By default Metro STS always generates SAML assertions with
holder-of-key subject confirmation.
How do i get STS to generate SAML assertion with sender-vouches
subject confirmation ?
Is there sample on how to use it?
Clarification for the Sender-Vouch use case (from discussion
http://metro.1045641.n5.nabble.com/Need-clarification-on-SAML-Sender-Vo uches-vs-Holder-of-Key-methods-td1060355.html) :
" A=end user, B=web service client, C=STS, D=web service
A != B:
B calls C to get an SAML assertion on behalf of A to access D. So B
supplies its own certificate to C as well and also put the
username/password of A in a sub-element OnBehalfOf in the request
message, C create an SAML assertion with C's identity in the assertion,
and C also signs the assertion. The B send the assertion to D and use
server's certificate and/or B's certificate to secure the message. This
is Sender-Vouch case."