Thank you for all the help. :)

I did some research myself during the last few months and I learnt a lot about the identity management stuff. Many of that also thanks to the guys from IdentityServer (and their other projects).

What I finally did was the following (very briefly):

• IdentityServer is used as a provider for all client applications. The cookie and OIDC middleware are used.
• I used the ASP.NET Identity user service to store the users in an SQL Server database. (The IdentityServer configuration is by the way also stored in a database.)
• I set up a Web API service that uses the ASP.NET Identity user manager for user configuration (change password, create new users, ...). It uses bearer authentication with the application with IdentityServer as provider.
• As a side note, IdentityManager is used as an internal admin tool to manage all the users.

If anyone is looking for some help setting up his / her identity management system (and thinks I can help): please ask. ;)

Many articles on active profile e.g. Federated Security: How to setup and call a WCF service secured by ADFS 2.0. But that article assumes you want to use AD?

I'm guessing you want to use ASP.NET Identity for the provisioning?

IdentityServer OOTB supports a SQL DB and has basic user provisioning built in. It allows users to authenticate against the DB and supports WIF.

This scenario is also close to what you need, take a look at the answers:

How to implement an OWIN Authentication server with a MVC Web Api content server and an Android end-user apk

I also recommend reading this article: Decouple OWIN Authorization Server from Resource Server