Here is the “official” word from Phil Haack:

“The RTM release of ASP.NET MVC will be included in the RTM release of Visual Studio 2010, which is slated for some time in March. The VS2008 version of ASP.NET MVC 2 might release earlier than that. We’re still working out those details.”

http://technet.microsoft.com/en-us/library/ee126138(WS.10).aspx

Looks like you can do the same endpoint configuration using PowerShell.

1. We had originally done just as you said — pointed the IIS virtual directory to the custom application. This was with Beta 2 when the site was found under /FederationPassive. With the RC and the new /adfs/ls folder structure, it seemed a little messier to change a sub-folder so that’s when I started looking for a way to change the AD FS configuration. In the end, it may be a little more work, but it seems cleaner to me.

2. I hadn’t looked to see if there were any PowerShell methods, but if somebody finds one, that would be excellent.

3. If I’m following you correctly, I understand that the STS URI is fairly arbitrary from the RP standpoint. However, the Metadata “endpoint” in AD FS points the RP to /adfs/ls. Therefore, if you use FedUtil to setup the trust between your RP and AD FS, you will get the /adfs/ls address. This can be changed in the web.config manually, but that’s just another step for every RP app.

As far as using the out of the box login app as a starting point, that’s exactly what we did. I certainly like what Microsoft’s done with the Microsoft.IdentityServer library in the RC. It does make it fairly simple to roll your own AD FS sign-on pages. We’ve even gone as far as supporting OpenID and Facebook Connect in the login process.

* Why not simply change /adfs/ls in IIS to point to your custom login app and change it back as needed? That sounds just as easy (if not easier) than running the SQL script against WID. Is it because of audience restrictions and other policy that ADFS will apply to incoming RSTs?

* Was there anything in the PowerShell API that would have allowed you to change this endpoint? A cursory look seems like no.

* The RPs are configured to point to an issuer w/ an arbitrary URI — anything not necessarily …/adfs/ls. So, whatever Web app that refers to is the passive STS that that RP will redirect subjects to. Why not use the API exposed by Microsoft.IdentityServer and the login app shipped w/ ADFS as a starting point/reference to build what you need? (This is what I’ve done.)

Garrett :
As an architect, it’s a matter of understanding your development team along with the project requirements. An “architecture astronaut” may overlook these factors, and this ultimately impacts the final deliverable — working code — which is what Grady Booch summarized much better than I could.

Agreed, there are many things that drive the architecture and that includes the available skill set.