Have you ever considered WebFinger [1] to discover resources protected by a resource server ? For instance, that could help clients to obtain from the RS itself the resource identifier and AS in order to obtain a RPT without a permission ticket.

[1] https://tools.ietf.org/html/rfc7033

Regards.
Pedro Igor