Issue:
ID4291: The security token ‘Microsoft.IdentityModel.Tokens.SessionSecurityToken’ is not scoped to the current endpoint
Or
ID4291: The security token ‘System.IdentityModel.Tokens.SessionSecurityToken’ is not scoped to the current endpoint
My Web.Config:
<system.identityModel.services> <federationConfiguration> <cookieHandler requireSsl="false" path="/" />
Environment:
Windows, ASPNet, IdentityModel, STS
Resolution:
The issue is due to root path error. Please check all apps’ web.config and make sure all web.configs have same path value under identity model section.
Step-by-step instructions:-
- Open web.config of an application in edit mode
- Search for “cookiehandler”
- Remove path=”/” from cookie handler attribute:
<cookieHandler requireSsl=”false” /> - Save web.config and try again.
<system.identityModel.services> <federationConfiguration> <cookieHandler requireSsl="false" />
Reference: