Tridion Docs 14.2 STS setup

Hi All, we are moving our Tridion Docs 14 auth from ADFS to STS and are running into an issue with "Bad Key". We validated at the cert can encrypt and decrypt tokens, so not sure what we are missing. Here is the detailed error. TIA.

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
11:45:30.4026 Debug 11 00015 a:UC:Admin /ISHSTS/account/signin Trisoft.InfoShare.API25.User.GetMyMetadata() [MethodEnter(00082)]
11:45:30.5475 Debug 11 00015 a:UC:Admin /ISHSTS/account/signin Trisoft.InfoShare.API25.User.GetMyMetadata() [MethodExit(00082)] 144.8805ms
11:45:30.5726 Error 11 00015 a:UC:Admin /ISHSTS/account/signin Trisoft.Utilities.Logging.Web.Modules.ErrorModule.OnContextError (httpStatusCode=[null],statusCode=[null],urlReferer=[null]) []
11:45:30.5726 Error 11 00015 a:UC:Admin /ISHSTS/account/signin Trisoft.Utilities.Logging.Web.Modules.ErrorModule.OnContextError []
System.Security.Cryptography.CryptographicException: Bad Key.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.RSACryptoServiceProvider.EncryptKey(SafeKeyHandle pKeyContext, Byte[] pbKey, Int32 cbKey, Boolean fOAEP, ObjectHandleOnStack ohRetEncryptedKey)
at System.Security.Cryptography.RSACryptoServiceProvider.Encrypt(Byte[] rgb, Boolean fOAEP)
at System.Security.Cryptography.CngLightup.OaepSha1Encrypt(RSA rsa, Byte[] data)
at System.IdentityModel.RsaEncryptionCookieTransform.Encode(Byte[] value)
at System.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound)
at System.IdentityModel.Tokens.SessionSecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token)
at System.IdentityModel.Tokens.SessionSecurityTokenHandler.WriteToken(SessionSecurityToken sessionToken)
at System.IdentityModel.Services.SessionAuthenticationModule.WriteSessionTokenToCookie(SessionSecurityToken sessionToken)
at Thinktecture.IdentityServer.Protocols.AuthenticationHelper.SetSessionToken(String userName, String authenticationMethod, Boolean isPersistent, Int32 ttl, IEnumerable`1 additionalClaims)
at Thinktecture.IdentityServer.Protocols.AccountControllerBase.SignIn(String userName, String authenticationMethod, String returnUrl, Boolean isPersistent, Int32 ttl, IEnumerable`1 additionalClaims)
at Thinktecture.IdentityServer.Web.Controllers.AccountController.SignIn(SignInModel model)
at lambda_method(Closure , ControllerBase , Object[] )
at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

emoji