acs metadata vs custom sts metadata for asymmetric keying

The code for the STS at exposes metadata for the endpoint to which asymmetric keying RSTRs are sent as


Note that svcutil cannot generate a configuration for a custombinding matching this policy assertion (it requires code), even though the policy has been read:


We do see in the policy use of

However, we note that ACS does not fully expose what it requires, when it too responds to such keying requests. It pretends, for configuration reasons, to not require the endorsing supporting RSA token. Of course, it does in practice.



Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in SSO. Bookmark the permalink.