I am thinking of deploying the Fediz IDP and the RP in the DMZ, and hiding the STS behind the firewall. STS will be deployed behind the firewall because it has access to the credential store and deserves another layer of protection.
It appears that only the IDP needs to communicate with the STS and that is through the WS-TRUST web service? Is this an expected deployment architecture for Fediz? Many thanks, Chris
