“The Security Token Could Not Be Authenticated or Authorized” – Troubleshooting Guide
The “The security token could not be authenticated or authorized” error occurs in SharePoint due to authentication token issues, often caused by expired sessions, misconfigured authentication settings, or incorrect token validation. This issue is particularly common in SharePoint Online, SharePoint On-Premises, and Federated Authentication (Azure AD, ADFS, SAML, OAuth).
Below is a comprehensive, step-by-step troubleshooting guide to help you identify and resolve the problem.
Step 1: Understand the Cause of the Error
This error typically occurs due to:
✔ Expired security token (session timeout).
✔ Misconfigured authentication settings (OAuth, SAML, ADFS).
✔ Clock synchronization issues between the SharePoint server and the authentication provider.
✔ Token signing certificate issues in Azure AD, ADFS, or SAML.
✔ Corrupted or missing cookies and cache data in the browser.
Step 2: Try Logging Out and Logging Back In
An expired or invalid security token can be fixed by simply logging out and logging back in.
How to do it:
- Open SharePoint in your web browser.
- Click your profile picture (top-right corner).
- Select Sign Out.
- Close all browser windows.
- Open the login page and sign in again.
If the error persists, move to the next steps.
Step 3: Clear Browser Cache and Cookies
Old or corrupted cookies and cached authentication tokens may cause security token errors.
How to clear cache and cookies:
- Open Google Chrome (or any browser).
- Press Ctrl + Shift + Delete (Windows) or Cmd + Shift + Delete (Mac).
- Select Cookies and Cached Data.
- Click Clear Data.
- Restart the browser and try logging in again.
Step 4: Try Using a Different Browser or Incognito Mode
Sometimes, browser-specific authentication issues can cause token failures.
How to test with Incognito Mode:
- Open a private/incognito window:
- Chrome: Ctrl + Shift + N
- Edge: Ctrl + Shift + N
- Firefox: Ctrl + Shift + P
- Visit your SharePoint login page.
- Try logging in.
If the issue is resolved in Incognito, clear the cache and cookies in your regular browser.
Step 5: Check for Session Timeout Issues
If your session expired, you might be using an old authentication token.
How to fix session expiration:
- Refresh the page using Ctrl + F5 (Windows) or Cmd + Shift + R (Mac).
- If using SharePoint On-Premises, ask your administrator to increase the session timeout value in Central Administration.
- If using SharePoint Online, ensure your Microsoft 365 session is still active by opening portal.office.com in another tab.
Step 6: Verify Multi-Factor Authentication (MFA) Status
If MFA settings changed recently, your authentication token may be invalid.
How to check MFA:
- Open Microsoft Security Page.
- Check if MFA is enabled for your account.
- If MFA is active:
- Open Microsoft Authenticator App.
- Approve the authentication request.
- If you’re not receiving a prompt, click Resend Code.
If MFA is causing issues, contact your IT admin to reset your MFA settings.
Step 7: Verify Authentication Provider Settings (For Admins)
If your organization uses Azure AD, ADFS, SAML, or OAuth, there might be a misconfiguration in token validation.
How to check authentication settings (For Admins):
For Azure AD Users:
- Open Azure AD Admin Center (https://aad.portal.azure.com).
- Go to Enterprise Applications → Your SharePoint Application.
- Under Single Sign-On, ensure the correct identity provider is configured.
For ADFS Users:
- Open AD FS Management Console.
- Go to Relying Party Trusts.
- Check if the SharePoint trust settings match the expected settings.
For SAML Users:
- Ensure that token signing certificates are valid.
- Verify that the SAML assertion is correctly formatted.
Step 8: Check Security Token Service (STS) in SharePoint (For On-Premises Admins)
In SharePoint Server (On-Premises), the STS (Security Token Service) may be down or misconfigured.
How to restart the STS service:
- Log into your SharePoint server.
- Open Command Prompt as Administrator.
- Run the following PowerShell command:
iisreset - Restart the Security Token Service using:
net stop SPTokenService net start SPTokenService - Check if the issue is resolved.
Step 9: Synchronize Server Clock (For IT Admins)
If there is a time difference between the SharePoint server and authentication provider (Azure AD, ADFS, etc.), token validation will fail.
How to synchronize the server clock:
- Log in to your SharePoint Server or ADFS Server.
- Open Command Prompt as Administrator.
- Run the following command:
w32tm /resync - Ensure the time is synchronized with the domain controller.
Step 10: Verify Token Signing Certificates (For IT Admins)
If the token signing certificate has expired or is incorrect, authentication will fail.
How to check token signing certificates (For ADFS/SAML Admins):
- Open AD FS Management Console.
- Go to Certificates.
- Check if the Token-Signing Certificate is expired.
- If expired, renew it and update the SharePoint trust settings.
Step 11: Check for Conditional Access Policies (For IT Admins)
Your organization may have Conditional Access Policies restricting authentication.
How to check Conditional Access settings:
- Open Azure AD Admin Center.
- Navigate to Security → Conditional Access.
- Check if any policy is blocking access due to:
- Location restrictions.
- Device compliance policies.
- Application-based restrictions.
If your device is blocked, contact IT support.
Step 12: Contact IT Support or SharePoint Administrator
If none of the above steps resolve the issue, reach out to your IT team with the following details:
- Your username/email.
- The exact error message.
- A screenshot of the error (if possible).
- The steps you’ve already tried.
Your IT team can check server logs, authentication settings, and token validity.