0

I have problem to validate the security token, i tried to use your code and other too, but when it try to validate ST I have thi error: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer

i don't know hot confire the web config, can you help me?

this is the code:

//Microsoft.IdentityModel.Configuration.ServiceConfiguration serviceConfig = new Microsoft.IdentityModel.Configuration.ServiceConfiguration();

        // Now read the token and convert it to an IPrincipal
        System.IdentityModel.Tokens.SecurityToken theToken = null;
        ClaimsIdentityCollection claimsIdentity = null;
        using (XmlReader reader2 = XmlReader.Create(new StringReader(samlTokenXml)))
        {
            theToken = serviceConfig.SecurityTokenHandlers.ReadToken(reader2);
            claimsIdentity = serviceConfig.SecurityTokenHandlers.ValidateToken(theToken);
        }

        IPrincipal principal = new ClaimsPrincipal(claimsIdentity);

Thank's Peppe

user3177043
  • 1
  • 1
  • I don't have depth knowledge about andriod so I searched form my side and find this url it might help you check it [http://stackoverflow.com/questions/5836395/adfs-2-0-error-id4175-the-issuer-of-the-security-token-was-not-recognized-by-th] – Sri Jan 09 '14 at 10:38
  • For future readers.......this guy came up with a clever way to debug this issue. https://social.msdn.microsoft.com/Forums/vstudio/en-US/d65aed74-cfde-4bb7-81c7-77b5b566872b/error-id4175-and-configurationbasedissuernameregistry?forum=Geneva – granadaCoder Oct 27 '14 at 20:57
  • If that link fails, do a web-search for "GT.Sateon.Web.SimpleIssuerRegistery" – granadaCoder Oct 27 '14 at 21:02

1 Answers1

0

WIF has the ConfigurationBasedIssuerNameRegistry class where you can map the signing thumbprint to an issuer name (of your choice).

Either new that class up programmatically and assign it to the ServiceConfiguration - or do it in web.config.

You need to know the thumbprint of the issuer though to succesfully validate the token - ask whoever sends you the token.

leastprivilege
  • 18,196
  • 1
  • 34
  • 50