I am faced with a project that uses custom authentication via a WCF service that returns a set of claims based on some data identifying a user, close to user name and password. Then on top of this, I have a custom STS, derived from Microsoft.IdentityModel.SecurityTokenService, that resides in an ASP.NET web site project. This project looks like it was created with the VS2010 template, and not carefully had-crafted.
My gut feeling, and lots of on-line advice tell me that this web site STS project is very far from production ready. I am now looking for an MVC based STS that I can use in anticipation of being production ready. TinkTecture's IdentityServer looks promising, but it is so much more than simply implementing a custom derivation of SecurityTokenService, I have no idea where to start. If somebody could steer me toward an open project or walk-through that does this, or offer some guidance as to where and how I can start extending or modifying Identity Server, that would be great.
Have you looked at the MSDN article by Michele Leroux Bustamante?
It's a little old and based on WCF, but it has code accompanying it.
Building A Custom Security Token Service
If you want ASP.NET based example, Microsoft published this: ASP.NET Security Token Service Web Site
There's also this STS project on CodePlex.