SessionSecurityTokenHandler trying to decrypt SessionSecurityToken in RSA-encrypted cookie using DPAPI; why?

Note that you can now use the MachineKeySessionSecurityTokenHandler to sign and encrypt session tokens across web farms.

To use this, you will need to remove the default SessionSecurityTokenHandler and add the MachineKeySessionSecurityTokenHandler in Web.config:

<system.identityModel>  <identityConfiguration>    <securityTokenHandlers>      <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />      <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />    </securityTokenHandlers>  </identityConfiguration></system.identityModel>

The MachineKeySessionSecurityTokenHandler makes use of the machine key configured in Web.config so you will need to add that too:

<system.web>  <machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="AES" /></system.web>

See this question on BrainThud

Well, after much searching, I've figured out what my problem was. Before I set up the ServiceConfigurationCreated, I was doing some configuration that caused an access to FederatedAuthentication.ServiceConfiguration. According to MSDN, "The ServiceConfigurationCreated event is raised when the first HTTP module in the web application references ServiceConfiguration". I moved the event handler setup to the top of Application_Start and everything worked as it should, which means that the event - which only fires once - was firing before I had the event handler set up.

Hopefully this will save someone the 4+ hours it took me to run this to ground.