using IssuedSecurityTokenProvider as a ws-trust client for asymmetric tokens


image

Turns out we can use the issuedtoken provider, having decoupled it from the desire to send webservice calls between clients and servers (whose proxy would normally invoke the provider to first get required endorsing tokens).

We can configure it using the same custombinding that would normally configure the entire proxy.

This was sufficient for it to issue the RST to our own STS, having the form that ACS demands.

image

now, we also changed our STS so its at least happy to receive and process the username token:

imageimage

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in SSO. Bookmark the permalink.