WS-Trust STS accepts SAML tokens issued by a third-party STS for authentication. The tokens can be in SAML 1.1 or SAML 2.0.
Workflow:
A web service client sends a RST to third-party STS. The third-party STS returns a SAML token to the client in the RSTR.
The web service client uses SAML token issued by the third-party STS and requests WS-Trust STS to grant access to resources hosted on the web service provider.
WS-Trust STS authenticates the client using the third-party SAML token and issues a new SAML token.
The web service client uses this new SAML token to get access to resources hosted on the web service provider.
The web service provider validates the SAML token with WS-Trust STS.
The web service client can access resources on the web service provider if the SAML token is valid.