Introduction

This is an extension of the Identify*STS endpoint IssuedTokenSymmetricBasic256Sha256, which allows the exchanged token to be run through the Authentication Connection’s pipeline before issuing another security token.

How to do

There is an option on WS-Trust connection called “Allow running authentication pipeline for IssuedTokenSymmetricBasic256Sha256 endpoint.” When it is enabled, Identify*STS will try to look up the Authentication Connection with the exchanged token’s issuer. If such a connection is found, it will run the exchanged token through its own pipeline before passing it on to the Protocol Connection’s pipeline.