Skip to main content

A sample request/response for issuing a Security Token

A sample client request is given here, where the client wants the STS to issue a Security Assertion Markup Language (SAML) 2.0 token for a service hosted at http://cxf.apache.org:8080/service:

<wst:RequestSecurityToken Context="..." xmlns:wst="...">
   <wst:TokenType>
      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
   </wst:TokenType>
   <wst:RequestType>
      http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
   </wst:RequestType>
   <wsp:AppliesTo>http://cxf.apache.org:8080/service</wsp:AppliesTo>
</wst:RequestSecurityToken>

The STS responds with:

<wst:RequestSecurityTokenResponseCollection xmlns:wst="...">
   <wst:RequestSecurityTokenResponse>
      <wst:TokenType>
         http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
      </wst:TokenType>
      <wst:RequestedSecurityToken>
         <saml2:Assertion xmlns:saml2="..." ... />
      </wst:RequestedSecurityToken>
   </wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!