Пользовательский ServiceHostFactory с использованием WCF и.net 4.5

public class WSTrustServiceHostFactory : ServiceHostFactory
{

     public static Binding CreateIssuedTokenForCertificateBinding(string acsCertificateEndpoint)
    {
        //http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
        BindingElementCollection bec = new BindingElementCollection();
        bec.Add(SecurityBindingElement.
            CreateIssuedTokenForCertificateBindingElement(
            new IssuedSecurityTokenParameters("samlTokenType", new EndpointAddress(acsCertificateEndpoint))));
        bec.Add(new TextMessageEncodingBindingElement());
        bec.Add(new HttpTransportBindingElement());
        return new CustomBinding(bec);
    }


    protected override System.ServiceModel.ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses)
    {
        if (serviceType == null)
            throw new ArgumentNullException("serviceType cannot be null");

        if (baseAddresses.Count() == 0)
            throw new ArgumentException("baseAddresses must have at least 1 member.");

        string acsCertificateEndpoint = "https://acs url ...."



        WSFederationHttpSecurityMode securityMode = WSFederationHttpSecurityMode.TransportWithMessageCredential;
        if ( debugging )
        {
            securityMode = WSFederationHttpSecurityMode.Message;
        }


        ServiceHost serviceHost = new ServiceHost(serviceType, baseAddresses);

        //IssuedTokenWSTrustBinding issuedTokenWSTrustBinding = new IssuedTokenWSTrustBinding(
        //    new CertificateWSTrustBinding(securityMode),
        //    new EndpointAddress(acsCertificateEndpoint));


        System.IdentityModel.Configuration.IdentityConfiguration serviceConfiguration = 
            new System.IdentityModel.Configuration.IdentityConfiguration();



            serviceHost.Credentials.ServiceCertificate.Certificate =  // fetch acs decryption certificate;


            acsSigningCertificate = //fetch acs signing certificate.

        ConfigurationBasedIssuerNameRegistry issuerNameRegistry = new ConfigurationBasedIssuerNameRegistry();

        issuerNameRegistry.AddTrustedIssuer(acsSigningCertificate.Thumbprint, acsSigningCertificate.SubjectName.Name);
        serviceConfiguration.IssuerNameRegistry = issuerNameRegistry;

        serviceConfiguration.AudienceRestriction.AudienceMode = System.IdentityModel.Selectors.AudienceUriMode.Always;

        serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;

        serviceConfiguration.SecurityTokenHandlers.AddOrReplace(new Saml2SecurityTokenHandler());

        // wif 3.5 //serviceHost.AddServiceEndpoint(serviceType.GetInterfaces()[0], issuedTokenWSTrustBinding, String.Empty);
        serviceHost.AddServiceEndpoint(serviceType.GetInterfaces()[0], CreateIssuedTokenForCertificateBinding(acsCertificateEndpoint), String.Empty);

        //var creds = serviceHost.Description.Behaviors.Find<ServiceCredentials>();
        // creds.UseIdentityConfiguration = true;
        //creds.IdentityConfiguration = serviceConfiguration;

        serviceHost.Credentials.UseIdentityConfiguration = true;
        serviceHost.Credentials.IdentityConfiguration = serviceConfiguration;
        // <--wif 3.5 FederatedServiceCredentials.ConfigureServiceHost(serviceHost, serviceConfiguration);  -->

        if (RegionConfiguration.GetSetting<bool>(Settings.CLIENTSERVICES_INCLUDE_EXCEPTION_DETAILS))
        {
            if (serviceHost.Description.Behaviors.Find<ServiceDebugBehavior>() == null)
            {
                serviceHost.Description.Behaviors.Add(new ServiceDebugBehavior());
            }
            serviceHost.Description.Behaviors.Find<ServiceDebugBehavior>().IncludeExceptionDetailInFaults = true;
        }

        return serviceHost;
    }

}
Есть идеи, что здесь происходит?