WIF Security Token Caching

Question

I have a site that is a relying party to our WIF-based custom STS. We recently implemented a Security Token Cache as described here: Azure/web-farm ready SecurityTokenCache

Answer 1

We are currently facing exactly the same problem, although our situation is a bit different. We are trying to use WIF to provide Shibboleth SSO for Outlook Web App (OWA). We have several OWA hosts behind a load balancer.

WIF generates the FedAuth cookie (and FedAuth1) which is more than 2.5 kB in size. Our load balancer truncates the cookie. So we set the IsSessionMode-Property to true in OWA's global.asax file. Now, the cookie size is reduced to approx. 600 bytes, which is fine. OWA works.

However, the Exchange Control Panel (ECP) which runs on the same server, does not work any longer. ECP runs in the same IIS application pool and has also the IsSessiobnMode-Property set in its global.asax file. Whenever ECP is called, the application does not send back any response but WIF reports:

Current user: 'User not set'
   Request for URL 'http://owa.ourdomain.com/ecp/' failed with the following error:
   System.IdentityModel.Tokens.SecurityTokenException: ID4243: Could not create a SecurityToken. A token was not found in the token cache and no cookie was found in the context.