We recently converted an application to use AzureAD for single sign on and discovered in our logs that we were seeing a number of Nonce related errors such as the one below.

We haven’t fully fleshed out this issue, but we were able to reproduce it with the following steps:

1) Browse to the site

2) Get redirected to the AzureAD SSO login page.

3) Wait 1 hour

4) Attempt to complete the login

Here is an article I found that discusses the same issue (with a slightly different error) along with some code for catching the exception and changing the nonce timeout.

https://teknovenus.com/nonce-expriation-idx10316-workaround-asp-net-mvc/

The error we are getting:

Session state is not available in this context.

Error method: Void ValidateNonce(System.IdentityModel.Tokens.JwtSecurityToken, Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolValidationContext)

IDX10311: RequireNonce is ‘true’ (default) but validationContext.Nonce is null. A nonce cannot be validated. If you don’t need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to ‘false’.

Stack: at Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolValidator.ValidateNonce(JwtSecurityToken jwt, OpenIdConnectProtocolValidationContext validationContext)

at Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolValidator.Validate(JwtSecurityToken jwt, OpenIdConnectProtocolValidationContext validationContext)

[BadImageFormatException: Could not load file or assembly ‘Interop.SHDocVw’ or one of its dependencies. An attempt was made to load a program with an incorrect format.]

If you are getting an exception like that, it could mean that your App Pool is not setup to work with 32 bit applications.  Try enabling it: