@Steve Zhang 

03.15.2022 11:07:41.33	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Logging Correlation Data	xmnv	Medium	Name=Request (POST:https://oidctest.contoso.local/_layouts/15/Authenticate.aspx?Source=%252F)	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Asp Runtime	avwhz	Medium	SPRequestModule.BeginRequestHandler End, SP Build Version: '16.0.14326.20602'	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Nonce Cookie	9brd4	Medium	SPContextCookie : Using full host domain for cookie. CookieName: 'nSGt'.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Nonce Cookie	9brdr	Medium	SPCryptoContextCookie : Initial Secondary certificate is null and we did not receive a secondary certificate thumbprint.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Nonce Cookie	9brc8	Medium	SPNonceCookie : The Identifier is set successfully. Identifier: '', NonceToSendToIdentityProvider: '1052C7C0B64939E9AD4ED9E0AE79DA9377E650180CDEE9B5-7EADB364F29A63E9C52B0B4B33A094168CDC8354D8D684DF522F06FD78AD4188'.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Claims Authentication	9w647	Medium	Using input cookie name. CookieName: 'nSGt-1052C7C0B64939E9AD4ED9E0AE79DA9377E650180CDEE9B5'.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Nonce Cookie	9brbv	Medium	SPNonceCookie : Successfully read nonce cookie. Version: '0', Seed: '9DA2E444C81E8DA541AC5FEC919C82198F7FD7BDD6403B93', Identifier: '1052C7C0B64939E9AD4ED9E0AE79DA9377E650180CDEE9B5'.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Nonce Cookie	9brc8	Medium	SPNonceCookie : The Identifier is set successfully. Identifier: '1052C7C0B64939E9AD4ED9E0AE79DA9377E650180CDEE9B5', NonceToSendToIdentityProvider: '1052C7C0B64939E9AD4ED9E0AE79DA9377E650180CDEE9B5-7EADB364F29A63E9C52B0B4B33A094168CDC8354D8D684DF522F06FD78AD4188'.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Claims Authentication	9w647	Medium	Using input cookie name. CookieName: 'nSGt-1052C7C0B64939E9AD4ED9E0AE79DA9377E650180CDEE9B5'.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Authentication Authorization	deffe	Medium	The browser does support SameSite at revision 3 of RFC6265.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Nonce Cookie	9brbj	Medium	SPNonceCookie : Deleted nonce cookie if present. Identifier: '1052C7C0B64939E9AD4ED9E0AE79DA9377E650180CDEE9B5'.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Security Token Handler	8p0r7	Medium	Audience GUID matches trusted login provider default client identifier. Audience: 'oidctest', provider Default Identifier: 'oidctest', provider Uri: ''.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.33	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Topology	aeayb	Medium	SecurityTokenServiceSendRequest: RemoteAddress: 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'System.ServiceModel.Security.IWSTrustChannelContract' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:b7edff6c-0098-4e63-adcb-f52ab2636b2a'	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34	w3wp.exe (0x8518)	0xF464	SharePoint Foundation	Topology	aeax9	Medium	SecurityTokenServiceReceiveRequest: LocalAddress: 'http://sp04.sp.local:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'System.ServiceModel.Channels.ServiceChannel' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:b7edff6c-0098-4e63-adcb-f52ab2636b2a'	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34	w3wp.exe (0x8518)	0xF464	SharePoint Foundation	Monitoring	nasq	Medium	Entering Monitored Scope (ExecuteSecurityTokenServiceOperationServer). Parent=None	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34	w3wp.exe (0x8518)	0xF464	SharePoint Foundation	Security Token Service	9w6kv	Medium	STS Call: Creating Claims Operations Scope for Applies To Uri: 'https://oidctest.contoso.local/'.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34	w3wp.exe (0x8518)	0xF464	SharePoint Foundation	Claims Authentication	a6oo7	Medium	Created claims operation context from uri. ContextUri: 'https://oidctest.contoso.local/', Source: 'SiteWithoutSiteSubscription'.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34	w3wp.exe (0x8518)	0xF464	SharePoint Foundation	Security Token Service	9w6k3	Medium	Creating SPSecurityTokenRequestContextV2 object for security token service Issue request.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34	w3wp.exe (0x8518)	0xF464	SharePoint Foundation	Security Token Service	9w6k0	Monitorable	STS Call: Failed to issue new security token. Exception: 'System.IdentityModel.Tokens.SecurityTokenException: Validate signature failure : no found matched security key for token signature.     at Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateSignature(String token, TokenValidationParameters validationParameters)     at System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken)     at Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(String tokenString, TokenValidationParameters validationParameters, SecurityToken& token)     at Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(SecurityToken token)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenRequestContextV2..ctor(ClaimsIdentity identity, RequestSecurityToken request, Boolean initializeForActor, SPSecurityTokenRequestTypeV2 overrideRequestType)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceV2.Issue(ClaimsPrincipal principal, RequestSecurityToken request)'.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34	w3wp.exe (0x8518)	0xF464	SharePoint Foundation	Monitoring	b4ly	Medium	Leaving Monitored Scope: (ExecuteSecurityTokenServiceOperationServer) Execution Time=3.2962; CPU Milliseconds=3; SQL Query Count=0; Parent=None	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Security Token Service Caller	btgia	High	SPSecurityContext: Request for security token failed with exception. Exception: 'System.ServiceModel.FaultException: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.     at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response)     at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)     at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)'.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Claims Authentication	8306	Critical	An exception occurred when trying to issue security token: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs..	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.34	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Claims Authentication	9w636	Unexpected	Claims Saml Sign-In: Could not get local token for trusted third party token. FaultException: 'System.ServiceModel.FaultException: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.     at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response)     at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)     at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments)'. Stack: '   at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response)     at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)     at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments)'.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Asp Runtime	avwhw	Medium	SPRequestModule.ErrorAppHandler Begin	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	General	8nca	Medium	Application error when access /_layouts/15/Authenticate.aspx, Error=The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.   at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response)     at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)     at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnSessionSecurityTokenCreated(SessionSecurityTokenCreatedEventArgs eventArgs)     at System.IdentityModel.Services.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(SessionSecurityToken sessionToken, Boolean isSession)     at System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request)     at System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnAuthenticateRequest(Object sender, EventArgs eventArgs)     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Runtime	tkau	Unexpected	System.ServiceModel.FaultException: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.    at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response)     at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)     at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnSessionSecurityTokenCreated(SessionSecurityTokenCreatedEventArgs eventArgs)     at System.IdentityModel.Services.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(SessionSecurityToken sessionToken, Boolean isSession)     at System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request)     at System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnAuthenticateRequest(Object sender, EventArgs eventArgs)     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	General	ajlz0	High	Getting Error Message for Exception System.ServiceModel.FaultException: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.     at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response)     at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)     at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnSessionSecurityTokenCreated(SessionSecurityTokenCreatedEventArgs eventArgs)     at System.IdentityModel.Services.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(SessionSecurityToken sessionToken, Boolean isSession)     at System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request)     at System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.OnAuthenticateRequest(Object sender, EventArgs eventArgs)     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	General	aat87	Monitorable		b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Authentication Authorization	agb9s	Medium	Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	General	agxkz	High	calling GetCurrentGenericSetupPath for a versioned path: TEMPLATE\LAYOUTS	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Application Authentication	9s97c	Medium	SPApplicationAuthenticationModuleV2.IsBearerChallengeRequested: Return 'False'.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Application Authentication	9s97n	Medium	The request isn't made to a page which allows NeverAuth to be specified in the query string	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Claims Authentication	crpqx	Medium	STS setting for SuppressModernAuthForOfficeClients:'True'.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Application Authentication	9s976	Medium	IsClaimsTrustedAuthenticationOnly: 'False', IsOfficeClientIDCRLRequest: 'False', HasSPTrustedSecurityTokenIssuer: 'False', ForceIdcrlForOfficeClients: 'True'.	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Asp Runtime	avwh5	Medium	SPRequestModule.PreSendRequestHeaders End	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Asp Runtime	avwhx	Medium	SPRequestModule.ErrorAppHandler End	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Asp Runtime	avwia	Medium	SPRequestModule.PostLogRequestHandler Begin	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Asp Runtime	avwib	Medium	SPRequestModule.PostLogRequestHandler End	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Asp Runtime	avwic	Medium	SPRequestModule.EndRequestHandler Begin	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Micro Trace	uls4	Medium	Micro Trace Tags: 0 avwhy,0 nasq,1 avwhz,0 9brd4,0 9brdr,0 9brc8,0 9w647,0 9brbv,0 9brc8,0 9w647,0 deffe,0 9brbj,2 8p0r7,1 aeayb,12 btgia,0 9w636,0 avwhw,0 8nca,0 tkau,0 ajlz0,1 aat87,2 agb9s,0 agxkz,1 9s97c,0 9s97n,0 crpqx,0 9s976,0 avwh5,0 avwhx,0 avwia,0 avwib,0 avwic	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Runtime	aoxsq	Medium	Sending HTTP response 200 for HTTP POST request	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Unified Audit	bm7sm	High	SPRequestModule::CreatePageViewedAuditEntry: Required parameters not set properly,exiting creating PageViewed SPUnifiedAuditEntry	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Monitoring	b4ly	Medium	Leaving Monitored Scope: (Request (POST:https://oidctest.contoso.local/_layouts/15/Authenticate.aspx?Source=%252F)) Execution Time=26.8099; CPU Milliseconds=16; SQL Query Count=0; Parent=None	b2ec29a0-34e1-808c-08b8-fecdfcecba7e
03.15.2022 11:07:41.35	w3wp.exe (0xF50C)	0x11814	SharePoint Foundation	Asp Runtime	avwid	Medium	SPRequestModule.EndRequestHandler End	b2ec29a0-34e1-808c-08b8-fecdfcecba7e

@jinzhong he 

Would you mind posting a screenshot or an export of your sharepoint client config inside of keycloak now that you've got it working? Or even just an example access or id token that has the claims you added to get it working?

Thanks for anything you can provide to help us out!

@benjamin8733 see the attached screenshot.

You need to create token mappers for username mapping.

@jinzhong he 

Could you list what client scopes and mappers you've configured in keycloak to get this to work? and what claim type you've configured on the sharepoint side to recieve those claims?

So far i've been unsuccessful in getting keycloak to work with SPSE, although now the token is validating correctly (per the ULS logs) since the March CU, so appears i'm missing some critical claims for sharepoint to grant access.

Currently I'm attempting to use "email" as the claim on both sides to match.

@jinzhong he

Thanks so much jinzhong he! Knowing you got it working helped me get to the bottom of our issue.

On our keycloak instances (latest 17.0.0 quarkus version), in a new test realm, the default for "Access Token Lifespan" is set to 5 minutes. (For reference, on ADFS, this same value defaults to 60 minutes).

This is all fine usually, as many apps, (excluding sharepoint), we've tested on both keycloak and adfs work fine with either IdP with default timeouts.

But sharepoint has an odd behavior, in that by default: "when there are less than 10 minutes left in the lifetime SharePoint considers it expired"  (quote from https://sharepoint.stackexchange.com/users/3338/infotekka at SharePoint 2013 ADFS login local token cache always expired - SharePoint Stack Exchange ) 

The ULS logs confirmed the issue after sso login: "Found matching token cache entry but it's token is expired."

So sharepoint was rejecting the token as expired immediately after the successful SSO login from keycloak had completed. Adjusting the keycloak realm settings for "Access Token Lifespan" to 60 minutes up from the default 5 minutes fixed our issue. Login to sharepoint is now working correctly against keycloak.

@ictotum，

Would you mind opening a support ticket to us for your specific problem? We will be able to follow up with you. 

And also add @Troy Starr here as well. 

Hi @ictotum, you can open a support case by going to https://support.microsoft.com/contactus, then clicking Show expanded list of products, then clicking SharePoint Server.  The cost to open a support case will depend on the type of support contract your organization has with Microsoft.