Message: ID4243: Could not create a SecurityToken. A token was not found in the token cache and no cookie was found in the context

Question

We\'re getting the exact same error as in this thread ... in our production environment. [WIF Security Token Caching

Does anybody have a fix to this error ? Message: ID

Answer 1

this post helped me, so it can help you and others those have this kind of error.

void Application_OnError()
{
  var ex = Context.Error;
  if (ex is SecurityTokenException){
     Context.ClearError();
     if (FederatedAuthentication.SessionAuthenticationModule != null){
         FederatedAuthentication.SessionAuthenticationModule.SignOut();
     }
   Response.Redirect("~/");
  }
}

From this link.

Hope it was useful!

Answer 2

---------- UPDATE, This is how Lord02 fixed the proplem -----------

The problem was that when users are coming in with stale cookies ( from a previous session, i.e. if they did NOT sign out from our system ... but instead just closed the tab ) and then logged in again, our cookie which was in SessionMode = true ... tried to go to the DatabaseTokenCache to GET the whole token from database, but as I said our SSIS process deletes all Tokens which are OLDER than 12 hours old (outdated tokens!) so we don't have loads of orphan tokens, which are outdated in our database and are unusuable ... just taking up space in our database. So after this deletion is done, each night, the DatabaseTokenCache GET‘s function would not return a valid Token ... and the user was signed out because of : ID4243: Could not create a SecurityToken. A token was not found in the token cache and no cookie was found in the context.

So instead of NOT deleting the Tokens inside our database I created a special handler, which intercepts this error on the RP‘s site ... and redirects the user back to the STS – which will then Create a brand new token and Write that down to the DatabaseTokenCacheStore, like this below

The exception with ID4243 is thrown when the cookie is set as “reference mode” AND the token is not present in the cache – I can confirm that is by-design and also by-design WIF does not redirect the call to the STS (to start over the authentication process)

To overcome this problem I intercept this exception and react properly. I redirect to the issuer if this error comes up inside a customSessionAuthModule I created for this:

public class CustomSessionAuthenticationModule : SessionAuthenticationModule
{
    protected override void OnAuthenticateRequest(object sender, EventArgs eventArgs)
    {
        try
        {
            base.OnAuthenticateRequest(sender, eventArgs);
        }
        catch (SecurityTokenException exc)
        {
            // ID4243: Could not create a SecurityToken. A token was not found in the token cache and no cookie was found in the context.
            if (exc.Message.IndexOf("ID4243", StringComparison.OrdinalIgnoreCase) >= 0)
            {
                // Returning directly without setting any token will cause the FederationAuthenticationModule
                // to redirect back to the token issuer.
                return;
            }
            else
            {
                throw;
            }
        }
    }
}