FedUtil - Federation Utility for Establishing Trust from an RP to an STS

FedUtil.exe is provided with Windows® Identity Foundation (WIF). It helps you to establish trust from a relying party (RP) application to security token services (STSes). It provides the following capabilities:

Register an existing production STS as a trusted issuer of the RP application.
Help develop a claims-aware application by offering a local STS.
Make an existing application claims-aware.
Update federation metadata for an RP application.
Schedule automatic updates of the federation metadata for an RP application.

The topics in this section show you how to do each of these tasks using FedUtil. You can also do them manually by making the same changes to your RP application’s web.config file that FedUtil makes. The topics in this section explain these changes in detail.

Note:
FedUtil uses the `WSFederationHttpBinding` from WCF when it enables WIF on a WCF service. The `WSFederationHttpBinding` does not support Web farm scenarios (for more information, see How to: Disable Secure Sessions on a WSFederationHttpBinding). Therefore, if you use FedUtil to enable WIF on a WCF service, you should programmatically use one of WIF’s built-in bindings. For more information, see Built-in Bindings Overview.

Note:

FedUtil uses the WSFederationHttpBinding from WCF when it enables WIF on a WCF service. The WSFederationHttpBinding does not support Web farm scenarios (for more information, see How to: Disable Secure Sessions on a WSFederationHttpBinding). Therefore, if you use FedUtil to enable WIF on a WCF service, you should programmatically use one of WIF’s built-in bindings. For more information, see Built-in Bindings Overview.