I've a Custom IP-STS(non-ADFS) for passive federation scenario. For an active client I've created custom IP-STS for active federation referring to http://msdn.microsoft.com/en-us/library/hh446531.aspx . However, I'd like to use a single IP-STS for both passive and active clients. How do we handle this with a common FederationMetadata.xml since the entityIds(endpoints) should be different for active and passive scenarios? And what are the changes we need to make in order to use a single STS for both?
Passive federation endpoint: "https://localhost/MyCustomIdp" - Clients will be redirected to Login page.
Active federation endpoint: "https://localhost/MyCustomIdp/Service.svc" - Clients will pass credentials to this service. The service has a ws2007HttpBinding endpoint and returns SAML token for given credentials after validation.
Look at the ADFS metadata - you'll see both passive and active endpoints.
In terms of how to implement it, have a look at Thinktecture IdentityServer.