How to use SharePoint 2010 STS as Identity Provider

Question

I want to used SharePoint 2010 STS with the role of an IdentityProvider for a standalone ASP.NET application.

How can I do that?

Update: My requirement is the following: build and ASP.NET app that uses the users in SharePoint for authentication and provide a SingleSignOn with SharePoint. The app will be opened in a iFrame inside a SP page. If authentication settings in SP change (besides ADFS it will federate over another IdP) ASP.NET app should not suffer changes. Knowing that SP 2010 provides a STS I want to use it with the role of IdP with passive federation.

Answer 1

I don't think the STS included in SharePoint is meant to be used as a general purpose IdP. It is more of an RP-STS than anything else. Even if you make it work, it might not be a supported configuration. If you are using AD, a better option is to use ADFS.

Building a (production ready) STS from scratch with WIF is possible, but not a trivial task. So the general recommendation is to use one that is already tested and design for that (e.g. ADFS, ACS on the Microsoft world, or from some other vendor). If you still want to build one, then start with something like StarterSTS or IdentityServer.

Answer 2

For ASP.NET you may need to write a Custom STS (For issuing tokens) using WIF.. Here are few articles that might help:

http://weblogs.asp.net/gunnarpeipman/archive/2011/02/17/5-minutes-wif-make-your-asp-net-application-use-test-sts.aspx

http://blogs.msdn.com/b/vbertocci/archive/2008/11/26/an-identity-provider-and-its-sts-writing-a-custom-sts-with-the-october-beta-of-the-geneva-framework.aspx