Ah. Sweet success. Finally. A InfoCard compliant STS which issues credentials from a LDAP backend based on X509 credentials. A pursuit which was wonderfully enlightening, painfully tedious, and maddening at times. Thanks to an idiotic obsession to complete this thing and some limited help received from a Java PingIdentity guy on the MSDN forums about proper certificate hashing ( ! ), I've got a working proof of concept based on the work of the XMLDAP work . As I close the compiler and take a few

I'm still having fun in my IDP quest. I've successfully navigated the X509V3Credential issue thanks to some help from the MSDN board and despite some apparently bad or outdated MS doco . What does that mean? I'm accepting requested along with a client certificate (which I trust), which is then included into the card I issue. When the user selects the card, the CardSpace client will retrieve the certificate from the appropriate store and use it for authentication back to the IDP. The IDP will retrieve

So I've got a working STS based on the work provided by the XMLDAP code- great work by the way. Issuing card and pulling user info from an LDAP, I'm really happy about how things are coming together. Now if I can just get X509 authentication working. I've hit a few issues along the way, but the cards are kinda working now- they're at least importing correctly. I'm issuing cards with X509Credential identified with a SHA-1 hash of the certificate I want to use, but the Windows CardSpace client goes