using IssuedSecurityTokenProvider as a ws-trust client for asymmetric tokens


Turns out we can use the issuedtoken provider, having decoupled it from the desire to send webservice calls between clients and servers (whose proxy would normally invoke the provider to first get required endorsing tokens).

We can configure it using the same custombinding that would normally configure the entire proxy.

This was sufficient for it to issue the RST to our own STS, having the form that ACS demands.


now, we also changed our STS so its at least happy to receive and process the username token:



About home_pw

Computer Programmer who often does network administration with focus on security servers. Sometimes plays at slot machine programming.
This entry was posted in SSO. Bookmark the permalink.