.XmlUtil.CheckReaderOnEntry(XmlReader reader, String element, String namespace)
         at Microsoft.IdentityModel.Tokens.Saml.SamlSerializer.ReadAssertion(XmlReader reader)
         at Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ReadSamlToken(XmlReader reader)
         at Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ReadSamlToken(String token)
         at Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
         at Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
         at Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateTokenAsync(String token, TokenValidationParameters validationParameters)<---

       ---> (Inner Exception #2) Microsoft.IdentityModel.Tokens.SecurityTokenMalformedException: IDX14100: JWT is not well formed, there are no dots (.).
The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
       ---> Microsoft.IdentityModel.Tokens.SecurityTokenMalformedException: IDX14122: JWT is not a well formed JWE, there are more than four dots (.) a JWE can have at most 4 dots.
The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
         at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.ReadToken(String encodedJson)
         at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken..ctor(String jwtEncodedString)
         at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ReadToken(String token, TokenValidationParameters validationParameters)
         --- End of inner exception stack trace ---<---

         --- End of inner exception stack trace ---
         at Microsoft.AspNetCore.Authentication.WsFederation.WsFederationHandler.HandleRemoteAuthenticateAsync()
fail: Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1]
      An unhandled exception has occurred while executing the request.
      Microsoft.AspNetCore.Authentication.AuthenticationFailureException: An error was encountered while handling the remote login.
       ---> Microsoft.IdentityModel.Tokens.SecurityTokenException: No token validator or token handler was found for the given token.
       ---> System.AggregateException: One or more errors occurred. (IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.) (IDX30011: Unable to read XML. Expecting XmlReader to be at ns.element: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.].[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', found: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.].[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.) (IDX14100: JWT is not well formed, there are no dots (.).
The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.)
       ---> Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.
         at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuerAsync(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
         at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
         at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters)
         at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters)
         at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateSignature(Saml2SecurityToken samlToken, String token, TokenValidationParameters validationParameters)
         at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
         at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
         at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(String token, TokenValidationParameters validationParameters)
         --- End of inner exception stack trace ---
       ---> (Inner Exception #1) Microsoft.IdentityModel.Xml.XmlReadException: IDX30011: Unable to read XML. Expecting XmlReader to be at ns.element: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.].[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', found: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.].[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
         at Microsoft.IdentityModel.Xml.XmlUtil.CheckReaderOnEntry(XmlReader reader, String element, String namespace)
         at Microsoft.IdentityModel.Tokens.Saml.SamlSerializer.ReadAssertion(XmlReader reader)
         at Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ReadSamlToken(XmlReader reader)
         at Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ReadSamlToken(String token)
         at Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
         at Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
         at Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateTokenAsync(String token, TokenValidationParameters validationParameters)<---

       ---> (Inner Exception #2) Microsoft.IdentityModel.Tokens.SecurityTokenMalformedException: IDX14100: JWT is not well formed, there are no dots (.).
The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
       ---> Microsoft.IdentityModel.Tokens.SecurityTokenMalformedException: IDX14122: JWT is not a well formed JWE, there are more than four dots (.) a JWE can have at most 4 dots.
The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
         at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken.ReadToken(String encodedJson)
         at Microsoft.IdentityModel.JsonWebTokens.JsonWebToken..ctor(String jwtEncodedString)
         at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ReadToken(String token, TokenValidationParameters validationParameters)
         --- End of inner exception stack trace ---<---

         --- End of inner exception stack trace ---
         at Microsoft.AspNetCore.Authentication.WsFederation.WsFederationHandler.HandleRemoteAuthenticateAsync()
         --- End of inner exception stack trace ---
         at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
         at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)

.NET Version

8.0.202

Anything else?

ASP.NET Core version: 8/8.0.3

The IDE (VS / VS Code/ VS4Mac) you're running on, and its version: Microsoft Visual Studio Professional 2022 Version 17.9.3 VisualStudio.17.Release/17.9.3+34701.34 Microsoft .NET Framework Version 4.8.09032

Installed Version: Professional

Visual C++ 2022 00476-80000-00000-AA413 Microsoft Visual C++ 2022

ADL Tools Service Provider 1.0 This package contains services used by Data Lake tools

ASA Service Provider 1.0

ASP.NET and Web Tools 17.9.199.22661 ASP.NET and Web Tools

Azure App Service Tools v3.0.0 17.9.199.22661 Azure App Service Tools v3.0.0

Azure Data Lake Tools for Visual Studio 2.6.5000.0 Microsoft Azure Data Lake Tools for Visual Studio

Azure Functions and Web Jobs Tools 17.9.199.22661 Azure Functions and Web Jobs Tools

Azure Stream Analytics Tools for Visual Studio 2.6.5000.0 Microsoft Azure Stream Analytics Tools for Visual Studio

C# Tools 4.9.0-3.24121.1+a98c90d56455379836dd5c845b35fa932b00cfa3 C# components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Common Azure Tools 1.10 Provides common services for use by Azure Mobile Services and Microsoft Azure Tools.

Cookiecutter 17.0.24002.3 Provides tools for finding, instantiating and customizing templates in cookiecutter format.

Entity Framework Core Power Tools 2.6 Adds useful design-time EF Core DbContext features to the Visual Studio Solution Explorer context menu.

Extensibility Message Bus 1.4.39 (main@e8108eb) Provides common messaging-based MEF services for loosely coupled Visual Studio extension components communication and integration.

Linux Core Dump Debugging 1.0.9.34526 Enables debugging of Linux core dumps.

Microsoft Azure Hive Query Language Service 2.6.5000.0 Language service for Hive query

Microsoft Azure Stream Analytics Language Service 2.6.5000.0 Language service for Azure Stream Analytics

Microsoft Azure Tools for Visual Studio 2.9 Support for Azure Cloud Services projects

Microsoft JVM Debugger 1.0 Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines

Mono Debugging for Visual Studio 17.9.0 (b3bca6f) Support for debugging Mono processes with Visual Studio.

NuGet Package Manager 6.9.1 NuGet Package Manager in Visual Studio. For more information about NuGet, visit https://docs.nuget.org/

OpenInExplorerCommand Extension 1.0 OpenInExplorerCommand Visual Studio Extension Detailed Info

Python - Django support 17.0.24002.3 Provides templates and integration for the Django web framework.

Python - Profiling support 17.0.24002.3 Profiling support for Python projects.

Python with Pylance 17.0.24002.3 Provides IntelliSense, projects, templates, debugging, interactive windows, and other support for Python developers.

Razor (ASP.NET Core) 17.9.2.2412004+684740676513b3b208d5bd5b7f8786dab8d287b7 Provides languages services for ASP.NET Core Razor.

SQL Server Data Tools 17.9.54.7 Microsoft SQL Server Data Tools

Switch Startup Project 4.2.76 Provides a toolbar dropdown box to switch between startup projects.

Test Adapter for Boost.Test 1.0 Enables Visual Studio's testing tools with unit tests written for Boost.Test. The use terms and Third Party Notices are available in the extension installation directory.

Test Adapter for Google Test 1.0 Enables Visual Studio's testing tools with unit tests written for Google Test. The use terms and Third Party Notices are available in the extension installation directory.

ToolWindowHostedEditor 1.0 Hosting json editor into a tool window

TypeScript Tools 17.0.30103.2001 TypeScript Tools for Microsoft Visual Studio

Visual Basic Tools 4.9.0-3.24121.1+a98c90d56455379836dd5c845b35fa932b00cfa3 Visual Basic components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Visual C++ for Linux Development 1.0.9.34526 Visual C++ for Linux Development

Visual F# Tools 17.9.0-beta.23614.3+a521e1cd420beb56c15faf6836184fadd2b7937a Microsoft Visual F# Tools

Visual Studio IntelliCode 2.2 AI-assisted development for Visual Studio.

VisualStudio.DeviceLog 1.0 Information about my package

VisualStudio.Mac 1.0 Mac Extension for Visual Studio

VsChromium 0.9.39 Collection of tools to help contributing code to the Chromium project.

VSColorOutput64 2023.4 Color output for build and debug windows - https://mike-ward.net/vscoloroutput

Xamarin 17.9.0.138 (d17-9@60c2b9b) Visual Studio extension to enable development for Xamarin.iOS and Xamarin.Android.

Xamarin Designer 17.9.3.0 (remotes/origin/d17-9@f174974f91) Visual Studio extension to enable Xamarin Designer tools in Visual Studio.

Xamarin.Android SDK 13.2.2.0 (d17-5/45b0e14) Xamarin.Android Reference Assemblies and MSBuild support. Mono: d9a6e87 Java.Interop: xamarin/java.interop/d17-5@149d70fe SQLite: xamarin/sqlite/3.40.1@68c69d8 Xamarin.Android Tools: xamarin/xamarin-android-tools/d17-5@ca1552d

dotnet --info .NET SDK: Version: 8.0.202 Commit: 25674bb2f4 Workload version: 8.0.200-manifests.8cf8de6d

Runtime Environment: OS Name: Windows OS Version: 10.0.22631 OS Platform: Windows RID: win-x64 Base Path: C:\Program Files\dotnet\sdk\8.0.202\

.NET workloads installed: [maccatalyst] Installation Source: VS 17.9.34701.34 Manifest Version: 17.2.8004/8.0.100 Manifest Path: C:\Program Files\dotnet\sdk-manifests\8.0.100\microsoft.net.sdk.maccatalyst\17.2.8004\WorkloadManifest.json Install Type: FileBased

[ios] Installation Source: VS 17.9.34701.34 Manifest Version: 17.2.8004/8.0.100 Manifest Path: C:\Program Files\dotnet\sdk-manifests\8.0.100\microsoft.net.sdk.ios\17.2.8004\WorkloadManifest.json Install Type: FileBased

[maui-windows] Installation Source: VS 17.9.34701.34 Manifest Version: 8.0.7/8.0.100 Manifest Path: C:\Program Files\dotnet\sdk-manifests\8.0.100\microsoft.net.sdk.maui\8.0.7\WorkloadManifest.json Install Type: FileBased

[android] Installation Source: VS 17.9.34701.34 Manifest Version: 34.0.52/8.0.100 Manifest Path: C:\Program Files\dotnet\sdk-manifests\8.0.100\microsoft.net.sdk.android\34.0.52\WorkloadManifest.json Install Type: FileBased

Host: Version: 8.0.3 Architecture: x64 Commit: 9f4b1f5d66

.NET SDKs installed: 8.0.202 [C:\Program Files\dotnet\sdk]

.NET runtimes installed: Microsoft.AspNetCore.App 7.0.17 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 8.0.3 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.NETCore.App 6.0.28 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 7.0.17 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 8.0.3 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.WindowsDesktop.App 8.0.3 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]

Other architectures found: x86 [C:\Program Files (x86)\dotnet] registered at [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\x86\InstallLocation]

Environment variables: Not set

global.json file: Not found

Learn more: https://aka.ms/dotnet/info

Download .NET: https://aka.ms/dotnet/download

[muten84]

Hi i had the same issue despite i disable the issuer validation the exception is still there. Any news about this issue?

[davidscheidt2]

Had the same issue, couldn't figure out what the problem was. Turns out that the Microsoft Library references an older version of Microsoft.IdentityModel.Protocols and Microsoft.IdentityModel.Protocols.OpenIdConnect. Adding the references to the 7.5.1 version of both of those nuget packages solved the issue for my team.