Hello,
Have you ever considered WebFinger [1] to discover resources protected by a resource server ? For instance, that could help clients to obtain from the RS itself the resource identifier and AS in order to obtain a RPT without a permission ticket.
Regards.
Pedro Igor