SAML token from external STS leads to error


I'm trying to figure out what's going on in our ASP.NET 2.0 app here.
We're using .NET 3.0 WCF to communicate with tons of external web

So far, we've been using Forms Authentication against our custom store
to authenticate users, and when they are authenticated, we issued a
SAML token for calling a plethora of webservices later on. Works like
a charm.

Now, we're about to switch to using an external STS (Security Token
Server) to get our SAML tokens from - the users get authenticated
against an Active Directory store, we get a SAML token for the user
principal, and then off we should go.

Should - because on the call to "RedirectFromLoginPage" in the Forms
auth mechanism, we now suddenly get an error:

"Unable to encrypt the authentication ticket. Try changing the
decryption key configured for this application."

Any ideas what the heck that is, where it comes from, and how to deal
with it??

Any hints and pointers would be most welcome !