IDX10500: signature validation failed. Unable to resolve securitykeyidentifier

See more:

C#

ASP.NET

SSO

OAuth

Hi,
I am new to OAuth and I am trying to implement it in my application.
I have added a relying party by referring [^] this link.
As suggested in a link, I have not attached any certificate while creating a relying party.

Now in my application, this code redirects me to AD FS login page where user enters his login credentials.

 AuthenticationContext authenticationContext = null;
 Uri redirectUri;
 Uri authorizationRequestURL;
 string clientID = string.Empty;
 string resourceUrl = string.Empty;
 resourceUrl = "https://lxi322.lxi.company.com";

 redirectUri = new Uri("https://lxi322.lxi.company.com/CompanyLogin/SAML/AssertionConsumerService.aspx");

 var config = WebConfigurationManager.OpenWebConfiguration("~/Configuration/web.config");
 clientID = config.AppSettings.Settings["ClientID"].Value;


 authenticationContext = new AuthenticationContext(adfsUrl, false);
 authorizationRequestURL = authenticationContext.GetAuthorizationRequestURL(resourceUrl, clientID, redirectUri, UserIdentifier.AnyUser, null);

Response.Redirect(authorizationRequestURL.AbsoluteUri);

After login at AD FS, I successfully receive the encrypted JWT token using below code.

string clientID = config.AppSettings.Settings["ClientID"].Value.ToString();

Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(
            "https://pw12devadfs.pw12dev.company.com/adfs/oauth2/authorize", false);

ClientCredential credential = new ClientCredential(clientID, "a8cb2a71-da38-4cf4-9023-7799d00e09f8");
AuthenticationResult result = authenticationContext.AcquireTokenByAuthorizationCode(Request.QueryString[0], new Uri("https://lxi322.lxi.company.com/CompanyLogin/SAML/AssertionConsumerService.aspx"), credential);

var handler = new JwtSecurityTokenHandler();
var jsonToken = handler.ReadToken(result.AccessToken) as JwtSecurityToken;

Now I am trying to validate the same token using below code

JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
System.IdentityModel.Tokens.SecurityToken securityToken = null;

                var validationParameters = new TokenValidationParameters()
                {
                    ValidAudience = "https://lxi322.lxi.company.com",
                    ValidIssuer = "http://PW12DEVADFS.PW12DEV.company.com",
                    ValidateIssuer = false,
                    ValidateAudience = false
                };

ClaimsPrincipal claims = tokenHandler.ValidateToken(Token, validationParameters, out securityToken);

But while validating token, I get error as

IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier

(

IsReadOnly = False,

Count = 1,

Clause[0] = X509ThumbprintKeyIdentifierClause(Hash = 0xAE373EDE1C71AB1233A099B1891B3C59C3B825FE)

)
token: '{"typ":"JWT","alg":"RS256","x5t":"rjc-3hxxqxIzoJmxiRs8WcO4Jf4"}.{"aud":"https://lxi322.lxi.company.com","iss":"http://PW12DEVADFS.PW12DEV.company.com/adfs/services/trust","iat":1485938952,"exp":1485942552,"upn":"lokesh@PW12DEV.company.com","email":"lokesh.zende@outlook.com","given_name":"lokesh","auth_time":"2017-02-01T08:49:11.955Z","authmethod":"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport","ver":"1.0","appid":"a8cb2a71-da38-4cf4-9023-7799d00e09f8"}'.

What I have tried:

I googled about the error. Every post suggests me different solution.

Looking at the exception, it looks like some certificate issue. But I have not used any certificate anywhere.