A security token service (STS) is the service component that builds, signs, and issues security tokens. It can issue Kerberos, RSA, X.509, SAML 1.1, and SAML 2 tokens, or it can issue custom tokens. You can use a cloud STS such as a LiveID STS, a pre-built STS such as Active Directory® Federation Services (AD FS) 2.0, or, if you want to issue custom tokens or provide custom authentication or authorization, you can build your own custom STS using WIF. AD FS 2.0 is itself built on WIF. WIF makes it easy to build your own STS; however, it also provides extensibility points to implement your own authentication logic based on your business requirements.
This section contains topics that discuss building a Security Token Service (STS).