You can use the generic security token login modules to issue, validate, and exchange security tokens using an external Security Token Service (STS).