WIF- ID1014: The signature is not valid. The data may have been tampered with

Question

I\'ve been using WIF to authenticate our new website, the STS is based upon the starter-sts implementation.

To enable this to work correctly on out load balanced environ

Answer 1

I changed the implementation to amend the timeout in the ontokencreated method. This prevents the reissue.

protected override void OnSessionSecurityTokenCreated(Microsoft.IdentityModel.Web.SessionSecurityTokenCreatedEventArgs args)
        {
            args.SessionToken = FederatedAuthentication.SessionAuthenticationModule.CreateSessionSecurityToken(
                args.SessionToken.ClaimsPrincipal,
                args.SessionToken.Context,
                DateTime.UtcNow,
                DateTime.UtcNow.AddDays(365),
                true
                );
            //base.OnSessionSecurityTokenCreated(args);
        }