I had some difficulty with this same exact issue. I was using the CustomToken-VS2010 sample from the WIF SDK.
The sample doesn't have an app.config and I felt that knowing how the code works is useful anyway, so I spent some time investigating this. I feel I should show my results here. I hope this inforamation is helpful.
I had the same issue. The problem I had was "where do I set this mode?" I had a difficult time finding the object that had this property to set that was actually the correct object. I finally found it as part of the ChannelFactory:
using System.ServiceModel.Security;
:
ChannelFactory<IEcho> echoChannelFactory = new ChannelFactory<IEcho>(...)
echoChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
So, the place to set this is in the ChannelFactory object.
Running Visual Studio 2010 as local administrator, I was able to get the sample to work (after having also run the batch file associated with all the samples to create the certificate, etc.)
Again, this is not something you would do in a production environment, but knowing how to set the service certificate authentication mode is probably a pretty good thing to know overall.