So here is the setup. I have a STS Provider and 2 ASP.NET MVC sites both trusting the same STS provider. User comes to Site A and is redirected to the STS Provider passive login, authenticates properly, and is redirected back to site ‘A’ as expected. This all works great. I can see the token and identity in code in site ‘A’ using the following:

IClaimsPrincipal claimsPrincipal = Thread.CurrentPrincipal as IClaimsPrincipal;
IClaimsIdentity claimsIdentity = (IClaimsIdentity)claimsPrincipal.Identity;

Now there is a link on site ‘A’ to site ‘B’ that truts the same STS provder. The issue is when I navigate to site ‘B’, the claim information is not present and the user is not automatically authenticated. According to the STS and WIF documentation the following should occur:

“The flow starts as usual, the user requests a page from B on site A and gets redirected to the STS to obtain a token. However, this time the user is already authenticated with
the STS site because there is an active session represented by the STS
cookie. This means the request for the STS page leads straight to execution of
the SecurityTokenService issuing sequence without showing to the user
any UI for credential gathering. The token is issued silently
and forwarded to B according to the usual sequence. From the
moment the user clicks on the link to B and the browser displays the
requested page from B, only some flickering of the address bar in the
browser will give away the fact that some authentication took place
under the hood. That’s pretty much what Single Sign-on (SSO) means:
the user went through the experience of signing in only once, and from
that moment on the system is able to gain access to further Reliable Parties
without prompting the user for credentials again.”

Does anyone know what needs to occur in either the STS Provider, Site A, or Site B explicitly to make this work correctly? Remember the STS and site ‘A’ are working perfectly; it’s just site ‘B’ is not getting the SSO ability.

Thanks!