Continuing the discussion from Autentication against Windows Identity Foundation:
I found an alternate way to work on this: according to the documentation my customer provided, there's a legacy system that can take care of the process; all I have to do is provide a security token and a URL to visit if the authentication succeeds. The legacy system will return the security token so I can check it.
At this point I can consider the user to be authenticated and I can use Plone standard session tracking mechanism as described in plone.session.
I need to use that information to allow access to forms used to construct queries for other systems using web services.
Does anybody here has worked on a similar solution? Do you have some sample code I can study?