Tuesday, March 19, 2019

SharePoint Provider Hosted App - SecurityTokenException: Invalid issuer or signature

More often than not, this error simply means that SharePoint client secrets are incorrect. A detailed explanation and steps to resolve this error can be found at 

https://kirkbarrett.wordpress.com/2018/01/19/provider-hosted-app-error-invalid-issuer-or-signature-persists-after-update/

If we are absolutely sure that the client secrets are correct, then a possible reason for this error is mismatch between datetime zones of SharePoint online and Azure servers. Read more information at https://blogs.technet.microsoft.com/sharepointdevelopersupport/2015/03/11/provider-hosted-app-fails-on-spo/

Some solutions for this problem are listed below


  1. If the website is hosted in an azure server, wait for eight hours for the server to be in sync
  2. Remove service principle using Remove-MsolServicePrincipal powershell command in MSOnline Powershell. More information can be found at https://techcommunity.microsoft.com/t5/SharePoint-Developer/Invalid-issuer-o-signature-error-in-SPO-Provider-Hosted-AddIns/m-p/165697#M4444
  3. Use HostedAppHostNameOverride in web.config as described at https://www.credera.com/blog/technology-insights/microsoft-solutions/sharepoint-2013-provider-hosted-applications-windows-azure-paas/ 



No comments:

c# httpclient The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch

 If we get this error while trying to get http reponse using HttpClient object, it could mean that certificate validation fails for the remo...