ID4014: A SecurityTokenHandler is not registered to read security token

Question

I'm desperately trying to consume JWT token from ACS for authorization to my webapi. I got it so far that it redirects me to ACS site and I can Login. After the callback to my site I get:

ID4014: A SecurityTokenHandler is not registered to read security token ('BinarySecurityToken', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd').

I've read alot of Blogs about this and I made my own CustomJwtSecurityToken. But somehow it still doesn't work. I did everything according to this site: http://blog.codit.eu/post/2013/03/19/Using-ACS-and-WAAD-with-JWT-Tokens-for-Web-and-Store-Applications-(Part-1-2).aspx

my web.config:

    <system.identityModel>
    <identityConfiguration saveBootstrapContext="true" >
      <audienceUris>
        <add value="https://localhost/Connector" />
      </audienceUris>
      <securityTokenHandlers>
        <add type="Connector.Security.Azure.CustomJwtSecurityTokenHandler, Connector,   Version=1.0.0.0, Culture=neutral" />
        <securityTokenHandlerConfiguration>
          <certificateValidation certificateValidationMode="PeerTrust"/>
          <issuerTokenResolver type="Connector.Security.Azure.CustomJwtSecurityTokenHandler, Connector, Version=1.0.0.0, Culture=neutral">
            <securityKey symmetricKey="[mykey]" name="https://localhost/Connector" />
          </issuerTokenResolver>
        </securityTokenHandlerConfiguration>
      </securityTokenHandlers>

      <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
        <trustedIssuers>
          <add thumbprint="[mythumbprint]"
        name="https://[mycompany].accesscontrol.windows.net/" />

        </trustedIssuers>

      </issuerNameRegistry>

    </identityConfiguration>

  </system.identityModel>
  <system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="false" />
      <wsFederation passiveRedirectEnabled="true" issuer="https://[mycompany].accesscontrol.windows.net/v2/wsfederation" realm="https://localhost/Connector" requireHttps="false" />
    </federationConfiguration>
  </system.identityModel.services>

I checked response in fiddler. I receive the JWT token. Somehow my site does not send it to the right handler. Anybody know why or how to debug this? token-type:jwt&lt

Answer 1

Microsoft provides an out of the box handler for JWT tokens. If that fits your needs (i.e. you don't have any special requirements that made you write the custom handler) then I would suggest using that one. I use it with ACS and it works like a charm. You can install it as a nuget ( see http://msdn.microsoft.com/en-us/library/dn205064(v=vs.110).aspx )