Sharepoint 2016 On-Premises with Azure AD Integration

Gopan 101 Reputation points
2020-10-05T09:08:31.15+00:00

Sharepoint 2016 and we are trying to integrate with Aure AD and getting the below
errorID4014: A SecurityTokenHandler is not registered to read security token error
D4014: A SecurityTokenHandler is not registered to read security token ('Assertion', 'urn:oasis:names:tc:SAML:2.0:assertion').
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.IdentityModel.Tokens.SecurityTokenException: ID4014: A SecurityTokenHandler is not registered to read security token ('Assertion', 'urn:oasis:names:tc:SAML:2.0:assertion').
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SecurityTokenException: ID4014: A SecurityTokenHandler is not registered to read security token ('Assertion', 'urn:oasis:names:tc:SAML:2.0:assertion').]

Kindly help for the above .We configured the Identity in Azure AD as urn:sharepoint:site
configured login url =https://login.microsoftonline.com/id of identity/wsfed on sharepoint server
and the certificate Base64
after getting login of azure AD going to sharepoint immediately we will get the error like above

Kindly help to solve the same

SharePoint Server
SharePoint Server
A family of Microsoft on-premises document management and storage systems.
2,347 questions
{count} votes

Accepted answer
  1. Trevor Seward 11,706 Reputation points
    2020-10-05T15:32:49.16+00:00

2 additional answers

Sort by: Most helpful
  1. Wendy Li_MSFT 1,711 Reputation points Microsoft Vendor
    2020-10-06T07:12:29.533+00:00

    @Gopan
    There is a blog which lists this issue:

    Azure AD SAML endpoint will initially only issue SAML 2.0 tokens. This is because the SAML 1.1 issuance policy doesn’t exist for our SSO App Object and will have to be created. You’ll probably see this entry in the ULS logs when this issue occurs

    Application error when access /_trust/default.aspx, Error=ID4014: A SecurityTokenHandler is not registered to read security token (‘Assertion’, ‘urn:oasis:names:tc:SAML:2.0:assertion’).

    Resolution to this issue is located here where you have to assign the SAML 1.1 token issuance policy to the SSO App Object.

    Please have a try and let's know the result.

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Dattatray Patil 86 Reputation points
    2020-10-06T15:00:50.65+00:00

    @Gopan ,

    If you like to implement custom solution then you can configure login page and use SPClaimsUtility class to implement the authentication mechanism.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.