I am following this tutorial which shows how to build a claims aware ASP.NET WebForms app, with a page that "displays the claims in the token that was issued to you by the Security Token Service".

Note that the tutorial "does not have detailed instructions for creating a Security Token Service (STS), and assumes you have already configured an STS."

Now I followed the tutorial but I did not setup an STS myself. When I ran the web app I saw a claim on that page, specifically:

Claim Type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Claim Value:

Claim Value Type:http://www.w3.org/2001/XMLSchema#string

Claim Subject Name:

Claim Issuer:LOCAL AUTHORITY

Since I didn't setup an STS, where did this claim come from?

In my web.config I have:

  <system.identityModel>
    <identityConfiguration>
      <audienceUris>
        <add value="http://localhost:28503/" />
      </audienceUris>
      <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
        <trustedIssuers>
          <add thumbprint="1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ1234" name="YourSTSName" />
        </trustedIssuers>
      </issuerNameRegistry>
      <certificateValidation certificateValidationMode="None" />
    </identityConfiguration>
  </system.identityModel>

  <system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="false" />
      <wsFederation passiveRedirectEnabled="true" issuer="http://localhost:13922/wsFederationSTS/Issue" realm="http://localhost:28503/" reply="http://localhost:28503/" requireHttps="false" />
    </federationConfiguration>
  </system.identityModel.services>

But neither localhost:13922 nor localhost:28503 serve anything. (My web app is hosted at http://localhost:59392/)