I was setting up FBA with AD LDS for SP2010. I created some test users in AD LDS and was able to see them in the PeoplePicker and grant them access. I couldn’t login as these users however, and was seeing the below in the ULS:
Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
An exception occurred when trying to issue security token: The security token username and password could not be validated..
Turning on Verbose logging for Claims Authentication category and you can see other things, in particular the below, which suggests the STS configuration is OK.
Authenticated with login provider. Validating request security token.
It turns out that the problem is because the AD LDS user account is disabled!! When you create a user in AD LDS, depending on the current AD policy on your computer, the LDS account may be disabled by default! To enable it, edit the account and set the msDS-UserAccountDisabled attribute to FALSE!!
Another issue that could cause login to fail is that the STS does not have access to the AD LDS user store. I have written about this here.