Web application - STS identity provider integration

Question

I would like to set web application with STS identity provider correlation on.

I have prepared test web application, set all mandatory WIF data with WIF Federation utility and target the STS service. That is OK. I have received token from test STS. Now I do not know how to accomplish following scenario : User comes to application and he/she is not logged on. Log-in page is opened, user is providing credentials (user name and password) and then my page have to redirect that request to the STS service. Currently as I got WSFederationAuthenticationModule http module is automatically intercepting HTTP request and when it determine that is unauthorized it is redirecting that request to the STS. Correct me if I am wrong. Now I am confused if it is automatic action, where is the step where user is providing data ?? I would like to accomplish WS-Federation standard. As I go from there if no one cookie with issued token is present then user have to provide credentials and he/she will be redirect to the STS.

Thank you.

Answer 1

With WS-Federation - the user is providing its credentials at the STS not the application.

That's

a) by design - your app does not need to care about the password, the STS does
b) pre-req for SSO with other sites