What is STS and how this impacts a development team?
What is Secure Token Service (STS)
STS isn't something I deal with much, but let me try to help.
STS is a service that can issue, validate, renew, and cancel security tokens. These tokens are used to authenticate users to web applications. Because it is an open standard, developers can use it without having to pay.
Developers would use this to provide single sign-on capabilities to their web application. The application doesn't authenticate the user. Instead it redirects the user to the STS, which authenticates the user and issues a security token. The client then presents the token to the application for authentication. The token includes the authentication information about the user, and has a validity period and can be reused until it expires.
Here are a couple of links for more information:
https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-create-a-security-token-service#:~:text=The security token service must determine the following,the requester's expectations with respect to key material.
Hope this helps!