Sign-on STS

Sign-on STS is a software component, from the collection of the core security components of the NextGrid architecture, for credential translation and identity mapping. The Sign-on STS is a Web Service that issues security tokens as defined by the WS-Trust specification. This service can be used when a security token is not in a format or syntax understandable by the recipient. The Sign-on STS can exchange the token for another that is comprehensible in recipient domain. For example, if the user holds a Kerberos ticket asserting their identity, but the target service needs an X.509 certificate or a SAML assertion, the Kerberos ticket can be presented to Sign-on STS, which will issue the holder with an equivalent X.509 certificate or SAML assertion asserting the same identity.