Wednesday, May 23, 2018

ID4014: A SecurityTokenHandler is not registered to read security token error

Getting the following error (Figure 1):

Server Error in '/' Application.

ID4014: A SecurityTokenHandler is not registered to read security token ('Assertion', 'urn:oasis:names:tc:SAML:2.0:assertion').

 Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.IdentityModel.Tokens.SecurityTokenException: ID4014: A SecurityTokenHandler is not registered to read security token ('Assertion', 'urn:oasis:names:tc:SAML:2.0:assertion').

Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityTokenException: ID4014: A SecurityTokenHandler is not registered to read security token ('Assertion', 'urn:oasis:names:tc:SAML:2.0:assertion').] Microsoft.IdentityModel.Web.TokenReceiver.ReadToken(String tokenXml, XmlDictionaryReaderQuotas readerQuotas) +370 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request) +330 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +323 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +138 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +209 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +213 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +91



Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.2623.0 

Figure 1

Here are some facts:

Azure Active Directory ID (Figure 2):

Figure 2



Application “PNG Projects” Object ID (Figure 3)
Figure 3




Again, trying to convert from SAML 2.0 to SAML 1.1 because SharePoint 2013 and 2016 only accept SAML 1.1.

I have the reply populated in Azure AD as https://projects-dev02-extranet.domain.com/_trust/default.aspx


Posted by at No comments:

Friday, May 18, 2018

AADSTS70001: Application with identifier

Getting the following error (Figure 1):

Figure 1

Here are some facts:

Azure Active Directory ID (Figure 2):

Figure 2



Application “PNG Projects” Object ID (Figure 3)
Figure 3

SAML Sign-In Information (Figure 4):

Figure 4


PowerShell with SharePoint Snap-In Showing the Token installed (Figure 5)

Installed RAW Certificate PS C:\Windows\system32> Get-SPTrustedRootAuthority "AzureAD"
Get-SPTrustedIdentityTokenIssuer "AzureAD"


Certificate                 : [Subject]
                                CN=Microsoft Azure Federated SSO Certificate
                             
                              [Issuer]
                                CN=Microsoft Azure Federated SSO Certificate
                             
                              [Serial Number]
                                316201B4157F75B444B5876DD1EF36E0
                             
                              [Not Before]
                                5/16/2018 5:13:24 PM
                             
                              [Not After]
                                5/16/2021 5:13:24 PM
                             
                              [Thumbprint]
                                38B1DA740F7D2C8EAD5E95F6F16B9D8XXXXXXXXXXXX
                             
Name                        : AzureAD
TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName                 : AzureAD
Id                          : 1f6fa3f9-a67e-4827-bd49-ca5c14e74849
Status                      : Online
Parent                      : SPTrustedRootAuthorityManager
Version                     : 12719405
Properties                  : {}
Farm                        : SPFarm Name=SP_Config
UpgradedPersistedProperties : {}

ProviderUri                   : https://login.microsoftonline.com/ef1e3a84-3051-452b-88bf-d8aec4807675/wsfed
ProviderSignOutUri            :
DefaultProviderRealm          : urn:sharepoint:projects-dev02.domain.com
ProviderRealms                : {}
ClaimTypes                    : {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname}
HasClaimTypeInformation       : True
ClaimTypeInformation          : {name, GivenName, SurName}
ClaimProviderName             :
UseWReplyParameter            : False
UseWHomeRealmParameter        : False
GroupClaimType                :
RegisteredIssuerName          :
IdentityClaimTypeInformation  : Microsoft.SharePoint.Administration.Claims.SPTrustedClaimTypeInformation
Description                   : SharePoint secured by Azure AD
SigningCertificate            : [Subject]
                                  CN=Microsoft Azure Federated SSO Certificate
                               
                                [Issuer]
                                  CN=Microsoft Azure Federated SSO Certificate
                               
                                [Serial Number]
                                  316201B4157F75B444B5876DD1EF36E0
                               
                                [Not Before]
                                  5/16/2018 5:13:24 PM
                               
                                [Not After]
                                  5/16/2021 5:13:24 PM
                               
                                [Thumbprint]
                                  38B1DA740F7D2C8EAD5E95F6F16B9D8E7D5FB5EB
                                
AdditionalSigningCertificates : {}
MetadataEndPoint              :
IsAutomaticallyUpdated        : False
Name                          : AzureAD
TypeName                      : Microsoft.SharePoint.Administration.Claims.SPTrustedLoginProvider
DisplayName                   : AzureAD
Id                            : 742ae843-6936-4b30-bdae-1321d3907486
Status                        : Online
Parent                        : SPSecurityTokenServiceManager Name=SecurityTokenServiceManager
Version                       : 12719408
Properties                    : {}
Farm                          : SPFarm Name=SP_Config
UpgradedPersistedProperties   : {}

Figure 5

Again, trying to convert from SAML 2.0 to SAML 1.1 because SharePoint 2013 and 2016 only accept SAML 1.1.

Thus back to the issue with the first (Figure 1), This is the correct AppID how come I can getting a failure?



Posted by at No comments:

Friday, May 04, 2018

PowerShell 5.0

I have been having lots of trouble with using PowerShell with Azure.  In order to get it running I finally came across the following site for the correct downloads: https://docs.microsoft.com/en-us/powershell/wmf/5.0/requirements
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)