My Web Application is Load Balanced, I went through some posts and found that I need to add the following code in global.asax for a Relying Party

FederatedAuthentication.ServiceConfigurationCreated +=                new EventHandler<ServiceConfigurationCreatedEventArgs>(FederatedAuthentication_ServiceConfigurationCreated);

Problem that I face is after some requests the user gets logged out. If STS is not load balanced but the Relying Parties are load balanced everything works fine.

Any idea on this issue.

Well - once the RP has the token, the STS has nothing to do with the request. So I don't think it has anything to do with IdSrv.

What are you doing in the event handler that you describe above?

This is what i am doing

var z = new X509Store(StoreName.My, StoreLocation.LocalMachine);var cookieProtectionCertificate = CertificateUtil.GetCertificate(StoreName.My,StoreLocation.LocalMachine, "CN=myTestCert");

e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(                new SessionSecurityTokenHandler(new System.Collections.ObjectModel.ReadOnlyCollection<CookieTransform>(                    new List<CookieTransform>                     {                         new DeflateCookieTransform(),                         new RsaEncryptionCookieTransform(cookieProtectionCertificate),                         new RsaSignatureCookieTransform(cookieProtectionCertificate)                     })                ));

Well - looks OK. 

As I said - once you are back at the RP, the STS is out of the game.

Do i need to add this in STS too?

FederatedAuthentication.ServiceConfigurationCreated +=                new EventHandler<ServiceConfigurationCreatedEventArgs>(FederatedAuthentication_ServiceConfigurationCreated);

I am already doing that by default. In global.asax IIRC

I guess you mean this piece of code

FederatedAuthentication.ServiceConfigurationCreated += (s, e) =>            {                if (!string.IsNullOrWhiteSpace(ConfigurationRepository.SigningCertificate.SubjectDistinguishedName))                {                    e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(                        new X509CertificateSessionSecurityTokenHandler(ConfigurationRepository.SigningCertificate.Certificate));                }            };

My other question is in that case do you need machinekeys in STS and RP's?

I have the machine key only in STS.

Just to be very clear - your problem is in the RP right? Not in the STS?

Yeah, I feel so that when the request goes on the other server it is not able to read information from the cookie

When I added the machine key in the RP along with the CookieTransformation code it didn't even log in hence a bit confused

The machine key is not used. Have you turned on tracing for WIF? That might reveal more info.

When the request goes on WebServer #2 in a Load balanced environment I am able to get the appropriate SAML Token information. It seems that it fails while trying to Validate the Security Token. The validation is tried many times.

Since this is a general WIF issue - I'd recommend posting to

http://social.msdn.microsoft.com/Forums/en-US/Geneva/threads

Still - without turning tracing on and showing us the exact error message, we can't help you.

where do i send the trace file

Well - first of all - have a look at it.

Isolate the events - any errors? etc...

I get OnEndRequest is redirection to IdentityProvider '/WebServices/AdminService.asmx/GetAnnouncement'