I am using Identity server 4 with Asp.net application MVC 4.5.2 when i run the mvc application its comes to identity server 4 and shows login page. then after filling the credentials it validates the credentials and i have taken redirect to my Mvc 5 application, but sometimes i take this error.
IDX10500: Signature validation failed. Unable to resolve
SecurityKeyIdentifier: 'SecurityKeyIdentifier
(
IsReadOnly = False,
Count = 1,
Clause[0] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause
)
',
token:
'{"alg":"RS256","kid":"20200ac5c987a7282847568c7d00dc26","typ":"JWT".
{"nbf":1487015385,"exp":1487015685,"iss":"https://localhost:44348","aud":"mvc","nonce":"636226121849994491.YTcxMjQ2ZDQtOWVlNC00MDk3LWJhOGYtYTIxNmM4OGFkZjU3NDFhODgzMWMtMmQ4OS00OTRmLWJiMzAtZWM1NzYyZjM3MTI2","iat":1487015385,"c_hash":"qzzLGWDykED_OIG0-TIF8w","sid":"174a7048a9521e2c99462e9b681553ae","sub":"c880d185-f7a1-422b-8cce-dff8142a1a3b","auth_time":1487014828,"idp":"local","amr":["pwd"]}'.
When you say "sometimes" this sounds to me like you are using the AddTemporarySigningCredentials option in IdentityServer4.
This means that new key material will get created on each startup of the host.
In your case the MVC application has a cached version of the key material and thus gets out of sync.
Try setting static keys - e.g. using an X509 cert:
https://brockallen.com/2015/06/01/makecert-and-creating-ssl-or-signing-certificates/