I've been working on some Windows Identity Framework project and have been using the cool localSTS tool for claims authentication. The one thing I did notice is that the web.config for the project is overridden when the localSTS is configured. After my project was running correctly, I went in and added some claims to the existing configuration. When I started the project again the Windows Cardspace app popped up and there was a message
"Incoming policy failed validation."
Took me forever to figure out that the localSTS config replaced the existing issuermetadata element with
<issuerMetadata address="https://localhost/adfs/services/trust/mex" />
The address should be something like https://localsts:port/wsTrustSTS/mex
Print | posted on Monday, August 12, 2013 2:24 PM