wcf - Stuck in a Authentication redirect loop - STS/WIF -

using vs2012 .net framework 4.5, created wcf service application local sts, using identity , access plugin. goal able authenticate using browser. did far:

• added wsfam , sam modules.
• used fiddler make sure i'm getting redirect
• made sure fedauth[] cookies created.

right after cookies created (sam) i'm being redirected again sts. stuck in loop.

wcf , web services quite new me, sorry if elaborated much...

here's web.config:

    <?xml version="1.0"?> <configuration>   <configsections>     <section name="system.identitymodel" type="system.identitymodel.configuration.systemidentitymodelsection, system.identitymodel, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089" />     <section name="system.identitymodel.services" type="system.identitymodel.services.configuration.systemidentitymodelservicessection, system.identitymodel.services, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089" />   </configsections>   <location path="federationmetadata">     <system.web>       <authorization>         <allow users="*" />       </authorization>     </system.web>   </location>   <system.web>     <authorization>       <deny users="?" />     </authorization>     <authentication mode="none" />     <pages validaterequest="false" />     <httpruntime targetframework="4.5" />     <compilation debug="true" targetframework="4.5" />   </system.web>   <system.servicemodel>     <behaviors>       <servicebehaviors>         <behavior>           <!-- avoid disclosing metadata information, set value below false before deployment -->           <servicemetadata httpgetenabled="true" />           <!-- receive exception details in faults debugging purposes, set value below true.  set false before deployment avoid disclosing exception information -->           <servicedebug includeexceptiondetailinfaults="false" />           <servicecredentials useidentityconfiguration="true">             <!--certificate added identity , access tool visual studio.-->             <servicecertificate findvalue="cn=localhost" storelocation="localmachine" storename="my" x509findtype="findbysubjectdistinguishedname" />           </servicecredentials>         </behavior>       </servicebehaviors>     </behaviors>     <servicehostingenvironment multiplesitebindingsenabled="true" />     <protocolmapping>       <add scheme="http" binding="ws2007federationhttpbinding" />     </protocolmapping>     <bindings>       <basichttpbinding>         <binding name="mybinding">           <security mode="transportcredentialonly">             <transport clientcredentialtype="windows" />           </security>         </binding>       </basichttpbinding>     </bindings>     <services>       <service name="wcffamtest.service1">         <endpoint address="" binding="basichttpbinding" bindingconfiguration="mybinding" contract="wcffamtest.iservice1" />         <endpoint address="mex" binding="mexhttpbinding" contract="imetadataexchange" />       </service>     </services>   </system.servicemodel>   <system.webserver>     <modules runallmanagedmodulesforallrequests="true">       <add name="wsfederationauthenticationmodule" type="system.identitymodel.services.wsfederationauthenticationmodule, system.identitymodel.services, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089" precondition="managedhandler" />       <add name="sessionauthenticationmodule" type="system.identitymodel.services.sessionauthenticationmodule, system.identitymodel.services, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089" precondition="managedhandler" />     </modules>     <directorybrowse enabled="true" />   </system.webserver>   <system.identitymodel>     <identityconfiguration>       <audienceuris>         <add value="http://localhost:53655" />         <add value="http://localhost:53655/service1.svc" />       </audienceuris>       <certificatevalidation certificatevalidationmode="none" />       <issuernameregistry type="system.identitymodel.tokens.configurationbasedissuernameregistry, system.identitymodel, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089">         <trustedissuers>           <add thumbprint="9b74cb2f320f7aafc156e1252270b1dc01ef40d0" name="localsts" />         </trustedissuers>       </issuernameregistry>     </identityconfiguration>   </system.identitymodel>   <system.identitymodel.services>     <federationconfiguration>       <wsfederation passiveredirectenabled="true" issuer="http://localhost:15937/wsfederationsts/issue" realm="http://localhost:53655" reply="http://localhost:53655" requirehttps="false" />       <cookiehandler requiressl="false" />     </federationconfiguration>   </system.identitymodel.services>   <appsettings>     <add key="ida:federationmetadatalocation" value="http://localhost:15937/wsfederationsts/federationmetadata/2007-06/federationmetadata.xml" />     <add key="ida:providerselection" value="localsts" />     <add key="ida:enforceissuervalidation" value="false" />   </appsettings> </configuration> 

fiddler

response #10108 - sets fedauth cookies , redirects resource request #10109 - request redirected resource, using given cookies. response #10109 - result 401, redirected sts again @ #10111

i using wcf web service doesn't support these modules. switched asp.net web application, configured same way, works perfectly.