Attie Heunis's Journey

The ramblings of a Caucasian African American

recent posts

about

Originally from South Africa’s magnificent Eastern Cape, my family and I now reside in Pennsylvania in the United States. To earn my keep I’m an executive for a multinational company in the Healthcare sector. I’m also a serious amateur photographer. Pro-environmental and conservation views.

Solved: IdentityServer’s RequireNonce is ‘true’ error.

My team has implemented the excellent IdentityServer3 for our Single Sign-On provider but we kept running into a very irritating and intermittent issue for some of our users:

IDX10311: RequireNonce is 'true' (default) but validationContext.Nonce is null.

The error occurred when our users were navigating to the https version of the site but they were being redirected by IdentityServer back to the http version of the site. They did this because some of them had the browser caching the https url and so they selected that instead of typing/selecting the http url.

The fix was simply to have them initially browse to the same url and protocol (http/https) that IdentityServer redirects to after log in.

Posted in

2 responses to “Solved: IdentityServer’s RequireNonce is ‘true’ error.”

  1. Paulo Avatar
    Paulo

    I have to say that I was losing my mind for this error, literally tried everything for hours and hours, to me the fix was set multi-tenanted to yes in azure applications

    Reply
  2. Sushant Avatar
    Sushant

    But in my case it is redirecting to http itself and still gives this error

    IDX10311: RequireNonce is ‘true’ (default) but validationContext.Nonce is null. A nonce cannot be validated. If you don’t need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to ‘false’.

    can you please suggest something.

    Reply

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.