Configure Active Relying Party STS to Trust Multiple Identity Provider STSes

Posted by CodeChef on Stack Overflow See other posts from Stack Overflow or by CodeChef
Published on 2010-04-30T20:31:36Z Indexed on 2010/05/25 4:21 UTC
Read the original article Hit count: 434

I am struggling with the configuration for the scenario below.

  • I have a custom WCF/WIF STS (RP-STS) that provides security tokens to my WCF services
  • RP-STS is an "Active" STS
  • RP-STS acts as a claims transformation STS
  • RP-STS trusts tokens from many customer-specific identity provider STSes (IdP-STS)
  • When a WCF Client connects to a service it should authenticate with it's local IdP-STS

The reading that I've done describes this as Home Realm Discovery. HRD is usually described within the context of web applications and Passive STSes. My questions is, for my situation, does the logic for choosing an IdP-STS endpoint belong in the RP-STS or the WCF Client application?

I thought it belonged in the RP-STS, but I cannot figure out the configuration to make this happen. RP-STS has a single endpoint, but I cannot figure out how to add more than one trusted issuer per endpoint.

Any guidance on this would be very appreciated (I'm out of useful keywords to Google.) Also, if I'm way off please offer alternative approaches.

Thanks!

alt text

© Stack Overflow or respective owner

Related posts about wcf

Related posts about WIF