I promised it , and I'm doing it. In this post I will give a simple walkthrough of developing an STS with the ADFS "2" Identity Framework. If you went to my breakout session at TechEd Europe , you can safely skip this post. I am not going to reveal anything more than I've already shown in that session, so if you're searching for new sneak peeks I've to disappoint you :-) Also. Please, PLEASE take into account that the API this is built on are not even CTP level. I am looking forward to your feedback, but please do not consider this final by any mean. Now that things are simpler the audience can grow geometrically, hence I am going to relax my usual assumption that the reader knows what the heck an STS is; I'll spend few lines for explaining what it is all about, at least from the functional perspective. I still maintain the assumption that you know what is CardSpace and you are familiar with the Identity Metasystem roles: subject, RP & IP. Loyal reader, you already know that stuff: feel free to jump to the "Let's write one STS" section. What is an STS? STS is an acronym that stands for Security Token Service. An STS is a special kind of web service, which has the hobby of issuing security tokens. Tokens are small artifacts, fragments of data that can be used for carrying cryptographic material (keys) and/or plain information (the famous claims); the tokens can also be used for performing cryptographic operations on messages, such as signatures or encryption. Clients send to
Read More...