realmis the unique identifier of the application -- the identity that's sent to the STS when logging in. However, the
audienceUriselement is used to limit from what applications the token will be accepted.
Federation metadata is an XML document that describes the STS: WS-Federation endpoint, which certificate is used to sign the token etc. Most STSs support this document format. The Identity and Access Tool specifies this document in the web.config as follows: