Purchase a STS or create my own?

Jun 20, 2011 at 3:34 PM

I'm researching Claims based authentication.  One topic coming up repeatedly is purchasing a STS instead of creating your own.  Our company would insist on installing an on-premise STS but I haven't located one we can purchase as a software package.

Do most companies create their own STS instead of purchaing one?

Jun 20, 2011 at 5:47 PM

I guess this depends on your requirements.

The big vendors all have token services that are fine tuned to one or the other identity store. The obvious choice for Microsoft environments (with Active Directory installed) would be ADFS2. An example of a more general purpose STS would be Ping Federate.


Jun 20, 2011 at 6:07 PM
Edited Jun 20, 2011 at 6:08 PM

We are using Active Directory and need to consolidate two other account silos (from legacy apps).  I thought I could use WIF, ADFS2, and possibly AD LDS to leverage Active Directory.

I haven't built a STS before, so I don't know how big a job it is or what risks are involved.  I'm leaning toward building our own STS, but need to make sure that's the best option.  

I'm winding my way through this tutorial.  The instructor suggests  purchasing an STS several times.

Jun 21, 2011 at 5:20 AM

The rule of thumb is: if a product fits your needs, use the product. Only build your own STS when you have to.

In your case i would use ADFS2 for all of your AD users (ADFS2 is free when you own a Windows Server license, btw). Then either migrate your silos to AD - or use a more specialized STS / buy an STS for these silos.

That STS would then plugin as a "claims provider" in your main STS (== ADFS).