This error
ID4014: A SecurityTokenHandler is not registered to read security token ('BinarySecurityToken', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd')
Usually pops out when your application received JWT token, and it is only configured to read SAML or SWT tokens. Other reason might be because a SAML token has been encrypted or binary encoded before sending back to the relying party.
First thing to check is whether both ends (ADFS and Relying Party Application) are configured for the same token type and that the RP (Relying Party) can read the configured token (SAML/SWT/JWT).
In order to fully understand configuration at the Relying party end we need to know following sections of web.config
file: system.identityModel
, system.identityModel.services
, system.webServer
. Along with that we also need the configuration of ADFS - how the relying party is configured at ADFS end. What endpoints are configured and what are used. The best tool to investigate is Fiddler.
And to eliminate that Azure is the issue, please verify that your application works correctly in on-premises environment.