My team has implemented the excellent IdentityServer3 for our Single Sign-On provider but we kept running into a very irritating and intermittent issue for some of our users:

IDX10311: RequireNonce is 'true' (default) but validationContext.Nonce is null.

The error occurred when our users were navigating to the https version of the site but they were being redirected by IdentityServer back to the http version of the site. They did this because some of them had the browser caching the https url and so they selected that instead of typing/selecting the http url.

The fix was simply to have them initially browse to the same url and protocol (http/https) that IdentityServer redirects to after log in.