I'm getting the following error when I try to sign in using Azure Active Directory as my external sts, using https.
This is happening during the custom Authentication Handler which extends the SecurityTokenServiceHttpHandler, after it successfully authenticates the token returned from Azure AD, and moves onto the Sitefinity ProcessRequest method.
Error line of code: base.ProcessRequest(context);
[HttpException (0x80004005): Access denied]
Telerik.Sitefinity.Security.Claims.SecurityTokenServiceHttpHandler.ValidateRequestSource(HttpContextBase context) +570
Telerik.Sitefinity.Security.Claims.SecurityTokenServiceHttpHandler.ProcessRequest(HttpContextBase context) +889
The weird thing is that if i just hit the same page again, it processes through the request fine, and logs in the user. Also, I don't get this error when it returns to the non HTTPS version of the SWT (localhost/.../SWT)
Just in case anyone stumbles across this and has the same issue. I have found a workaround. It looks like the reason this happens is that the ProcessRequest function in the base SecurityTokenServiceHttpHandler doesn't like when the Request.Headers["Referer"] is an external HTTPS address.
So, before I call the base.ProccessRequest(context) I change that header value to the SWT url using:
context.Request.Headers["Referer"] = "<Domain>/Sitefinity/Authenticate/SWT";
Glad I could help! Also I found that it didn't work in Safari, however adding the following in addition to the "Referer" line fixed it:
context.Request.Headers["Origin"] = "<Domain>/Sitefinity/Authenticate/SWT";