Hello,
I'm trying to figure out when resource sts is really needed and why. So far I have found two possible reasons.
If there is many resources and many identity organizations the resource sts can simplify trust configurations between those resources and identities. That is ok. (https://blogs.msdn.microsoft.com/card/2007/12/17/about-relying-party-stss-a-k-a-what-is-requirefederatedidentityprovisioning/)
And other reason is when trying to achieve federated web SSO. (https://technet.microsoft.com/fi-fi/windows-server-docs/identity/ad-fs/design/review-the-role-of-the-federation-server-in-the-resource-partner). But that requirement leads to that federated web
SSO experience also needs for.ex AD at resource site. And private network and so on. That's sounds odd. Internet facing web-site is suddenly expanded to two networks, firewall and ad and ad controller(s), and federation server(s) and federation server
proxy(s). Is that real technical requirement I do not understand?
BR
cobaltest
