All geek questions in one place

ID4175: The security token issuer was not recognized by the issuer NameRegistry

I am trying to implement a simple STS website with my MVC application in a development environment. I was able to work normally on my local machine. I would go to my MVC application, throw it into the STS web application, I log in, and then redirected back to my MVC application. By the way, this is not the use of AFDS.

When I transferred this to my development environment, I see a similar activity, but when I log in to the system, I get the error below. I checked about 20 times that my fingerprint in the MVC application is exactly the same as cert.

(The login works fine, as I am not being redirected until authentication succeeds.)

Any guesses?

The error message I get is:

ID4175: The security token issuer was not recognized by the NameRegistry issuer. To accept security tokens from this issuer, set the IssuerNameRegistry property to the correct name for this issuer

web.config from the STS website:

<appSettings> <add key="IssuerName" value="STSTestCert"/> <add key="SigningCertificateName" value="CN=STSTestCert"/> <add key="EncryptingCertificateName" value=""/> </appSettings>

web.config from MVC application:

 <microsoft.identityModel> <service> <audienceUris> <add value="http://localhost/" /> </audienceUris> <federatedAuthentication> <wsFederation passiveRedirectEnabled="true" issuer="http://localhost:57543/mySTS/" realm="http://localhost/" requireHttps="false" /> <cookieHandler requireSsl="false" /> </federatedAuthentication> <applicationService> <claimTypeRequired> <!--Following are the claims offered by STS 'http://localhost:57543/mySTS/'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.--> <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" /> <claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" /> </claimTypeRequired> </applicationService> <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"> <trustedIssuers> <add thumbprint="‎11111" name="http://localhost:57543/mySTS/" /> </trustedIssuers> </issuerNameRegistry> </service> </microsoft.identityModel>
+6
source share
2 answers

Copying your fingerprint adds hidden Unicode characters. Try entering it.

+15
source

As Mjoffman mentioned, this is most likely because you copied the imprint with a hidden character. Here you can find more information.

+5
source

Source: https://habr.com/ru/post/959200/

More articles:


All Articles