Elche41

Hi, I attempt to create the "Token response from IP/STS to service requester" as defined in the section 5.2.3. of the "An implementer's guide to the identity selector interoperability profile v1" (april 07) and i obtain the following xml response :

Code Snippet

< xml version="1.0" encoding="UTF-8" standalone="no" >

- <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">
- <s:Header>
<wsa:Action wsu:Id="_1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</wsa:Action>
<wsa:RelatesTo wsu:Id="_2">uuid:eb9e1c77-0cea-4f2f-a586-78c15536137c</wsa:RelatesTo>
<wsa:To wsu:Id="_3">http://www.w3.org/2005/08/addressing/anonymous</wsa:To>
- <wsse:Security s:mustUnderstand="1">
- <wsu:Timestamp wsu:Id="_6">
<wsu:Created>2007-07-19T07:07:56.000Z</wsu:Created>
<wsu:Expires>2007-07-19T07:17:56.000Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</s:Header>
- <s:Body wsu:Id="_10">
- <wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</wst:TokenType>
- <wst:Lifetime>
<wsu:Created>2007-07-19T07:07:56.000Z</wsu:Created>
<wsu:Expires>2007-07-19T07:17:56.000Z</wsu:Expires>
</wst:Lifetime>
- <wst:RequestedSecurityToken>
- <enc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:enc="http://www.w3.org/2001/04/xmlenc#">
<enc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
- <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
- <enc:EncryptedKey>
- <enc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
</enc:EncryptionMethod>
- <KeyInfo>
- <wsse:SecurityTokenReference>
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">

</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
- <enc:CipherData>
<enc:CipherValue>
</enc:CipherValue>
</enc:CipherData>
</enc:EncryptedKey>
</KeyInfo>
- <enc:CipherData>
<enc:CipherValue>
</enc:CipherValue>
</enc:CipherData>
</enc:EncryptedData>
</wst:RequestedSecurityToken>
- <wst:RequestedAttachedReference>
- <wsse:SecurityTokenReference>
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/ oasis-wss-saml-token-profile-1.0#SAMLAssertionID">uuid:17e2007e-f959-4624-85ef-ae00df6fe071</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</wst:RequestedAttachedReference>
- <wst:RequestedUnattachedReference>
- <wsse:SecurityTokenReference>
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/ oasis-wss-saml-token-profile-1.0#SAMLAssertionID">uuid:17e2007e-f959-4624-85ef-ae00df6fe071</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</wst:RequestedUnattachedReference>
- <wst:RequestedProofToken>
<wst:ComputedKey>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</wst:ComputedKey>
</wst:RequestedProofToken>
- <wst:Entropy>
<wst:BinarySecret Type="http://.../ws/2005/02/trust/Nonce">u+Qe3WdkFYqZsfwT9ZU6qTu9LqIYtwNz</wst:BinarySecret>
</wst:Entropy>
<wst:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</wst:KeyType>
<wst:KeySize>256</wst:KeySize>
- <ic:RequestedDisplayToken>
- <ic:DisplayToken xml:lang="en-us">
- <ic:DisplayClaim Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier">
<ic:DisplayTag>PPID</ic:DisplayTag>
<ic:DisplayValue>46542dfhd465dh1351=</ic:DisplayValue>
</ic:DisplayClaim>
- <ic:DisplayClaim Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
<ic:DisplayTag>Given Name</ic:DisplayTag>
<ic:DisplayValue>QUENIOUX</ic:DisplayValue>
</ic:DisplayClaim>
- <ic:DisplayClaim Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
<ic:DisplayTag>Surname</ic:DisplayTag>
<ic:DisplayValue>Charles</ic:DisplayValue>
</ic:DisplayClaim>
- <ic:DisplayClaim Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
<ic:DisplayTag>Email Address</ic:DisplayTag>
<ic:DisplayValue>a@a.com</ic:DisplayValue>
</ic:DisplayClaim>
</ic:DisplayToken>
</ic:RequestedDisplayToken>
</wst:RequestSecurityTokenResponse>
</s:Body>
</s:Envelope>


But i don't understand what i need to insert in the value and if this response is complete or not.
Thank you for your answer


Re: Windows CardSpace (InfoCard) STS Message Exchange

dandrievsky

Hi,

Check out our demo-IdP, creating its card and sending it to our tracing RP.

RST-RSTR conversation will be exposed.

Actually the IdP is quite minimalistic and lacks many WS-Trust stuff, but maybe it will be usefull for you...

Use 'guest' account with any password to get some claims non-empty.