I’ve had a very frustrating few months at work. My current project is WCF and WSE 3.0 interoperability using SAML tokens for authentication (if you don’t know what any of those are, just skip those post). The initial problem was that WCF was failing to load the SAML token from the messsage, I discovered that the SAML tokens issued by WSE aren’t quite standard and was able to adjust. Next, it couldn’t validate the digital signature on the token. This turned out to be a configuration problem, again, make adjustments and move on. Now we’re onto the real problem, WCF won’t validate a message signature when the message is signed using a SAML token. It knows about the SAML token, it’s decrypted the key information embedded in the token, it just won’t use it for message signature validation. The one useful response I’ve gotten to the problem on the MSDN forums is that WCF is treating the SAML token as a secondary token and therefore won’t use it for signature validation. The question I have is “Why?”, why would the SAML token be considered the secondary token when it’s the only token in the message!? So, if anybody out there stumbles across this post and has an answer, please let me know in the comments!