Recently I implemented a POC of a custom STS using the thinktecture IdentityServerV2 core. For quick testing purposes i set up a relying party with a symmetric signing key, and got this working. Then i wanted to change this to sign with a certificate.