Someone raised an interesting question the other day about the ability of a WCF application, that's configured as described in Eric White's blog (http://blogs.msdn.com/b/ericwhite/archive/2010/06/18/establishing-trust-between-a-wcf-web-service-and-the-sharepoint-2010-security-token-service.aspx) and the CASI Kit Part 2 (http://blogs.technet.com/b/speschka/archive/2010/11/06/the-claims-azure-and-sharepoint-integration-toolkit-part-2.aspx). The configuration in these blogs describes modifying the web.config for the WCF so that it includes links to an issuer and issuerMetadata address, which is a SharePoint site Url, and the thumbprint for a SharePoint farm STS certificate. So if have these values coded for a single farm, can a single WCF support requests from the CASI Kit in multiple farms? Happily the answer is yes, but it does require one additional bit of configuration.
The basic elements that are configured in the WCF to build the trust between it and a SharePoint farm are:
The first two as it turns out are not a problem, because the CASI Kit base class programmatically overrides those values in the web.config, with the Url of the site from which the CASI Kit component is being invoked. So that lets us remove those two items from the blocking list. The last item is fortunately added to the web.config not as a single item, but really as one in an array of potential items. Meaning it as added with a simple <add> tag, which means it supports adding multiple thumbprints that the WCF will support. So here, for example, is what the web.config for my WCF looks like after I add support for two different farms to it:
<add thumbprint="2e074b9965abc3434c20ed0be8bfe82b03e5c9f9" name="farm2"/><add thumbprint="F53DE039BB2081E7DF6FEC03E8A644F3743A5A7C" name="app1"/>
As you can see, you can just keep adding thumbprints to the list to support as many farms as you like, and the CASI Kit will take care of the rest for you.