Add Encryption and Signing to a ADFS login site
2 Jan 2019 - Added an extra question below
I'm new to ADFS and is developing a site with a ADFS login, I got a basic ADFS login to work but without Encryption and Signing and I need to add that to the login. Do anyone knows how to implement this?
and what kind og certificate can/should i use and how do i get it?
This is my code so far:
Default.aspx
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Button runat="server" ID="btnLogout" Text="Log out" OnClick="btnLogout_Click" /><br />
<asp:Label runat="server" ID="lblInfo"></asp:Label>
</div>
</form>
</body>
</html>
Default.aspx.cs
using System;
using System.Threading;
using System.Web;
using System.Web.UI;
public partial class _Default : System.Web.UI.Page
protected void Page_Load(object sender, EventArgs e)
if (Page.User.Identity.IsAuthenticated)
lblInfo.Text += "<TABLE border="1" Align="Center" CellSpacing="15" CellPadding = "15" >";
lblInfo.Text += "<TR><TD>";
lblInfo.Text += "<b>" + "Claim Type" + "</TD><TD>";
lblInfo.Text += "<b>" + "Claim Value";
lblInfo.Text += "</B></TD></TR>";
foreach (var claim in (Thread.CurrentPrincipal.Identity as System.Security.Claims.ClaimsIdentity).Claims)
lblInfo.Text += "<TR><TD>";
lblInfo.Text += claim.Type + "</TD><TD>";
lblInfo.Text += claim.Value;
lblInfo.Text += "</TD></TR>";
lblInfo.Text += "</TABLE>";
protected void btnLogout_Click(object sender, EventArgs e)
var ctx = Request.GetOwinContext();
var authenticationManager = ctx.Authentication;
authenticationManager.SignOut();
App_Code/RouteConfig.cs
using System.Web.Routing;
using Microsoft.AspNet.FriendlyUrls;
public class RouteConfig
public static void RegisterRoutes(RouteCollection routes)
var settings = new FriendlyUrlSettings();
settings.AutoRedirectMode = RedirectMode.Permanent;
routes.EnableFriendlyUrls(settings);
App_Code/Startup.cs
using Owin;
public partial class Startup
public void Configuration(IAppBuilder app)
ConfigureAuth(app);
App_Code/StartupAuth.cs
using System.Configuration;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.WsFederation;
using Owin;
using Microsoft.Owin.Extensions;
public partial class Startup
private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"];
private static string adfsMetadata = ConfigurationManager.AppSettings["ida:ADFSMetadata"];
public void ConfigureAuth(IAppBuilder app)
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
Wtrealm = realm,
MetadataAddress = adfsMetadata
);
app.UseStageMarker(PipelineStage.Authenticate);
Web.config
<?xml version="1.0"?>
<configuration>
<appSettings>
<!-- ADFS -->
<add key="ida:ADFSMetadata" value="https://fs-test.OurServer.me/federationmetadata/2007-06/federationmetadata.xml" />
<add key="ida:Wtrealm" value="https://MySite" />
<!-- ADFS -->
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5"/>
<httpRuntime targetFramework="4.5"/>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<customErrors mode="Off"/>
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs"
type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.7.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701"/>
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb"
type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.7.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE="Web" /optionInfer+"/>
</compilers>
</system.codedom>
</configuration>
Update - 2 Jan 2019
Sorry for this late reply
I finally had time to look through all your links, thanks they helped me a lot, but i ran into another problem. I Think i've added Encryption correct but now i'm getting this Error:
ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
D:www_ADFS_SACCK_TEST_Simpel_med_encrypt_signApp_CodeEncryptedSecurityTokenHandlerEx.cs Line: 51
A lot of sites mentions that it's the thumbprint that causing the problem with some hidden characters at the beginning of the thumbprint, so i've typed it in manually but that didn't helped.
Does anybody know what the problem can be?
I changed some of the code so it now looks like this:
StartupAuth.cs
using System.Configuration;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.WsFederation;
using Owin;
using Microsoft.Owin.Extensions;
using System.Collections.ObjectModel;
using System.IdentityModel.Tokens;
using System.Collections.Generic;
using System.Threading;
using Microsoft.IdentityModel.Protocols;
using System.IdentityModel.Selectors;
using System.Security.Cryptography.X509Certificates;
using System;
public partial class Startup
private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"];
private static string _MetadataAddress = ConfigurationManager.AppSettings["ida:ADFSMetadata"];
private static string _SignInAsAuthenticationType = "cookies";
private const string SigningCertThumbprint = "d25xxxxxxxxxxxxxxxxxxxxxxxxxxxxf89";
//private const string Issuer = "LOCAL AUTHORITY";
private const string Issuer = "CN = testComp adfs";
public void ConfigureAuth(IAppBuilder app)
app.UseCookieAuthentication(new CookieAuthenticationOptions
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
);
var audienceRestriction = new AudienceRestriction(AudienceUriMode.Always);
audienceRestriction.AllowedAudienceUris.Add(new Uri(realm));
var issuerRegistry = new ConfigurationBasedIssuerNameRegistry();
issuerRegistry.AddTrustedIssuer(SigningCertThumbprint, Issuer);
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions(WsFederationAuthenticationDefaults.AuthenticationType)
Wtrealm = realm,
MetadataAddress = _MetadataAddress,
TokenValidationParameters = new TokenValidationParameters
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
,
SecurityTokenHandlers = new SecurityTokenHandlerCollection
new EncryptedSecurityTokenHandlerEx(new X509CertificateStoreTokenResolver(StoreName.My, StoreLocation.LocalMachine)),
new SamlSecurityTokenHandlerEx
CertificateValidator = X509CertificateValidator.None,
Configuration = new SecurityTokenHandlerConfiguration()
AudienceRestriction = audienceRestriction,
IssuerNameRegistry = issuerRegistry
);
app.UseStageMarker(PipelineStage.Authenticate);
I've also added two more classes:
SamlSecurityTokenHandlerEx.cs
using System.IdentityModel.Tokens;
using System.IO;
using System.Security.Claims;
using System.Xml;
public class SamlSecurityTokenHandlerEx : SamlSecurityTokenHandler, ISecurityTokenValidator
public override bool CanReadToken(string securityToken)
return base.CanReadToken(XmlReader.Create(new StringReader(securityToken)));
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters,
out SecurityToken validatedToken)
validatedToken = ReadToken(new XmlTextReader(new StringReader(securityToken)), Configuration.ServiceTokenResolver);
return new ClaimsPrincipal(ValidateToken(validatedToken)); ;
public int MaximumTokenSizeInBytes get; set;
EncryptedSecurityTokenHandlerEx.cs
using System;
using System.Collections.Generic;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.IO;
using System.Linq;
using System.Security.Claims;
using System.Web;
using System.Xml;
public class EncryptedSecurityTokenHandlerEx : EncryptedSecurityTokenHandler, ISecurityTokenValidator
public EncryptedSecurityTokenHandlerEx(SecurityTokenResolver securityTokenResolver)
Configuration = new SecurityTokenHandlerConfiguration
ServiceTokenResolver = securityTokenResolver
;
public override bool CanReadToken(string securityToken)
return base.CanReadToken(new XmlTextReader(new StringReader(securityToken)));
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
validatedToken = ReadToken(new XmlTextReader(new StringReader(securityToken)), Configuration.ServiceTokenResolver);
if (ContainingCollection != null)
return new ClaimsPrincipal(ContainingCollection.ValidateToken(validatedToken));
return new ClaimsPrincipal(base.ValidateToken(validatedToken));
public int MaximumTokenSizeInBytes get; set;
adfs
add a comment |
2 Jan 2019 - Added an extra question below
I'm new to ADFS and is developing a site with a ADFS login, I got a basic ADFS login to work but without Encryption and Signing and I need to add that to the login. Do anyone knows how to implement this?
and what kind og certificate can/should i use and how do i get it?
This is my code so far:
Default.aspx
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Button runat="server" ID="btnLogout" Text="Log out" OnClick="btnLogout_Click" /><br />
<asp:Label runat="server" ID="lblInfo"></asp:Label>
</div>
</form>
</body>
</html>
Default.aspx.cs
using System;
using System.Threading;
using System.Web;
using System.Web.UI;
public partial class _Default : System.Web.UI.Page
protected void Page_Load(object sender, EventArgs e)
if (Page.User.Identity.IsAuthenticated)
lblInfo.Text += "<TABLE border="1" Align="Center" CellSpacing="15" CellPadding = "15" >";
lblInfo.Text += "<TR><TD>";
lblInfo.Text += "<b>" + "Claim Type" + "</TD><TD>";
lblInfo.Text += "<b>" + "Claim Value";
lblInfo.Text += "</B></TD></TR>";
foreach (var claim in (Thread.CurrentPrincipal.Identity as System.Security.Claims.ClaimsIdentity).Claims)
lblInfo.Text += "<TR><TD>";
lblInfo.Text += claim.Type + "</TD><TD>";
lblInfo.Text += claim.Value;
lblInfo.Text += "</TD></TR>";
lblInfo.Text += "</TABLE>";
protected void btnLogout_Click(object sender, EventArgs e)
var ctx = Request.GetOwinContext();
var authenticationManager = ctx.Authentication;
authenticationManager.SignOut();
App_Code/RouteConfig.cs
using System.Web.Routing;
using Microsoft.AspNet.FriendlyUrls;
public class RouteConfig
public static void RegisterRoutes(RouteCollection routes)
var settings = new FriendlyUrlSettings();
settings.AutoRedirectMode = RedirectMode.Permanent;
routes.EnableFriendlyUrls(settings);
App_Code/Startup.cs
using Owin;
public partial class Startup
public void Configuration(IAppBuilder app)
ConfigureAuth(app);
App_Code/StartupAuth.cs
using System.Configuration;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.WsFederation;
using Owin;
using Microsoft.Owin.Extensions;
public partial class Startup
private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"];
private static string adfsMetadata = ConfigurationManager.AppSettings["ida:ADFSMetadata"];
public void ConfigureAuth(IAppBuilder app)
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
Wtrealm = realm,
MetadataAddress = adfsMetadata
);
app.UseStageMarker(PipelineStage.Authenticate);
Web.config
<?xml version="1.0"?>
<configuration>
<appSettings>
<!-- ADFS -->
<add key="ida:ADFSMetadata" value="https://fs-test.OurServer.me/federationmetadata/2007-06/federationmetadata.xml" />
<add key="ida:Wtrealm" value="https://MySite" />
<!-- ADFS -->
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5"/>
<httpRuntime targetFramework="4.5"/>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<customErrors mode="Off"/>
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs"
type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.7.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701"/>
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb"
type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.7.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE="Web" /optionInfer+"/>
</compilers>
</system.codedom>
</configuration>
Update - 2 Jan 2019
Sorry for this late reply
I finally had time to look through all your links, thanks they helped me a lot, but i ran into another problem. I Think i've added Encryption correct but now i'm getting this Error:
ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
D:www_ADFS_SACCK_TEST_Simpel_med_encrypt_signApp_CodeEncryptedSecurityTokenHandlerEx.cs Line: 51
A lot of sites mentions that it's the thumbprint that causing the problem with some hidden characters at the beginning of the thumbprint, so i've typed it in manually but that didn't helped.
Does anybody know what the problem can be?
I changed some of the code so it now looks like this:
StartupAuth.cs
using System.Configuration;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.WsFederation;
using Owin;
using Microsoft.Owin.Extensions;
using System.Collections.ObjectModel;
using System.IdentityModel.Tokens;
using System.Collections.Generic;
using System.Threading;
using Microsoft.IdentityModel.Protocols;
using System.IdentityModel.Selectors;
using System.Security.Cryptography.X509Certificates;
using System;
public partial class Startup
private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"];
private static string _MetadataAddress = ConfigurationManager.AppSettings["ida:ADFSMetadata"];
private static string _SignInAsAuthenticationType = "cookies";
private const string SigningCertThumbprint = "d25xxxxxxxxxxxxxxxxxxxxxxxxxxxxf89";
//private const string Issuer = "LOCAL AUTHORITY";
private const string Issuer = "CN = testComp adfs";
public void ConfigureAuth(IAppBuilder app)
app.UseCookieAuthentication(new CookieAuthenticationOptions
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
);
var audienceRestriction = new AudienceRestriction(AudienceUriMode.Always);
audienceRestriction.AllowedAudienceUris.Add(new Uri(realm));
var issuerRegistry = new ConfigurationBasedIssuerNameRegistry();
issuerRegistry.AddTrustedIssuer(SigningCertThumbprint, Issuer);
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions(WsFederationAuthenticationDefaults.AuthenticationType)
Wtrealm = realm,
MetadataAddress = _MetadataAddress,
TokenValidationParameters = new TokenValidationParameters
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
,
SecurityTokenHandlers = new SecurityTokenHandlerCollection
new EncryptedSecurityTokenHandlerEx(new X509CertificateStoreTokenResolver(StoreName.My, StoreLocation.LocalMachine)),
new SamlSecurityTokenHandlerEx
CertificateValidator = X509CertificateValidator.None,
Configuration = new SecurityTokenHandlerConfiguration()
AudienceRestriction = audienceRestriction,
IssuerNameRegistry = issuerRegistry
);
app.UseStageMarker(PipelineStage.Authenticate);
I've also added two more classes:
SamlSecurityTokenHandlerEx.cs
using System.IdentityModel.Tokens;
using System.IO;
using System.Security.Claims;
using System.Xml;
public class SamlSecurityTokenHandlerEx : SamlSecurityTokenHandler, ISecurityTokenValidator
public override bool CanReadToken(string securityToken)
return base.CanReadToken(XmlReader.Create(new StringReader(securityToken)));
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters,
out SecurityToken validatedToken)
validatedToken = ReadToken(new XmlTextReader(new StringReader(securityToken)), Configuration.ServiceTokenResolver);
return new ClaimsPrincipal(ValidateToken(validatedToken)); ;
public int MaximumTokenSizeInBytes get; set;
EncryptedSecurityTokenHandlerEx.cs
using System;
using System.Collections.Generic;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.IO;
using System.Linq;
using System.Security.Claims;
using System.Web;
using System.Xml;
public class EncryptedSecurityTokenHandlerEx : EncryptedSecurityTokenHandler, ISecurityTokenValidator
public EncryptedSecurityTokenHandlerEx(SecurityTokenResolver securityTokenResolver)
Configuration = new SecurityTokenHandlerConfiguration
ServiceTokenResolver = securityTokenResolver
;
public override bool CanReadToken(string securityToken)
return base.CanReadToken(new XmlTextReader(new StringReader(securityToken)));
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
validatedToken = ReadToken(new XmlTextReader(new StringReader(securityToken)), Configuration.ServiceTokenResolver);
if (ContainingCollection != null)
return new ClaimsPrincipal(ContainingCollection.ValidateToken(validatedToken));
return new ClaimsPrincipal(base.ValidateToken(validatedToken));
public int MaximumTokenSizeInBytes get; set;
adfs
add a comment |
2 Jan 2019 - Added an extra question below
I'm new to ADFS and is developing a site with a ADFS login, I got a basic ADFS login to work but without Encryption and Signing and I need to add that to the login. Do anyone knows how to implement this?
and what kind og certificate can/should i use and how do i get it?
This is my code so far:
Default.aspx
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Button runat="server" ID="btnLogout" Text="Log out" OnClick="btnLogout_Click" /><br />
<asp:Label runat="server" ID="lblInfo"></asp:Label>
</div>
</form>
</body>
</html>
Default.aspx.cs
using System;
using System.Threading;
using System.Web;
using System.Web.UI;
public partial class _Default : System.Web.UI.Page
protected void Page_Load(object sender, EventArgs e)
if (Page.User.Identity.IsAuthenticated)
lblInfo.Text += "<TABLE border="1" Align="Center" CellSpacing="15" CellPadding = "15" >";
lblInfo.Text += "<TR><TD>";
lblInfo.Text += "<b>" + "Claim Type" + "</TD><TD>";
lblInfo.Text += "<b>" + "Claim Value";
lblInfo.Text += "</B></TD></TR>";
foreach (var claim in (Thread.CurrentPrincipal.Identity as System.Security.Claims.ClaimsIdentity).Claims)
lblInfo.Text += "<TR><TD>";
lblInfo.Text += claim.Type + "</TD><TD>";
lblInfo.Text += claim.Value;
lblInfo.Text += "</TD></TR>";
lblInfo.Text += "</TABLE>";
protected void btnLogout_Click(object sender, EventArgs e)
var ctx = Request.GetOwinContext();
var authenticationManager = ctx.Authentication;
authenticationManager.SignOut();
App_Code/RouteConfig.cs
using System.Web.Routing;
using Microsoft.AspNet.FriendlyUrls;
public class RouteConfig
public static void RegisterRoutes(RouteCollection routes)
var settings = new FriendlyUrlSettings();
settings.AutoRedirectMode = RedirectMode.Permanent;
routes.EnableFriendlyUrls(settings);
App_Code/Startup.cs
using Owin;
public partial class Startup
public void Configuration(IAppBuilder app)
ConfigureAuth(app);
App_Code/StartupAuth.cs
using System.Configuration;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.WsFederation;
using Owin;
using Microsoft.Owin.Extensions;
public partial class Startup
private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"];
private static string adfsMetadata = ConfigurationManager.AppSettings["ida:ADFSMetadata"];
public void ConfigureAuth(IAppBuilder app)
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
Wtrealm = realm,
MetadataAddress = adfsMetadata
);
app.UseStageMarker(PipelineStage.Authenticate);
Web.config
<?xml version="1.0"?>
<configuration>
<appSettings>
<!-- ADFS -->
<add key="ida:ADFSMetadata" value="https://fs-test.OurServer.me/federationmetadata/2007-06/federationmetadata.xml" />
<add key="ida:Wtrealm" value="https://MySite" />
<!-- ADFS -->
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5"/>
<httpRuntime targetFramework="4.5"/>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<customErrors mode="Off"/>
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs"
type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.7.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701"/>
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb"
type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.7.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE="Web" /optionInfer+"/>
</compilers>
</system.codedom>
</configuration>
Update - 2 Jan 2019
Sorry for this late reply
I finally had time to look through all your links, thanks they helped me a lot, but i ran into another problem. I Think i've added Encryption correct but now i'm getting this Error:
ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
D:www_ADFS_SACCK_TEST_Simpel_med_encrypt_signApp_CodeEncryptedSecurityTokenHandlerEx.cs Line: 51
A lot of sites mentions that it's the thumbprint that causing the problem with some hidden characters at the beginning of the thumbprint, so i've typed it in manually but that didn't helped.
Does anybody know what the problem can be?
I changed some of the code so it now looks like this:
StartupAuth.cs
using System.Configuration;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.WsFederation;
using Owin;
using Microsoft.Owin.Extensions;
using System.Collections.ObjectModel;
using System.IdentityModel.Tokens;
using System.Collections.Generic;
using System.Threading;
using Microsoft.IdentityModel.Protocols;
using System.IdentityModel.Selectors;
using System.Security.Cryptography.X509Certificates;
using System;
public partial class Startup
private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"];
private static string _MetadataAddress = ConfigurationManager.AppSettings["ida:ADFSMetadata"];
private static string _SignInAsAuthenticationType = "cookies";
private const string SigningCertThumbprint = "d25xxxxxxxxxxxxxxxxxxxxxxxxxxxxf89";
//private const string Issuer = "LOCAL AUTHORITY";
private const string Issuer = "CN = testComp adfs";
public void ConfigureAuth(IAppBuilder app)
app.UseCookieAuthentication(new CookieAuthenticationOptions
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
);
var audienceRestriction = new AudienceRestriction(AudienceUriMode.Always);
audienceRestriction.AllowedAudienceUris.Add(new Uri(realm));
var issuerRegistry = new ConfigurationBasedIssuerNameRegistry();
issuerRegistry.AddTrustedIssuer(SigningCertThumbprint, Issuer);
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions(WsFederationAuthenticationDefaults.AuthenticationType)
Wtrealm = realm,
MetadataAddress = _MetadataAddress,
TokenValidationParameters = new TokenValidationParameters
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
,
SecurityTokenHandlers = new SecurityTokenHandlerCollection
new EncryptedSecurityTokenHandlerEx(new X509CertificateStoreTokenResolver(StoreName.My, StoreLocation.LocalMachine)),
new SamlSecurityTokenHandlerEx
CertificateValidator = X509CertificateValidator.None,
Configuration = new SecurityTokenHandlerConfiguration()
AudienceRestriction = audienceRestriction,
IssuerNameRegistry = issuerRegistry
);
app.UseStageMarker(PipelineStage.Authenticate);
I've also added two more classes:
SamlSecurityTokenHandlerEx.cs
using System.IdentityModel.Tokens;
using System.IO;
using System.Security.Claims;
using System.Xml;
public class SamlSecurityTokenHandlerEx : SamlSecurityTokenHandler, ISecurityTokenValidator
public override bool CanReadToken(string securityToken)
return base.CanReadToken(XmlReader.Create(new StringReader(securityToken)));
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters,
out SecurityToken validatedToken)
validatedToken = ReadToken(new XmlTextReader(new StringReader(securityToken)), Configuration.ServiceTokenResolver);
return new ClaimsPrincipal(ValidateToken(validatedToken)); ;
public int MaximumTokenSizeInBytes get; set;
EncryptedSecurityTokenHandlerEx.cs
using System;
using System.Collections.Generic;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.IO;
using System.Linq;
using System.Security.Claims;
using System.Web;
using System.Xml;
public class EncryptedSecurityTokenHandlerEx : EncryptedSecurityTokenHandler, ISecurityTokenValidator
public EncryptedSecurityTokenHandlerEx(SecurityTokenResolver securityTokenResolver)
Configuration = new SecurityTokenHandlerConfiguration
ServiceTokenResolver = securityTokenResolver
;
public override bool CanReadToken(string securityToken)
return base.CanReadToken(new XmlTextReader(new StringReader(securityToken)));
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
validatedToken = ReadToken(new XmlTextReader(new StringReader(securityToken)), Configuration.ServiceTokenResolver);
if (ContainingCollection != null)
return new ClaimsPrincipal(ContainingCollection.ValidateToken(validatedToken));
return new ClaimsPrincipal(base.ValidateToken(validatedToken));
public int MaximumTokenSizeInBytes get; set;
adfs
2 Jan 2019 - Added an extra question below
I'm new to ADFS and is developing a site with a ADFS login, I got a basic ADFS login to work but without Encryption and Signing and I need to add that to the login. Do anyone knows how to implement this?
and what kind og certificate can/should i use and how do i get it?
This is my code so far:
Default.aspx
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Button runat="server" ID="btnLogout" Text="Log out" OnClick="btnLogout_Click" /><br />
<asp:Label runat="server" ID="lblInfo"></asp:Label>
</div>
</form>
</body>
</html>
Default.aspx.cs
using System;
using System.Threading;
using System.Web;
using System.Web.UI;
public partial class _Default : System.Web.UI.Page
protected void Page_Load(object sender, EventArgs e)
if (Page.User.Identity.IsAuthenticated)
lblInfo.Text += "<TABLE border="1" Align="Center" CellSpacing="15" CellPadding = "15" >";
lblInfo.Text += "<TR><TD>";
lblInfo.Text += "<b>" + "Claim Type" + "</TD><TD>";
lblInfo.Text += "<b>" + "Claim Value";
lblInfo.Text += "</B></TD></TR>";
foreach (var claim in (Thread.CurrentPrincipal.Identity as System.Security.Claims.ClaimsIdentity).Claims)
lblInfo.Text += "<TR><TD>";
lblInfo.Text += claim.Type + "</TD><TD>";
lblInfo.Text += claim.Value;
lblInfo.Text += "</TD></TR>";
lblInfo.Text += "</TABLE>";
protected void btnLogout_Click(object sender, EventArgs e)
var ctx = Request.GetOwinContext();
var authenticationManager = ctx.Authentication;
authenticationManager.SignOut();
App_Code/RouteConfig.cs
using System.Web.Routing;
using Microsoft.AspNet.FriendlyUrls;
public class RouteConfig
public static void RegisterRoutes(RouteCollection routes)
var settings = new FriendlyUrlSettings();
settings.AutoRedirectMode = RedirectMode.Permanent;
routes.EnableFriendlyUrls(settings);
App_Code/Startup.cs
using Owin;
public partial class Startup
public void Configuration(IAppBuilder app)
ConfigureAuth(app);
App_Code/StartupAuth.cs
using System.Configuration;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.WsFederation;
using Owin;
using Microsoft.Owin.Extensions;
public partial class Startup
private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"];
private static string adfsMetadata = ConfigurationManager.AppSettings["ida:ADFSMetadata"];
public void ConfigureAuth(IAppBuilder app)
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
Wtrealm = realm,
MetadataAddress = adfsMetadata
);
app.UseStageMarker(PipelineStage.Authenticate);
Web.config
<?xml version="1.0"?>
<configuration>
<appSettings>
<!-- ADFS -->
<add key="ida:ADFSMetadata" value="https://fs-test.OurServer.me/federationmetadata/2007-06/federationmetadata.xml" />
<add key="ida:Wtrealm" value="https://MySite" />
<!-- ADFS -->
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5"/>
<httpRuntime targetFramework="4.5"/>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<customErrors mode="Off"/>
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs"
type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.7.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701"/>
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb"
type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.7.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE="Web" /optionInfer+"/>
</compilers>
</system.codedom>
</configuration>
Update - 2 Jan 2019
Sorry for this late reply
I finally had time to look through all your links, thanks they helped me a lot, but i ran into another problem. I Think i've added Encryption correct but now i'm getting this Error:
ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
D:www_ADFS_SACCK_TEST_Simpel_med_encrypt_signApp_CodeEncryptedSecurityTokenHandlerEx.cs Line: 51
A lot of sites mentions that it's the thumbprint that causing the problem with some hidden characters at the beginning of the thumbprint, so i've typed it in manually but that didn't helped.
Does anybody know what the problem can be?
I changed some of the code so it now looks like this:
StartupAuth.cs
using System.Configuration;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.WsFederation;
using Owin;
using Microsoft.Owin.Extensions;
using System.Collections.ObjectModel;
using System.IdentityModel.Tokens;
using System.Collections.Generic;
using System.Threading;
using Microsoft.IdentityModel.Protocols;
using System.IdentityModel.Selectors;
using System.Security.Cryptography.X509Certificates;
using System;
public partial class Startup
private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"];
private static string _MetadataAddress = ConfigurationManager.AppSettings["ida:ADFSMetadata"];
private static string _SignInAsAuthenticationType = "cookies";
private const string SigningCertThumbprint = "d25xxxxxxxxxxxxxxxxxxxxxxxxxxxxf89";
//private const string Issuer = "LOCAL AUTHORITY";
private const string Issuer = "CN = testComp adfs";
public void ConfigureAuth(IAppBuilder app)
app.UseCookieAuthentication(new CookieAuthenticationOptions
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
);
var audienceRestriction = new AudienceRestriction(AudienceUriMode.Always);
audienceRestriction.AllowedAudienceUris.Add(new Uri(realm));
var issuerRegistry = new ConfigurationBasedIssuerNameRegistry();
issuerRegistry.AddTrustedIssuer(SigningCertThumbprint, Issuer);
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions(WsFederationAuthenticationDefaults.AuthenticationType)
Wtrealm = realm,
MetadataAddress = _MetadataAddress,
TokenValidationParameters = new TokenValidationParameters
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
,
SecurityTokenHandlers = new SecurityTokenHandlerCollection
new EncryptedSecurityTokenHandlerEx(new X509CertificateStoreTokenResolver(StoreName.My, StoreLocation.LocalMachine)),
new SamlSecurityTokenHandlerEx
CertificateValidator = X509CertificateValidator.None,
Configuration = new SecurityTokenHandlerConfiguration()
AudienceRestriction = audienceRestriction,
IssuerNameRegistry = issuerRegistry
);
app.UseStageMarker(PipelineStage.Authenticate);
I've also added two more classes:
SamlSecurityTokenHandlerEx.cs
using System.IdentityModel.Tokens;
using System.IO;
using System.Security.Claims;
using System.Xml;
public class SamlSecurityTokenHandlerEx : SamlSecurityTokenHandler, ISecurityTokenValidator
public override bool CanReadToken(string securityToken)
return base.CanReadToken(XmlReader.Create(new StringReader(securityToken)));
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters,
out SecurityToken validatedToken)
validatedToken = ReadToken(new XmlTextReader(new StringReader(securityToken)), Configuration.ServiceTokenResolver);
return new ClaimsPrincipal(ValidateToken(validatedToken)); ;
public int MaximumTokenSizeInBytes get; set;
EncryptedSecurityTokenHandlerEx.cs
using System;
using System.Collections.Generic;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.IO;
using System.Linq;
using System.Security.Claims;
using System.Web;
using System.Xml;
public class EncryptedSecurityTokenHandlerEx : EncryptedSecurityTokenHandler, ISecurityTokenValidator
public EncryptedSecurityTokenHandlerEx(SecurityTokenResolver securityTokenResolver)
Configuration = new SecurityTokenHandlerConfiguration
ServiceTokenResolver = securityTokenResolver
;
public override bool CanReadToken(string securityToken)
return base.CanReadToken(new XmlTextReader(new StringReader(securityToken)));
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
validatedToken = ReadToken(new XmlTextReader(new StringReader(securityToken)), Configuration.ServiceTokenResolver);
if (ContainingCollection != null)
return new ClaimsPrincipal(ContainingCollection.ValidateToken(validatedToken));
return new ClaimsPrincipal(base.ValidateToken(validatedToken));
public int MaximumTokenSizeInBytes get; set;
adfs
adfs
edited Jan 2 at 14:24
tom S
asked Nov 12 '18 at 8:10
tom Stom S
11
11
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
On the ADFS side, you just add the certs to the wizard under the signing and encryption tabs.
On the client, here's a good example.
For testing you can use a self-signed certificate.
Going forward, you need to buy one from e.g. GoDaddy or get a free one from "Let's Encrypt".
Good ADFS development documentation here.
Sample using the OWIN WS-Fed stack.
Or an older sample using WIF.
Note these are for Azure AD but the principles are the same.
Hi nzpcmad Thanks,will take a look at the links, hopefully i can get it to work. :)
– tom S
Nov 14 '18 at 7:30
any body know why im getting this error now ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
– tom S
Jan 3 at 7:53
Usually, because the thumbprint from your web.config does match the thumbprint of your token signing certificate. Sometimes you get extra characters when copying from the certificate. So copy form the certificate, paste into Notepad and then copy/paste into the web.config (assuming you are using WIF).
– nzpcmad
Jan 5 at 5:05
To be sure then I checked the thumbprint aginst the ADFS server it is the correct one. I also checked for the hidden characters and removed them, and to be sure then I also tried to type the thumbprint in manuelly which didnt helpend ether.
– tom S
Jan 7 at 9:37
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53258063%2fadd-encryption-and-signing-to-a-adfs-login-site%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
On the ADFS side, you just add the certs to the wizard under the signing and encryption tabs.
On the client, here's a good example.
For testing you can use a self-signed certificate.
Going forward, you need to buy one from e.g. GoDaddy or get a free one from "Let's Encrypt".
Good ADFS development documentation here.
Sample using the OWIN WS-Fed stack.
Or an older sample using WIF.
Note these are for Azure AD but the principles are the same.
Hi nzpcmad Thanks,will take a look at the links, hopefully i can get it to work. :)
– tom S
Nov 14 '18 at 7:30
any body know why im getting this error now ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
– tom S
Jan 3 at 7:53
Usually, because the thumbprint from your web.config does match the thumbprint of your token signing certificate. Sometimes you get extra characters when copying from the certificate. So copy form the certificate, paste into Notepad and then copy/paste into the web.config (assuming you are using WIF).
– nzpcmad
Jan 5 at 5:05
To be sure then I checked the thumbprint aginst the ADFS server it is the correct one. I also checked for the hidden characters and removed them, and to be sure then I also tried to type the thumbprint in manuelly which didnt helpend ether.
– tom S
Jan 7 at 9:37
add a comment |
On the ADFS side, you just add the certs to the wizard under the signing and encryption tabs.
On the client, here's a good example.
For testing you can use a self-signed certificate.
Going forward, you need to buy one from e.g. GoDaddy or get a free one from "Let's Encrypt".
Good ADFS development documentation here.
Sample using the OWIN WS-Fed stack.
Or an older sample using WIF.
Note these are for Azure AD but the principles are the same.
Hi nzpcmad Thanks,will take a look at the links, hopefully i can get it to work. :)
– tom S
Nov 14 '18 at 7:30
any body know why im getting this error now ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
– tom S
Jan 3 at 7:53
Usually, because the thumbprint from your web.config does match the thumbprint of your token signing certificate. Sometimes you get extra characters when copying from the certificate. So copy form the certificate, paste into Notepad and then copy/paste into the web.config (assuming you are using WIF).
– nzpcmad
Jan 5 at 5:05
To be sure then I checked the thumbprint aginst the ADFS server it is the correct one. I also checked for the hidden characters and removed them, and to be sure then I also tried to type the thumbprint in manuelly which didnt helpend ether.
– tom S
Jan 7 at 9:37
add a comment |
On the ADFS side, you just add the certs to the wizard under the signing and encryption tabs.
On the client, here's a good example.
For testing you can use a self-signed certificate.
Going forward, you need to buy one from e.g. GoDaddy or get a free one from "Let's Encrypt".
Good ADFS development documentation here.
Sample using the OWIN WS-Fed stack.
Or an older sample using WIF.
Note these are for Azure AD but the principles are the same.
On the ADFS side, you just add the certs to the wizard under the signing and encryption tabs.
On the client, here's a good example.
For testing you can use a self-signed certificate.
Going forward, you need to buy one from e.g. GoDaddy or get a free one from "Let's Encrypt".
Good ADFS development documentation here.
Sample using the OWIN WS-Fed stack.
Or an older sample using WIF.
Note these are for Azure AD but the principles are the same.
answered Nov 12 '18 at 18:21
nzpcmadnzpcmad
28k2892142
28k2892142
Hi nzpcmad Thanks,will take a look at the links, hopefully i can get it to work. :)
– tom S
Nov 14 '18 at 7:30
any body know why im getting this error now ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
– tom S
Jan 3 at 7:53
Usually, because the thumbprint from your web.config does match the thumbprint of your token signing certificate. Sometimes you get extra characters when copying from the certificate. So copy form the certificate, paste into Notepad and then copy/paste into the web.config (assuming you are using WIF).
– nzpcmad
Jan 5 at 5:05
To be sure then I checked the thumbprint aginst the ADFS server it is the correct one. I also checked for the hidden characters and removed them, and to be sure then I also tried to type the thumbprint in manuelly which didnt helpend ether.
– tom S
Jan 7 at 9:37
add a comment |
Hi nzpcmad Thanks,will take a look at the links, hopefully i can get it to work. :)
– tom S
Nov 14 '18 at 7:30
any body know why im getting this error now ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
– tom S
Jan 3 at 7:53
Usually, because the thumbprint from your web.config does match the thumbprint of your token signing certificate. Sometimes you get extra characters when copying from the certificate. So copy form the certificate, paste into Notepad and then copy/paste into the web.config (assuming you are using WIF).
– nzpcmad
Jan 5 at 5:05
To be sure then I checked the thumbprint aginst the ADFS server it is the correct one. I also checked for the hidden characters and removed them, and to be sure then I also tried to type the thumbprint in manuelly which didnt helpend ether.
– tom S
Jan 7 at 9:37
Hi nzpcmad Thanks,will take a look at the links, hopefully i can get it to work. :)
– tom S
Nov 14 '18 at 7:30
Hi nzpcmad Thanks,will take a look at the links, hopefully i can get it to work. :)
– tom S
Nov 14 '18 at 7:30
any body know why im getting this error now ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
– tom S
Jan 3 at 7:53
any body know why im getting this error now ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
– tom S
Jan 3 at 7:53
Usually, because the thumbprint from your web.config does match the thumbprint of your token signing certificate. Sometimes you get extra characters when copying from the certificate. So copy form the certificate, paste into Notepad and then copy/paste into the web.config (assuming you are using WIF).
– nzpcmad
Jan 5 at 5:05
Usually, because the thumbprint from your web.config does match the thumbprint of your token signing certificate. Sometimes you get extra characters when copying from the certificate. So copy form the certificate, paste into Notepad and then copy/paste into the web.config (assuming you are using WIF).
– nzpcmad
Jan 5 at 5:05
To be sure then I checked the thumbprint aginst the ADFS server it is the correct one. I also checked for the hidden characters and removed them, and to be sure then I also tried to type the thumbprint in manuelly which didnt helpend ether.
– tom S
Jan 7 at 9:37
To be sure then I checked the thumbprint aginst the ADFS server it is the correct one. I also checked for the hidden characters and removed them, and to be sure then I also tried to type the thumbprint in manuelly which didnt helpend ether.
– tom S
Jan 7 at 9:37
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53258063%2fadd-encryption-and-signing-to-a-adfs-login-site%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown