We have a website protected by WIF which all works until i goto a specific subdir. I get the error
ID4291: The security token 'Microsoft.IdentityModel.Tokens.SessionSecurityToken' is not scoped to the current endpoint. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.IdentityModel.Tokens.SecurityTokenException: ID4291: The security token 'Microsoft.IdentityModel.Tokens.SessionSecurityToken' is not scoped to the current endpoint. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [SecurityTokenException: ID4291: The security token 'Microsoft.IdentityModel.Tokens.SessionSecurityToken' is not scoped to the current endpoint.] Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ValidateToken(SessionSecurityToken token, String endpointId) +224 Microsoft.IdentityModel.Web.SessionAuthenticationModule.ValidateSessionToken(SessionSecurityToken sessionSecurityToken) +112 Microsoft.IdentityModel.Web.SessionAuthenticationModule.SetPrincipalFromSessionToken(SessionSecurityToken sessionSecurityToken) +22 Microsoft.IdentityModel.Web.SessionAuthenticationModule.AuthenticateSessionSecurityToken(SessionSecurityToken sessionToken, Boolean writeCookie) +17 Microsoft.IdentityModel.Web.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +344 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
The only difference I can see with this subdir is that it is defined as an application within IIS with its own web.config file. In ADFS1 we just defined the SSO settings in the root web.config and this protected all subdirs whether they were apps or not. Is this still the same with ADFS2?
Do i need to treat this subdir as a new relying party in ADFS2?
Could anyone explain what this error means?
Thanks
Have done some more playing...... I created a second relying party for
www.test.com/subdir. Now it gets fun.....
If i goto www.test.com/subdir it logs in and we see the page, then i gotowww.test.com and we also see that page too. Coool
But if i goto www.test.com first, it logs in and we see the page, then i gotowww.test.com/subdir and we get the error above. Doh!!!
What should i be doing to get this working?
PS. We are using passive login.