Introduction

This is an extension of the Identify*STS endpoint IssuedTokenSymmetricBasic256Sha256 which allows the exchanged token to be run through the authentication connection’s pipeline before issuing another security token

How to do

There is an option on WS-Trust connection called “Allow runing authentication pipeline for IssuedTokenSymmetricBasic256Sha256 endpoint”. When it is enabled, Identify*STS will try to look up authentication connection with the exchanged token’s issuer. If such a connection is found, it will run the exchanged token through own pipeline before passing it on to the protocol connection’s pipeline.