Posting a WSTrustClient token to Geneva Server


  • Here are the scenario components:

    An organization with two non-trusting but internal AD domains, each with a Geneva Server (GS) STS
    An external RP
    PassiveFederation using browsers and forms-based auth

    The customer has strict requirements about hiding the fact that there are two STS's "behind the scenes". In the default configuration for this scenario, the RP redirects to the "primary" GS. Normally this would cause ipselection.aspx.cs to be used where the user has to choose an STS. Customer hates this.

    What I'm trying to do is bypass ipselection and go straight to formssignin.aspx. There I'll examine the credentials. If the credentials are for the primary domain all is well. If the credentials belong to the second domain (fronted by the secondary STS) I'll request a token using WSTrustClient. So far so good and this part seems to be working.

    Now, what I need to do to finish the scenario is POST the acquired token back to the primary GS so that it completes the sequence and eventually returns the browser back to the RP. I have no idea how to do that and can't find a sample that seems to apply.

    Does anyone have any kind of hint at all on how to do this post?

    Thanks much in advance!
    Thursday, October 08, 2009 11:28 PM