Forum Discussion

Copper Contributor

Nov 07, 2021

Third party oidc authentication with SPSE failed

Following the new https://docs.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/oidc-1-0-authentication , I managed configuring oidc authenticate in SPSE with ADFS. I then tried third ...

SharePoint Server Subscription

jinzhong he

Copper Contributor

Nov 09, 2021

Hi TroyStarr ，this is just an POC environment so we don't bother to do so.

It seems that the authentication flow failed at last step, i.e. when posting back to: /_layouts/15/Authenticate.aspx

The error was:

Claims Saml Sign-In: Could not get local token for trusted third party token. FaultException: 'System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Validate signature failure : no found matched security key for token signature.

STS Call: Failed to issue new security token. Exception:

'System.IdentityModel.Tokens.SecurityTokenException: Validate signature failure : no found matched security key for token signature.

Steve Zhang

Microsoft

Nov 10, 2021

Hi @Jinzhong,

Thank you for having a try on our new OIDC feature and reporting 3rd party IDP connection issue to us.
I've sent you a private message, if you don't mind, you can share with me your sample token with us so that we can take a look at what's going wrong in your case.

Thanks
Steve

jinzhong he
Copper Contributor
Nov 10, 2021
Hi Steve Zhang ,

The sample token has been sent to you.

Thank you for taking the trouble to help me spot the problem.
- Steve Zhang
  Microsoft
  Nov 12, 2021
  Hi Jinzhong, could you please check what kind of JWK is being used by IDP? We only support x5c JWK/X.509 certificate chain
  - jinzhong he
    Copper Contributor
    Nov 12, 2021
    Hi Steve, it's an x5c.
    I've sent you the oidc discovery endpoint and jwks url for our test environment, including the configured value.
    Thanks