Sure. I will see if I can create a new patch today for not encrypting the token issued by the .NET passive STS.
Thanks Pablo. -----Original Message----- From: Chintana Wilamuna [mailto:chinta...@gmail.com] Sent: Thursday, October 22, 2009 2:50 PM To: Pablo Cibraro Cc: stonehenge-dev@incubator.apache.org Subject: Re: Token returned by the .Net passive STS Pablo Cibraro wrote: > not sure how the rest of the implementations are doing. Can that be > done in WSO2 identity server ?. It seems that it cannot be done with the latest version of the Identity Server. Since the spec doesn't mandate it, there's no easy way to do it. Is it possible not to encrypt the token? If the token is encrypted there's no way to get the DOTNET_CLIENT -> WSAS_BS scenario working. Bye, -Chintana -- http://engwar.com