Hi,
I am new to OAuth and I am trying to implement it in my application.
I have added a relying party by referring
[
^] this link.
As suggested in a link, I have not attached any certificate while creating a relying party.
Now in my application, this code redirects me to AD FS login page where user enters his login credentials.
AuthenticationContext authenticationContext = null;
Uri redirectUri;
Uri authorizationRequestURL;
string clientID = string.Empty;
string resourceUrl = string.Empty;
resourceUrl = "https://lxi322.lxi.company.com";
redirectUri = new Uri("https://lxi322.lxi.company.com/CompanyLogin/SAML/AssertionConsumerService.aspx");
var config = WebConfigurationManager.OpenWebConfiguration("~/Configuration/web.config");
clientID = config.AppSettings.Settings["ClientID"].Value;
authenticationContext = new AuthenticationContext(adfsUrl, false);
authorizationRequestURL = authenticationContext.GetAuthorizationRequestURL(resourceUrl, clientID, redirectUri, UserIdentifier.AnyUser, null);
Response.Redirect(authorizationRequestURL.AbsoluteUri);
After login at AD FS, I successfully receive the encrypted JWT token using below code.
string clientID = config.AppSettings.Settings["ClientID"].Value.ToString();
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(
"https://pw12devadfs.pw12dev.company.com/adfs/oauth2/authorize", false);
ClientCredential credential = new ClientCredential(clientID, "a8cb2a71-da38-4cf4-9023-7799d00e09f8");
AuthenticationResult result = authenticationContext.AcquireTokenByAuthorizationCode(Request.QueryString[0], new Uri("https://lxi322.lxi.company.com/CompanyLogin/SAML/AssertionConsumerService.aspx"), credential);
var handler = new JwtSecurityTokenHandler();
var jsonToken = handler.ReadToken(result.AccessToken) as JwtSecurityToken;
Now I am trying to validate the same token using below code
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
System.IdentityModel.Tokens.SecurityToken securityToken = null;
var validationParameters = new TokenValidationParameters()
{
ValidAudience = "https://lxi322.lxi.company.com",
ValidIssuer = "http://PW12DEVADFS.PW12DEV.company.com",
ValidateIssuer = false,
ValidateAudience = false
};
ClaimsPrincipal claims = tokenHandler.ValidateToken(Token, validationParameters, out securityToken);
But while validating token, I get error as
IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier
(
IsReadOnly = False,
Count = 1,
Clause[0] = X509ThumbprintKeyIdentifierClause(Hash = 0xAE373EDE1C71AB1233A099B1891B3C59C3B825FE)
)
token: '{"typ":"JWT","alg":"RS256","x5t":"rjc-3hxxqxIzoJmxiRs8WcO4Jf4"}.{"aud":"https://lxi322.lxi.company.com","iss":"http://PW12DEVADFS.PW12DEV.company.com/adfs/services/trust","iat":1485938952,"exp":1485942552,"upn":"lokesh@PW12DEV.company.com","email":"lokesh.zende@outlook.com","given_name":"lokesh","auth_time":"2017-02-01T08:49:11.955Z","authmethod":"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport","ver":"1.0","appid":"a8cb2a71-da38-4cf4-9023-7799d00e09f8"}'.
What I have tried:
I googled about the error. Every post suggests me different solution.
Looking at the exception, it looks like some certificate issue. But I have not used any certificate anywhere.