comparing ACS working and ACS not working messages
we can make it work when we get the SOAP and addressing version right (for wstrust13):
So, when talking to ACS note the messaging version requirements:
Now that we FINALLY understand how to augment the clientcredentials structure so it can offer “RSASecurityTokens” and insert a tokenmanager that works with a “securitytokenprovider” to deliver the RSA signing key at the right time to the messaging pipeline of WCF, its all looks relatively simple.
But of course, it was a nightmare getting here.