I'm trying to create an OData service that will use authentication & authorization provided by ACS.

I was able to configure ACS but now I need to provide ability to users of the service to generate their SWT token to add it into "Authorization" header. I though to create a web page that will provide list of available IdPs and will display SWT token after successful authentication.

How to do it?

SCB's links are an excellent start here. It sounds like in addition to your OData service, you want to host a website that's capable of fetching and caching the SWT token issued by ACS so that it can be uses to make authenticated calls to your OData service on the user's behalf.

You can do this with a WIF based site like in the ACS sample but you need to provide your own custom security token handler so that it understands SWT tokens, which aren't natively supported by WIF.

Check out the april 2011 identity training kit which offers cues on how to do this. You can find SimpleWebToken and SimpleWebTokenHandler classes that build on the WIF library in the Windows Phone 7 sample for example. Check out step 38 of that walkthrough where it shows how to add the SimpleWebTokenHandler to your site's the web.config.

With all that working, you'll also want to configure saveBootstrapTokens="true" in the microsoft.identityModel/service section of your web.config as well. That way, your website can grab the SWT token like so:

SimpleWebToken swt = ((IClaimsIdentity)HttpContext.Current.User.Identity).BootstrapToken as SimpleWebToken