I recently implemented a centralized security token cache and observed that although the user signs-out and the session cookie is removed from the browser the session token was never removed from the SecurityTokenCache. This is something I would never have observed if I did not implement this cache.
ID4243: Could not create a SecurityToken. A token was not found in the token cache and no cookie was found in the context.
Been bashing my head against this (WIF: ID1014: The signature is not valid. The data may have been tampered with) problem now for about a week. WIF tracing has been useless in trying to solve this. For my own sanity sake, here are the possible causes that I have found so far that could cause it.
In the following example i will show how to build an Identity Provider also called a passive security token service (IP-STS) that issues tokens using WS-Federation. This post builds on work done in a previous post, Create your own active STS. In this article I will show how to create a complete working example of an… Read More »
Figured that I would start a post dealing specifically with all the terms we find in the Identity world. Ill add to this post as time goes on…
I created a windows forms application sample that can assist with decoding to FedAuth tokens captured from tools like Fiddler, source is included. It is downloadable from this link.
A passive STS (IP-STS) is a website that issues a token and uses the browser to direct the flow of the application through redirects. The following example will be integrating a website with a passive STS that issues tokens using the WS-Federation standard. Click here if you wish to see how to create your own passive STS.
I was having some issues today with a WS Federation implementation using a passive STS. I was logging onto the STS but when the browser redirected back to the client after a login, the client rejected the token and redirected me back to the STS again. There was no error message and after searching online… Read More »
The following example uses an active security token service (A-STS) that issues tokens using the WS-Trust standard. The type of STS discussed in this post is called a Active STS OR A-STS, it refers to the client that is actively in control of its own authenticated state. This client will typically have its own login window build into the… Read More »
There I stood, alone in the dark, Linkin Park playing in the distance. Armed with Vittorio’s WIF book, my experience and limited knowledge fighting for the honor of Assima. I confronted the beast that wanted to see me fail. It stood there with rage in its eyes, it hated me. I felt its hate burning into… Read More »