We recently converted an application to use AzureAD for single sign on and discovered in our logs that we were seeing a number of Nonce related errors such as the one below.
We haven’t fully fleshed out this issue, but we were able to reproduce it with the following steps:
1) Browse to the site
2) Get redirected to the AzureAD SSO login page.
3) Wait 1 hour
4) Attempt to complete the login
Here is an article I found that discusses the same issue (with a slightly different error) along with some code for catching the exception and changing the nonce timeout.
https://teknovenus.com/nonce-expriation-idx10316-workaround-asp-net-mvc/
The error we are getting:
Session state is not available in this context.
Error method: Void ValidateNonce(System.IdentityModel.Tokens.JwtSecurityToken, Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolValidationContext)
IDX10311: RequireNonce is ‘true’ (default) but validationContext.Nonce is null. A nonce cannot be validated. If you don’t need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to ‘false’.
Stack: at Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolValidator.ValidateNonce(JwtSecurityToken jwt, OpenIdConnectProtocolValidationContext validationContext)
at Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolValidator.Validate(JwtSecurityToken jwt, OpenIdConnectProtocolValidationContext validationContext)