I have a web application and would want it to be secured using a Custom STS using Windows Identity foundation 3.5. All examples have a passive STS in scene. Why is this needed? and What happens if you call the Active STS 9Custom written using WIF) directly?
Normally you use passive federation for web application, because web clients are unable to emit proper SOAP hence got the label "Passive Requestor", while anything able to produce proper SOAP got the label "Active Requestor" and can use Active Federation without problems. There are luck of samples of this on internet, but check Vittorio Bertocci's blog, there you can find great articles about active and passive federation.