WIF: ID1014: The signature is not valid. The data may have been tampered with

By | April 11, 2017

Been bashing my head against this (WIF: ID1014: The signature is not valid. The data may have been tampered with) problem now for about a week. WIF tracing has been useless in trying to solve this. For my own sanity sake, here are the possible causes that I have found so far that could cause it.

For me the problem surface in a unique configuration where our STS gets configured as a RP-STS & STS. When an desktop system needs to access a resource in our website it sends the STS a token generated from our A-STS and this then signs him into federation. It is this with this specific situation that my problem surfaced.

WTF!, I Found a solution for my problem but I do not know what was causing it to have this issue but in the end I ended up programmatically rebuilding the FederationConfiguration and assigning it to the FederatedAuthentication.SessionAuthenticationModule.FederationConfiguration property each time just before the sign-in. I could not see any difference between the FederationConfiguration from the config file and the one I was building programmatically but it solved my problem.

I hate leaving this issue without understanding what caused it but I have spent too much time on this issue already.

Leave a Reply

Your email address will not be published.