I'm using thinktecture idserver 3 to auth some APIs, (STS A), now I would like to have a new STS (STS B) in a different network (probably a DMZ) and make tokens from STS B work in STS A.
The APIs uses STS A for auth but I would like to call the API with tokens from STS B.
From what I have searched, fond this
Authenticate to STS by Issued Token
it states it's possible by setting WsTrust but dont really have details and dont even know if its possible
Has anyone have done this and know the details or at least point in the right direction ?
If its like the url above, would it mean enabling ws federation on both STS and then make one trust the other one?
Note that in theory STS B wont have conectivity to STS A, maybe STS A can communicate with STS B if required. So I cant setup STS A as an identity provider to STS B