So I've got a working STS based on the work provided by the XMLDAP code- great work by the way. Issuing card and pulling user info from an LDAP, I'm really happy about how things are coming together.
Now if I can just get X509 authentication working. I've hit a few issues along the way, but the cards are kinda working now- they're at least importing correctly. I'm issuing cards with X509Credential identified with a SHA-1 hash of the certificate I want to use, but the Windows CardSpace client goes brain-dead when trying to find the certificate I specified. I browsed the MSDN forums looking for a solution, and I'm hoping that someone can clear up why this is happening.
I'm a bit frustrated at the problems I've been hitting; not because I because I have any expectation of a seamless development/integration process, but because I don't have the ability to examine the CardSpace client. As the de facto reference implementation for identity selectors, not supporting it is simply not an option (my personal admiration for the XMLDAP selector aside). Perhaps I've just been spoiled by the ability to load open source products into a debugger and figure out why things are breaking, but I hate being hamstrung by an issue that I could likely figure out with a bit more visibility.
Please, Microsoft- provide more context and detail on the client logging. A namespace error leading to an entry of "Inner Exception: 'None' is an invalid XmlNodeType. Line 1, position 1." isn't terribly helpful. I realize that this is a V1 release, but this is painful. When attempting to use the corrected card using X509, the client dies with a dialog box stating "The certificate associated with this card could not be found" and not so much as an log entry for an undoubtedly loggable event.