ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry

asp.net-mvc web-config certificate wif
shenn picture shenn · Dec 2, 2013 · Viewed 19.8k times · Source

I am trying to implement a Simple STS web site alongside my MVC application in a development environment. I was able to get this working properly on my local machine. I would navigate to my MVC app, kicked out to the STS web application, I login, then am redirected back to my MVC app. This is not using AFDS by the way.

When I migrated this to my Development environment, I see similar activity but I get the error below when I login. I have checked about 20 times that my thumbprint in the MVC app is the exact same as the cert.

(The login is working fine as I don't get redirected until the authentication succeeds.)

Any guesses?

Error message I recieve:

ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer

web.config from STS website:

<appSettings>
<add key="IssuerName" value="STSTestCert"/>
<add key="SigningCertificateName" value="CN=STSTestCert"/>
<add key="EncryptingCertificateName" value=""/>
  </appSettings>

web.config from MVC application:

<microsoft.identityModel>
<service>
  <audienceUris>
    <add value="http://localhost/" />
  </audienceUris>
  <federatedAuthentication>
    <wsFederation passiveRedirectEnabled="true" issuer="http://localhost:57543/mySTS/" realm="http://localhost/" requireHttps="false" />
    <cookieHandler requireSsl="false" />
  </federatedAuthentication>
  <applicationService>
    <claimTypeRequired>
      <!--Following are the claims offered by STS 'http://localhost:57543/mySTS/'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
      <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" />
      <claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" />
    </claimTypeRequired>
  </applicationService>
  <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
        <trustedIssuers>
      <add thumbprint="‎11111" name="http://localhost:57543/mySTS/" />
        </trustedIssuers>
      </issuerNameRegistry>
    </service>
  </microsoft.identityModel>

Answer

Matthew J Coffman picture Matthew J Coffman · Apr 23, 2014

Copying your thumbprint adds hidden unicode characters. Try typing it in.

Related questions

How to configure the web.config to allow requests of any length

I am building a site in which i would like to create a file client side from the value of a textarea element. I have the code in place to do this, but i am getting this error HTTP Error 404.15 …

Read More
"An exception occurred while processing your request. Additionally, another exception occurred while executing the custom error page..."

I'm trying to publish an MVC website as an Azure webrole. When I run it locally, everything works fine. But once I publish it to Azure and surf to some MVC action, I get this error: Server Error in '/…

Read More
The name 'ViewBag' does not exist in the current context - Visual Studio 2015

I'm starting to develop in ASP.NET again and I ran into a small error within Visual Studio. My .cshtml files show errors when using a few razor functions. For example "The name 'ViewBag' does not exist in the current …

Read More