WIF Claims-based Identity for Legacy Login

Question

I have several legacy ASP.NET applications with custom membership providers. They also utilized external SAML based identity providers for which we have written custom clients. I am sold on the value of WIF and ADFS. The SAML identity providers will work with ADFS but we need to support the legacy membership systems.

Do I need to create a custom STS to handle the legacy authentication? If so, many developers advice against this for various reasons. Is there a template or framework which will help me make it secure and scalable? I have seen SelfSTS and StarterSTS but they both imply they are not for production use.

If not, what are the options?