Overview
The M2 milestone of the Stonehenge StockTrader Sample Application introduced a set of implementations that utilized claims-based authorization and federated identity. As a component in the sample, the Active Security Token Service (STS) provides support for federated identity and claims-based authentication.
Implementation
The Active STS is a web service relied upon by the Business Service, the Relying Party (RP), to translate claims about the user as issued by the Passive STS. In the case of the StockTrader Sample, the Active STS simply reasserts all of the claims provided by the caller.
The only claim that the Business Service ultimately cares about is the http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier claim, which it uses as the user name for all of its operations. Since the user name is in the format of username@stonehenge.com, the business service takes only the value before @ as being part of the user name.