ADFS Issuer information (service-2-service call)

Question

I have a similar scenario to the IdentityDelegationScenario in the WIF SDK.  A client calls service A which reads the token and calls service B.  My client is a Silverlight cient while the SDK's is not -- the possibly important difference is key type, Bearer versus symetric.

What I can't figure out is how to fill in the <Issuer> information for ADFS. 

Here's the SAMPLE binding information - what I'm looking at is in BOLD below, what is the equivalent AD FS values??

        <binding name="CustomBinding_IService2">
          <security authenticationMode="IssuedTokenForCertificate" defaultAlgorithmSuite="Default" includeTimestamp="true" keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10" requireDerivedKeys="true" requireSignatureConfirmation="true" securityHeaderLayout="Strict">
            <issuedtokenparameters keyType="SymmetricKey" tokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1">
              <issuer 
		address="http://localhost:6000/STS" 
		binding="ws2007HttpBinding" 
		bindingConfiguration="http://localhost:6000/STS">
              </issuer>
              <issuermetadata address="http://localhost:6000/STS/mex"></issuermetadata>
            </issuedtokenparameters>
            <localclientsettings cacheCookies="true" cookieRenewalThresholdPercentage="60" detectReplays="true" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite" reconnectTransportOnFailure="true" replayCacheSize="900000" replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00" sessionKeyRolloverInterval="00:05:00" timestampValidityDuration="00:05:00"></localclientsettings>
            <localservicesettings detectReplays="true" inactivityTimeout="00:02:00" issuedCookieLifetime="10:00:00" maxCachedCookies="1000" maxClockSkew="00:05:00" maxPendingSessions="128" maxStatefulNegotiations="128" negotiationTimeout="00:01:00" reconnectTransportOnFailure="true" replayCacheSize="900000" replayWindow="00:05:00" sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00" timestampValidityDuration="00:05:00"></localservicesettings>
            <secureconversationbootstrap></secureconversationbootstrap>
          </security>
          <textmessageencoding maxReadPoolSize="64" maxWritePoolSize="16" messageVersion="Default" writeEncoding="utf-8">
            <readerquotas maxArrayLength="16384" maxBytesPerRead="4096" maxDepth="32" maxNameTableCharCount="16384" maxStringContentLength="8192"></readerquotas>
          </textmessageencoding>
          <httptransport allowCookies="false" authenticationScheme="Anonymous" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" manualAddressing="false" maxBufferPoolSize="524288" maxBufferSize="65536" maxReceivedMessageSize="65536" proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true"></httptransport>
        </binding>

The Issuer value I'm using in ADFS is as follows (though I've tried many others)

<issuer 
address="http://myADFSServer.com/adfs/ls" 
binding="ws2007HttpBinding" 
bindingConfiguration="http://myADFSServer.com/adfs/ls">
</issuer>

the error I get back is

The binding to use to communicate to the federation service at 'http://myADFSServer.com/adfs/ls' is not specified.

Any help?

Answer 1

Ping! Is there anyone making WCF to WCF service calls using AD FS token based security?  If so, can you tell me what your Issuer address settings are?

<issuer address="http://myADFSServer.com/adfs/ls" binding="ws2007HttpBinding" bindingConfiguration="http://myADFSServer.com/adfs/ls"></issuer>

Tim