For the sake of simplicity, I've implemented the following class:
public class CustomUserNamePasswordValidatorSecurityTokenHandler : UserNameSecurityTokenHandler {}
And I've enabled it configuration (and enabled proper configSection):
<microsoft.identityModel>
<service>
<securityTokenHandlers>
<clear />
<add type="CustomUserNamePasswordValidatorSecurityTokenHandler" />
</securityTokenHandlers>
</service>
</microsoft.identityModel>
And performing an actual RP call against my STS yields (in service trace viewer):
The token Serializer cannot serialize 'Microsoft.IdentityModel.Tokens.SessionSecurityToken'. If this is a custom type you must supply a custom serializer.
If I comment out the configuration (so no token handler applys), everything works fine. How do I supply this custom serializer?
NOTE: There's a couple references to the issue in this thread however I don't see the开发者_StackOverflow中文版 resolution.
Removing the <clear />
on the securityTokenHandler section should suffice (I editied may answer on your other question accordingly, sorry).
<clear />
removes all by default registered handlers (e.g. for the SessionSecurityToken).
精彩评论