Cannot login in with FBA with AD LDS in SharePoint 2010: An exception occurred when trying to issue security token: The security token username and password could not be validated..

Posted on September 3, 2012 by Bernado

I was setting up FBA with AD LDS for SP2010. I created some test users in AD LDS and was able to see them in the PeoplePicker and grant them access. I couldn’t login as these users however, and was seeing the below in the ULS:

Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.

An exception occurred when trying to issue security token: The security token username and password could not be validated..

Turning on Verbose logging for Claims Authentication category and you can see other things, in particular the below, which suggests the STS configuration is OK.

Authenticated with login provider. Validating request security token.

It turns out that the problem is because the AD LDS user account is disabled!! When you create a user in AD LDS, depending on the current AD policy on your computer, the LDS account may be disabled by default! To enable it, edit the account and set the msDS-UserAccountDisabled attribute to FALSE!!

Another issue that could cause login to fail is that the STS does not have access to the AD LDS user store. I have written about this here.

Advertisement

About Bernado

Based in Australia, I am a freelance SharePoint and Dynamics CRM developer. I love developing innovative solutions that address business and everyday problems. Feel free to contact me if you think I can help you with your SharePoint or CRM implementation.
This entry was posted in AD LDS, Form Based Authentication, SharePoint 2010. Bookmark the permalink.

2 Responses to Cannot login in with FBA with AD LDS in SharePoint 2010: An exception occurred when trying to issue security token: The security token username and password could not be validated..

  1. adam says:
    September 11, 2014 at 4:58 am

    Hi, Bernado-

    I’m experiencing an issue with a custom solution that I have developed. Our FBA mostly works except it’s supposed to redirect a user to change their password after they reset their password. They properly receive an email with their new password but upon logging in for the first time they DO NOT get redirected to the password change form. The only error that I am receiving is this:

    Negating the minimum value of a twos complement number is invalid.

    Everything else works flawlessly: the account is created in AD, the password is created, etc, but the system does not redirect to the password change field. I have the same thing set up in our dev environment and it works 100%. The only thing I can think of is a gpo issue. Any help you can provide would be awesome. Thanks again for any insight you can provide.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s