I have a user directory in AD LDS. Clients have issued smart cards with x.509 client certs on them. There is a value in an AD LDS field (employeeid) that matches a value in the client certificate subject. Looking for a way to authenticate with that value. Would a custom STS provide that? I would need to parse the value out of the subject of the client cert and match it to the AD LDS field and issue a token. Looking for a way forward on this. Very new to this type of authentication.
Thanks.