The function of the STS client is to issue compliant requests for a variety of security tokens. The client has to be WS-Trust literate. A WSDL file describes the web service interface. You can find the WSDL file from the the base URL of the service, as in the following example: http://hostname:80/STS?wsdl. You can run the WSDL file through your choice of code generation tools to generate the foundational code for the STS client.
The STS supports WS-Trust Soap requests (RST) and responses (RSTR). The RST specifies one or more token types. The STS supports the following values for <Token Type>:
Specifies the WS-Security Username token.
Specifies the WS-Security X509v3 token.
Specifies the WS-Security SAMLv1.1 Assertion with Holder-of-Key confirmation method.
Specifies the WS-Security SAMLv2.0 Assertion with Holder-of-Key confirmation method.
Specifies the WS-Security SAMLv2.0 Assertion with Bearer confirmation method.
Specifies the proprietary SMSESSION token (XML format).
The RST can also include an <AppliesTo> element, which specifies the relying party that will consume the token. The STS is configured with a set of known relying parties – including the Response required to generate the token needed by the relying party.
The <AppliesTo> value can be a simple URL, as in the following example:
<AppliesTo xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy">http://some-relying-party.customer.com</AppliesTo>
The <AppliesTo> value can also be a WS-Addressing element:
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:EndpointReference>
<wsa:Address>http://some-relying-party.customer.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
If both a <TokenType> and an <AppliesTo> value are present, the <AppliesTo> value takes precedence.
|
Copyright © 2014 CA.
All rights reserved.
|
|