ID4291: The security token ‘Microsoft.IdentityModel.Tokens.SessionSecurityToken’ is not scoped to the current endpoint

Issue:

ID4291: The security token ‘Microsoft.IdentityModel.Tokens.SessionSecurityToken’ is not scoped to the current endpoint

Or

ID4291: The security token ‘System.IdentityModel.Tokens.SessionSecurityToken’ is not scoped to the current endpoint

My Web.Config:

  <system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="false" path="/" />

Environment:

Windows, ASPNet, IdentityModel, STS

Resolution:

The issue is due to root path error. Please check all apps’ web.config and make sure all web.configs have same path value under identity model section.

Step-by-step instructions:-

  1. Open web.config of an application in edit mode
  2. Search for “cookiehandler”
  3. Remove  path=”/” from cookie handler attribute:
    <cookieHandler requireSsl=”false” />
  4. Save web.config and try again.
      <system.identityModel.services>
        <federationConfiguration>
          <cookieHandler requireSsl="false" />

Reference:

MSDN