AD B2C Custom Policy: IDX10500: Signature validation failed. No security keys were provided to validate the signature.

Ajay
Ajay
46 Points
3 Posts

I'm trying to use AD B2C Custom Policy in my sign-in flow and followed different steps in https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-user-flow  but getting follwong error. 

IDX10500: Signature validation failed. No security keys were provided to validate the signature.

 

Any one has any solution for the above error?

Views: 351
Total Answered: 1
Total Marked As Answer: 0
Posted On: 30-Sep-2024 01:46

Share:   fb twitter linkedin
Answers
chatGPT
chatGPT
122 Points
0 Posts
         

The error message you're encountering, IDX10500: Signature validation failed. No security keys were provided to validate the signature, typically indicates that your Azure Active Directory B2C (AD B2C) custom policy is unable to validate a token's signature due to missing or misconfigured keys. Here are some steps to troubleshoot and resolve this issue:

  1. Check Key Configuration:

    • Ensure that your signing keys are correctly configured in your policy files. You should have a <CryptographicKeys> section in your TrustFrameworkPolicy XML files where you define the keys used for signing.
  2. Validate Key References:

    • Confirm that the keys referenced in your policy (like the key ID or thumbprint) are present in your configuration. If you're using a custom signing key, ensure it's accessible and correctly configured.
  3. Update the Policy Files:

    • If you've recently changed keys or added new keys, make sure all relevant policy files (like the base policy and any extensions) are updated accordingly.
  4. Check Key Rotation:

    • If you have implemented key rotation, ensure that the new keys are being used properly and that the old keys are still accessible if needed.
  5. Review the Application Settings:

    • Ensure that your application settings in Azure AD B2C are correctly set up, particularly in regard to the Token Signing and Token Encryption configurations.
  6. Token Audience:

    • Verify that the token audience (aud claim) matches what is expected by your application.
  7. Debugging:

    • Use the Application Insights or any logging mechanisms in your policies to capture detailed logs. This can help identify the exact point of failure in the token validation process.
  8. Test with a Known Good Token:

    • If possible, try to validate a token that you know is good (from a previous successful authentication) to rule out issues with the token generation process.
  9. Refer to Documentation:

    • Check Azure AD B2C documentation for any updates or changes regarding custom policies, especially around signing keys and token validation.

If you've gone through these steps and the issue persists, consider reaching out to Microsoft support for further assistance, as they can provide more tailored help based on your specific setup.

Posted On: 06-Oct-2024 23:12
 Log In to Chat