I got a question in a remark on ADFS 2.0 and ASP.NET and wanted to do a post about it instead of trying to fit in code inside a remark too.
Sometimes you might see the above error. And I can understand why it can be frustrating at times, so ill try and clarify what it means.
You create a sign message and redirect the user to the ADFS/STS. The user logs in successfully and gets send back with a token, and now WIF on the webserver say’s “go away, you are trying to login with a token issued for another domain/application than me.
The key here is your return URL. When you add a Relying Party on your ADFS server, you specify a WS-Federation Passive Endpoint. Your return URL need to be within same scope as your WS-Federation Endpoint URI.