1. The client sends a SOAP message to the Web Service
2. The Web service has a policy that requires a token. Upon receiving the request, the service checks if it has a security token. If the token is absent, the Web service asks the client to obtain a token from a trusted STS.
In the examples, the client side is aware of what kind of token the STS has to provide, but I wonder if there is any kind of handler or configuration to deal with this scenario, in which the client doesn´t know anything about the server side policies until the WS asks to obtain a token.