Claims Provider - Security Token Service

[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

A security token service (STS) is the service component that builds, signs, and issues security tokens. It can issue Kerberos, RSA, X.509, SAML 1.1, and SAML 2 tokens, or it can issue custom tokens. You can use a cloud STS such as a LiveID STS, a pre-built STS such as Active Directory® Federation Services (AD FS) 2.0, or, if you want to issue custom tokens or provide custom authentication or authorization, you can build your own custom STS using WIF. AD FS 2.0 is itself built on WIF. WIF makes it easy to build your own STS; however, it also provides extensibility points to implement your own authentication logic based on your business requirements.

This section contains topics that discuss building a Security Token Service (STS).

1. Building an STS

2. How to: Build an ASP.NET STS

3. How to: Build a WCF STS

4. Claims Issuance Pipeline

5. WIF Tracing

6. What is an IP-STS and what is a RP-STS?