ssl - WCF service and Thinktecture Identity server -

im using thinktecture identityserver security token service im trying set scenario have client using wcf service. i'm stuck @ point next error:

messagesecurityexception unsecured or incorrectly secured fault received other party. see inner faultexception fault code , detail. innerexception @ least 1 security token in message not validated. 

i've setup sts on win2008 server , working correct working mvc site. wcf service cant work. i'm using bearerkey securitykeytype. token in client app function requesttoken(). here wcf service config:

<system.servicemodel>     <services>       <service name="claimwcfservice.service1">         <endpoint address="claimwcfservice" binding="ws2007federationhttpbinding" bindingconfiguration="" contract="claimwcfservice.iservice1" />         <host>           <baseaddresses>             <add baseaddress="https://anno99-pc/"/>           </baseaddresses>         </host>       </service>     </services>       <bindings>       <ws2007federationhttpbinding>         <binding name="">           <security mode="transportwithmessagecredential">             <message establishsecuritycontext="false" issuedkeytype="bearerkey">                <issuermetadata address="https://serveradress/idsrv/issue/wstrust/mex" />             </message>           </security>         </binding>       </ws2007federationhttpbinding>     </bindings>     <behaviors>       <servicebehaviors>         <behavior>           <servicemetadata httpgetenabled="true" httpsgetenabled="true" />           <servicedebug includeexceptiondetailinfaults="true" />           <serviceauthorization principalpermissionmode="always" />           <servicecredentials useidentityconfiguration="true">           <servicecertificate findvalue="anno99-pc" storelocation="localmachine" storename="my" x509findtype="findbysubjectname" />           </servicecredentials>         </behavior>       </servicebehaviors>     </behaviors>     <protocolmapping>       <add scheme="http" binding="ws2007federationhttpbinding" />     </protocolmapping>     <servicehostingenvironment aspnetcompatibilityenabled="true" multiplesitebindingsenabled="true" />    </system.servicemodel>    <!-- config sts -->   <system.identitymodel>     <identityconfiguration>       <audienceuris>         <add value="https://anno99-pc/claimwcfservice/service1.svc" />       </audienceuris>       <!--commented identity , access vs package-->       <certificatevalidation certificatevalidationmode="none" />       <issuernameregistry type="system.identitymodel.tokens.validatingissuernameregistry, system.identitymodel.tokens.validatingissuernameregistry">         <authority name="http://identityserver.v2.wkp.com/trust/wkp">           <keys>             <add thumbprint="a540ad5b90b8459e919b39301b89f279a3aaeadb" />           </keys>           <validissuers>             <add name="http://identityserver.v2.wkp.com/trust/wkp" />           </validissuers>         </authority>       </issuernameregistry>     </identityconfiguration>   </system.identitymodel> 

this client: console app.

static void main(string[] args) {    var token = requesttoken();    callservice(token); }   static string _idsrvendpoint = "https://serveradress/idsrv/issue/wstrust/mixed/username";  static string _realm = "https://anno99-pc/claimwcfservice/";   private static void callservice(securitytoken token)  {      var serviceendpoint = "https://anno99-pc/claimwcfservice/service1.svc";       var binding = new ws2007federationhttpbinding(wsfederationhttpsecuritymode.transportwithmessagecredential);      binding.security.message.establishsecuritycontext = false;      binding.security.message.issuedkeytype = securitykeytype.bearerkey;       var factory = new channelfactory<iservice1>(binding,             new endpointaddress(serviceendpoint));      factory.credentials.supportinteractive = false;      factory.credentials.useidentityconfiguration = true;       var channel = factory.createchannelwithissuedtoken(token);          var data = channel.getdata(1);  }   private static securitytoken requesttoken()  {      var binding = new usernamewstrustbinding(securitymode.transportwithmessagecredential);       var credentials = new clientcredentials();      credentials.username.username = "username";      credentials.username.password = "password";       return wstrustclient.issue(             new endpointaddress(_idsrvendpoint),             new endpointaddress(_realm),             binding,             credentials);  } 

if me, great.

after googling , trying, got work. had change these parts of configuration.

  <services>       <service name="claimwcfservice.service1">         <endpoint address="" binding="ws2007federationhttpbinding" bindingconfiguration="" contract="claimwcfservice.iservice1" />       </service>     </services>        <behaviors>       <servicebehaviors>         <behavior>           <servicemetadata httpgetenabled="true" httpsgetenabled="true" />           <servicedebug includeexceptiondetailinfaults="true" />           <serviceauthorization principalpermissionmode="always" />           <servicecredentials useidentityconfiguration="true">           </servicecredentials>         </behavior>       </servicebehaviors>     </behaviors>    <system.identitymodel>     <identityconfiguration savebootstrapcontext="true">       <audienceuris>         <add value="https://anno99-pc/claimwcfservice/" />       </audienceuris>        <certificatevalidation certificatevalidationmode="none" />       <issuernameregistry type="system.identitymodel.tokens.configurationbasedissuernameregistry, system.identitymodel, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089">         <trustedissuers>           <add thumbprint="a540ad5b90b8459e919b39301b89f279a3aaeadb"                name="idsrv" />         </trustedissuers>       </issuernameregistry>      </identityconfiguration>   </system.identitymodel> 

i hope helps someone