WIF Security Token Caching

Question

I have a site that is a relying party to our WIF-based custom STS. We recently implemented a Security Token Cache as described here: Azure/web-farm ready SecurityTokenCache

Answer 1

I have an MVC single page application as a relying party using WSO2 4.5 as the IDP and was getting the same error - "System.IdentityModel.Tokens.SecurityTokenException ID4243: Could not create a SecurityToken. A token was not found in the token cache and no cookie was found in the context. ..." Did a search and found the statements below by Brock Allen of Thinktecture fame.

This exception is thrown when the browser is sending a cookie that contains the user’s claims but something about the processing can’t be performed (either the key has changed so the token can’t be validated or if using a server side cache and the cache is empty). An end user isn’t going to be able to do much about this and they’re going to continue to get the error since the browser will keep sending the cookie.

Full article: http://brockallen.com/2012/10/22/dealing-with-session-token-exceptions-with-wif-in-asp-net/

In the same article he provides the following snippet of code that solved the issue in my case. In Global.asax:

void Application_OnError()
{
    var ex = Context.Error;
    if (ex is SecurityTokenException)
    {
        Context.ClearError();
        if (FederatedAuthentication.SessionAuthenticationModule != null)
        {
            FederatedAuthentication.SessionAuthenticationModule.SignOut();
        }
        Response.Redirect("~/");
    }
}