The inner FaultException goes something like: System.ServiceModel.FaultException: The message could not be processed because the action ‘http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT’ is invalid or unrecognized.
It’s caused by WCF service configured to not communicate in WS-SecureConversation while the client is. Or vice versa. In my case, the client is an ASP.NET MVC 4 application that is trying to pass token (identity delegation) over to a WCF 4.5 service through WSTrustChannelFactory protocol.
Both of the client and the service must be configured to use same security context. If you want to turn WS-SecureConversation off, turn off on both config. Same applies to turning on WS-SecureConversation.
<ws2007FederationHttpBinding> <binding> <security mode="TransportWithMessageCredential"> <message establishSecurityContext="false" /> </security> </binding> </ws2007FederationHttpBinding>