Security context token

Web Services Trust (WS-Trust) and Web Services Secure Conversation (WS-SecureConversation) support in the application server provides the ability to issue a security context token (SCT). Requests for a security context token are processed by the security token service.

The security token service for WebSphere Application Server is called the trust service. However, in IBM WebSphere Application Server Version 6.1 Feature Pack for Web Services, WebSphere Application Server does not provide a full security token service that implements all the contents of the WS-Trust draft specification.

The secure session is referred to as secure conversation because the message protocols that are used are defined by WS-SecureConversation and WS-Trust. WebSphere Application Server supports secure conversation.

To request a security context token, a RequestSecurityToken (RST), which is defined by WS-Trust and WS-SecureConversation protocols, is sent to the service endpoint to which you are setting up a secure conversation. These requests are transparently rerouted to the trust service. The trust service processes the RST and responds with a RequestSecurityTokenResponse (RSTR). This response is returned to the requestor as if it was generated by the endpoint service.

The WebSphere Application Server token provider support is limited to the Security Context Token provider. WS-SecureConversation in the IBM WebSphere Application Server Version 6.1 Feature Pack for Web Services focuses on the establishing of the security context token between the initiating party and the recipient party for secure conversation.

WebSphere Application Server includes caching support for the Security Context Token in both cluster and non-cluster environments as well as on both the client and server. WebSphere Application Server also provides trust policy set management for each of the trust service operations: issue, cancel, validate, and renew. Trust system policy sets can be managed for each of these trust operations relative to an explicit service endpoint or the trust service default. The default trust service policy set for a trust operation is enforced when there is not an explicit attachment.

See the information about Web Services Trust for the WS-Trust functions that are supported in the Feature Pack for Web Services.

For the security context token, you can:
  • Configure the security context token provider for WS-SecureConversation.
  • Configure the trust service to issue a security context token for access to a specific endpoint service (target)
  • Configure the security requirements for access to the trust service and applications. WebSphere Application Server provides pre-configured application policy sets and trust service policy sets to assist with this configuration.
  • Define a system policy for each of the four trust service operations: issue, cancel, validate, and renew. These policies are configured for the default or a specific endpoint service. Note that the amend operation is not supported in the Feature Pack for Web Services.

Definitions

To better understand security tokens, the following terms are defined:

security token
A security token represents a collection of claims.
security context
A security context is an abstract concept that refers to an established authentication state and negotiated key or keys that can have additional security-related properties. A security context needs to be created and shared by the communicating parties before being used. A security context is shared among the communicating parties for the lifetime of a communications session and a security context token is the wire representation of this abstract security context.

WebSphere Application Server does not support a security context token created by one of the communicating parties and propagated with a message

WebSphere Application Server does not support creating a security context token through negotiation and exchanges.
security context token
A security context token is a wire representation of that security context abstract concept, which allows a context to be named by a URI and to be used with Web services security. A secured communication with a security context token between two parties is realized with WS-Trust and WS-SecureConversation.
security token service
A security token service (STS) is a Web service that issues security tokens, meaning it makes assertions that are based on evidence that it trusts, to whoever trusts it (or to specific recipients).
Trust service
The trust service is the security token service and supporting code that is provided by Websphere Application Server.
RequestSecurityToken (RST)
A RST is a message sent to a security token service to request a security token.
RequestSecurityToken Response (RSTR)
A RSTR is a response to a request for a security token from a security token service to a requestor after receiving an RST message.

To communicate trust, a service requires proof, such as a signature, to prove knowledge of a security token or set of security tokens. A service itself can generate tokens or it can rely on a separate security token service to issue a security token with its own trust statement. Note that, for some security token formats, communicating trust can just be a re-issuance or a co-signature that forms the basis of trust brokering.

Syntax for the <wsc:SecurityContextToken> element

A security context is shared among the communicating parties for the lifetime of a communications session and a security context token is the wire representation of this abstract security context.

In the WS-SecureConversation specification, a security context is represented by the <wsc:SecurityContextToken> security token. The following URI represents the security context token type that is required to establish a secure conversation.
http://schemas.xmlsoap.org/ws/2005/02/sc/sct

The syntax for <wsc:SecurityContextToken> element is as follows:

<wsc:SecurityContextToken wsu:Id="..." ...>
    <wsc:Identifier>...</wsc:Identifier>
    <wsc:Instance>...</wsc:Instance>
    ...
</wsc:SecurityContextToken>

The security context token does not support references to it by using key identifiers or key names. All references must use an ID (to a wsu:Id attribute) or use a URI reference, <wsse:Reference>, to the <wsc:Identifier> element in the security context token.

Example

This example shows a RST request to issue a security token. The URI http://schemas.xmlsoap.org/ws/2005/02/sc/sct, which is used in this example, represents the token type:

<wsc:SecurityContextToken>
<soapenv:Envelope 
	xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
	xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
	xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
	xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">

   <soapenv:Header>
   <wsse:Security 
        xmlns:wsse="http://docs.oasis-open.org/wss/
                    2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
                    soapenv:mustUnderstand="1">
        <wsse:UsernameToken><wsse:Username>user1</wsse:Username>
             <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/
                   oasis-200401-wss-username-token-profile-1.0#PasswordText">security
             </wsse:Password>
        </wsse:UsernameToken>
   </wsse:Security>
        <wsa:To>http://localhost:8080/WSSample/services/EchoService
        </wsa:To>
        <wsa:ReplyTo>
            <wsa:Address>http://www.w3.org/2005/08/addressing/anonymous
            </wsa:Address>
        </wsa:ReplyTo>
        <wsa:MessageID>urn:uuid:646268CB30A01B89D811537688997954
        </wsa:MessageID>
        <wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
        </wsa:Action>
   </soapenv:Header>
   <soapenv:Body>
	   <wst:RequestSecurityToken Context="http://www.ibm.com/login/">
		    <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
		 <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType>
		    <wst:Entropy>
			      <wst:BinarySecret>swYVsjsi75fB+RksmDdWKQ==</wst:BinarySecret>
		    </wst:Entropy>
		        <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
			          <wsa:EndpointReference>
				            <wsa:Address>WSSample/services/EchoService</wsa:Address>
			          </wsa:EndpointReference>
		        </wsp:AppliesTo>
	      </wst:RequestSecurityToken>
    </soapenv:Body>
</soapenv:Envelope>

This example shows a RSTR request to issue a security token:

<soapenv:Envelope xmlns:wsa="http://www.w3.org/2005/08/addressing" 
                  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
	<soapenv:Header>
		  <wsa:Action xmlns:wsa="http://www.w3.org/2005/08/addressing">
			     http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
		  </wsa:Action>
		  <wsa:RelatesTo>
			     97fd1ce790c257f0:1ea9f29c:1129642ebe1:-7fff
		  </wsa:RelatesTo>
	</soapenv:Header>
  <soapenv:Body>
      <wst:RequestSecurityTokenResponse 
           xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" 
           Context="http://www.ibm.com/login/">
      <wst:RequestedSecurityToken 
           xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
         <wsc:SecurityContextToken 
              xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" 
              xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
                         oasis-200401-wss-wssecurity-utility-1.0.xsd"
              wsu:Id="uuid:617A2281DAD3C3EC211179342073467">
              <wsc:Identifier xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc">
				 		           uuid:617A2281DAD3C3EC211179342073466
              </wsc:Identifier>
              <wsc:Instance xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc">
				         		uuid:617A2281DAD3C3EC211179342073465
              </wsc:Instance>
         </wsc:SecurityContextToken>
      </wst:RequestedSecurityToken>

  <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
		 <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
			 <wsa:Address xmlns:wsa="http://www.w3.org/2005/08/addressing">
		                http://localhost:9080/WSSampleSei/EchoService
        </wsa:Address>
        </wsa:EndpointReference>
   </wsp:AppliesTo>
	      <wst:RequestedProofToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
	         <wst:ComputedKey xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
	                   http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
	         </wst:ComputedKey>
        </wst:RequestedProofToken>
        <wst:Entropy xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
             <wst:BinarySecret xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" 
                        Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">
					             0oK29up5fifaCkPiSX3GZg==
             </wst:BinarySecret>
        </wst:Entropy>
	      <wst:Lifetime xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
           <wsu:Created 
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
                       oasis-200401-wss-wssecurity-utility-1.0.xsd">
                  2007-05-16T19:01:12.625Z
           </wsu:Created>
           <wsu:Expires 
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
                       oasis-200401-wss-wssecurity-utility-1.0.xsd">
                  2007-05- 16T21:01:12.625Z
           </wsu:Expires>
        </wst:Lifetime>
        <wst:RequestedAttachedReference 
           xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
          <wsse:SecurityTokenReference 
           xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/
                       oasis-200401-wss-wssecurity-secext-1.0.xsd">
             <wsse:Reference 
                   xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/
                        oasis-200401-wss-wssecurity-secext-1.0.xsd" 
                   URI="#uuid:617A2281DAD3C3EC211179342073467" 
                   ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct">
             </wsse:Reference>
          </wsse:SecurityTokenReference>
        </wst:RequestedAttachedReference>
        <wst:RequestedUnattachedReference 
              xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
          <wsse:SecurityTokenReference 
                xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/
                            oasis-200401-wss-wssecurity-secext-1.0.xsd"
               <wsse:Reference 
                     xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/
                                 oasis-200401-wss-wssecurity-secext-1.0.xsd"
                     URI="uuid:617A2281DAD3C3EC211179342073466" 
                     ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct">
               </wsse:Reference>
           </wsse:SecurityTokenReference>
        </wst:RequestedUnattachedReference>
        <wst:Renewing 
             xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" 
             Allow="true" OK="false">
        </wst:Renewing>
        <wst:KeySize 
             xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
				    128
        </wst:KeySize>
     </wst:RequestSecurityTokenResponse>
	</soapenv:Body>
</soapenv:Envelope>

Example

This example shows a RST request to cancel a security token.

<soapenv:Envelope xmlns:wsa="http://www.w3.org/2005/08/addressing"
	xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
	<soapenv:Header>
		<wsa:To>
			http://newchina.austin.ibm.com:9080/WSSecConvApis03/FVTVersionSecConvApis03Service
		</wsa:To>
		<wsa:MessageID>
			f20b218a24bf43df:-57ea847:112b47ead6d:-7ffc
		</wsa:MessageID>
		<wsa:Action>
			http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel
		</wsa:Action>
	</soapenv:Header>
	<soapenv:Body>
      <wst:RequestSecurityToken
			      xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
			      Context="http://www.ibm.com/login/">
			   <wst:RequestType
				     xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
				     http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
			   </wst:RequestType>
			   <wst:CancelTarget
				      xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
				      <wsc:SecurityContextToken
					       xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
                      oasis-200401-wss-wssecurity-utility-1.0.xsd"
					       xmlns:Id="http://docs.oasis-open.org/wss/2004/01/
                      oasis-200401-wss-wssecurity-utility-1.0.xsd"
					       xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"
					       Id:Id="uuid:3FF175272DA6F83A291179849257996">
					       <wsc:Identifier
						          xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc">
						          uuid:3FF175272DA6F83A291179849257985
					       </wsc:Identifier>
					       <wsc:Instance
						          xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc">
						          uuid:3FF175272DA6F83A291179849257984
					       </wsc:Instance>
			        </wsc:SecurityContextToken>
			   </wst:CancelTarget>
			<wst:TokenType
				   xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
				    http://schemas.xmlsoap.org/ws/2005/02/sc/sct
			</wst:TokenType>
			<wsp:AppliesTo
				   xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
				   <wsa:EndpointReference
					      xmlns:wsa="http://www.w3.org/2005/08/addressing">
					      <wsa:Address
						         xmlns:wsa="http://www.w3.org/2005/08/addressing">
						         http://newchina.austin.ibm.com:9080/WSSecConvApis03
                            /FVTVersionSecConvApis03Service
					      </wsa:Address>
				   </wsa:EndpointReference>
			</wsp:AppliesTo>
			<wst:Entropy
				   xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
				   <wst:BinarySecret
					      xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
					      Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">
					      Tv6pDe6Or3grjd7t+GGCZg==
				   </wst:BinarySecret>
			</wst:Entropy>
			     <wst:KeySize
				        xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
				        128
            </wst:KeySize>
       </wst:RequestSecurityToken>
    </soapenv:Body>
</soapenv:Envelope>

This example shows a RSTR request to cancel a security token:

<soapenv:Envelope
	xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
	xmlns:wsa="http://www.w3.org/2005/08/addressing">
    <soapenv:Header>
        <wsa:Action>
			       http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Cancel
		    </wsa:Action>
		    <wsa:RelatesTo>
			       f20b218a24bf43df:-57ea847:112b47ead6d:-7ffc
		    </wsa:RelatesTo>
	  </soapenv:Header>
    <soapenv:Body>
		    <RequestSecurityTokenResponse
		         Context="http://www.ibm.com/login/">
			      <wst:RequestedTokenCancelled
				         xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
			      </wst:RequestedTokenCancelled>
		    </RequestSecurityTokenResponse>
    </soapenv:Body>
</soapenv:Envelope>

Example

This example shows a RST request to renew a security token.

<soapenv:Envelope
         xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
         xmlns:wsa="http://www.w3.org/2005/08/addressing">
	  <soapenv:Header>
		    <wsa:To>
			       http://synctest.austin.ibm.com:9080/WSTrust03/FVTVersionTrust03Service
		    </wsa:To>
		    <wsa:MessageID>
			       urn:uuid:85f87aad1772f485:-5f8ede69:112bbe15ec7:-7ffd
		    </wsa:MessageID>
		    <wsa:Action>
			       http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
		    </wsa:Action>
	  </soapenv:Header>
	  <soapenv:Body>
		    <wst:RequestSecurityToken Context="http://www.ibm.com/login/"
			       xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
			       <wst:RequestType>
				          http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
			       </wst:RequestType>
			       <wst:RenewTarget>
				          <wsc:SecurityContextToken
					             Id:Id="uuid:C4E1EB7F485526962E1179973151233"
                        xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"
                        xmlns:Id="http://docs.oasis-open.org/wss/2004/01/
                             oasis-200401-wss-wssecurity-utility-1.0.xsd"
					             xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
                             oasis-200401-wss-wssecurity-utility-1.0.xsd">
					            <wsc:Identifier>
						                uuid:C4E1EB7F485526962E1179973151216
					            </wsc:Identifier>
					            <wsc:Instance>
						                uuid:C4E1EB7F485526962E1179973151215
					            </wsc:Instance>
				          </wsc:SecurityContextToken>
			       </wst:RenewTarget>
			       <wst:TokenType>
				          http://schemas.xmlsoap.org/ws/2005/02/sc/sct
			       </wst:TokenType>
         </wst:RequestSecurityToken>
    </soapenv:Body>
</soapenv:Envelope>

This example shows a RSTR request to renew a security token:

<soapenv:Envelope
	xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
	xmlns:wsa="http://www.w3.org/2005/08/addressing">
	<soapenv:Header>
		      <wsa:Action>
			         http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
		      </wsa:Action>
		      <wsa:RelatesTo>
			         urn:uuid:85f87aad1772f485:-5f8ede69:112bbe15ec7:-7ffd
		      </wsa:RelatesTo>
	</soapenv:Header>
	<soapenv:Body>
		      <wst:RequestSecurityTokenResponse
			         Context="http://www.ibm.com/login/"
			         xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
			    <wst:RequestedSecurityToken>
				       <wsc:SecurityContextToken
					          wsu:Id="uuid:C4E1EB7F485526962E1179974951825"
					          xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"
					          xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
                                oasis-200401-wss-wssecurity-utility-1.0.xsd">
					          <wsc:Identifier>
						             uuid:C4E1EB7F485526962E1179973151216
					          </wsc:Identifier>
					          <wsc:Instance>
						             uuid:C4E1EB7F485526962E1179974951824
					          </wsc:Instance>
				       </wsc:SecurityContextToken>
			     </wst:RequestedSecurityToken>
			     <wst:Entropy>
				        <wst:BinarySecret>
					           zGIWpvaUZ55+W11GroEWHA==
				        </wst:BinarySecret>
			     </wst:Entropy>
			     <wst:Lifetime>
				        <wsu:Created
					           xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
                                 oasis-200401-wss-wssecurity-utility-1.0.xsd">
					           2007-05-24T02:49:10.187Z
				        </wsu:Created>
				        <wsu:Expires
					           xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
                                 oasis-200401-wss-wssecurity-utility-1.0.xsd">
					           2007-05-24T02:59:10.187Z
				        </wsu:Expires>
			      </wst:Lifetime>
			<wst:RequestedAttachedReference>
				   <wsse:SecurityTokenReference
					       xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/
                              oasis-200401-wss-wssecurity-secext-1.0.xsd">
					       <wsse:Reference
						           URI="#uuid:C4E1EB7F485526962E1179974951825"
						           ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct">
					       </wsse:Reference>
				   </wsse:SecurityTokenReference>
			</wst:RequestedAttachedReference>
       <wst:Renewing Allow="true" OK="true"></wst:Renewing>
       </wst:RequestSecurityTokenResponse>
    </soapenv:Body>
</soapenv:Envelope>

Example

This example shows a RST request to validate a security token.

<soapenv:Envelope
	      xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
	      xmlns:wsa="http://www.w3.org/2005/08/addressing">
    <soapenv:Header>
		    <wsa:To>
			      http://synctest.austin.ibm.com:9080/WSTrust03/FVTVersionTrust03Service
		    </wsa:To>
		    <wsa:MessageID>
		        urn:uuid:85f87aad1772f485:-5f8ede69:112bbe15ec7:-7fff
		    </wsa:MessageID>
		    <wsa:Action>
			      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate
		    </wsa:Action>
	 </soapenv:Header>
	 <soapenv:Body>
		    <wst:RequestSecurityToken Context="http://www.ibm.com/login/"
			       xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
			      <wst:RequestType>
				         http://schemas.xmlsoap.org/ws/2005/02/trust/Validate
			      </wst:RequestType>
			      <wst:ValidateTarget>
				        <wsc:SecurityContextToken
					         Id:Id="uuid:C4E1EB7F485526962E1179973151233"
					         xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"
					         xmlns:Id="http://docs.oasis-open.org/wss/2004/01/
                      oasis-200401-wss-wssecurity-utility-1.0.xsd"
					         xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
                      oasis-200401-wss-wssecurity-utility-1.0.xsd">
					         <wsc:Identifier>
						            uuid:C4E1EB7F485526962E1179973151216
					          </wsc:Identifier>
					          <wsc:Instance>
						            uuid:C4E1EB7F485526962E1179973151215
					          </wsc:Instance>
				        </wsc:SecurityContextToken>
			      </wst:ValidateTarget>
			      <wst:TokenType>
				         http://schemas.xmlsoap.org/ws/2005/02/sc/sct
			      </wst:TokenType>
		    </wst:RequestSecurityToken>
	   </soapenv:Body>
</soapenv:Envelope>

This example shows a RSTR request to validate a security token:

<soapenv:Envelope
	      xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
	      xmlns:wsa="http://www.w3.org/2005/08/addressing">
    <soapenv:Header>
		    <wsa:Action>
			      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Validate
		    </wsa:Action>
		    <wsa:RelatesTo>
			      urn:uuid:85f87aad1772f485:-5f8ede69:112bbe15ec7:-7fff
		    </wsa:RelatesTo>
    </soapenv:Header>
    <soapenv:Body>
        <RequestSecurityTokenResponse
			            Context="http://www.ibm.com/login/">
			      <wst:Status
				          xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
				        <wst:Code>
					        http://schemas.xmlsoap.org/ws/2005/02/trust/status/valid
				        </wst:Code>
			      </wst:Status>
		    </RequestSecurityTokenResponse>
    </soapenv:Body>
</soapenv:Envelope>

Review the two example scenarios that discuss establishing the security context token.




Related concepts
Web Services Secure Conversation
Trust service
Derived key token
Related tasks
Securing requests to the trust service using system policy sets
Enabling secure conversation
Related reference
Example: Establishing a security context token to secure a secure conversation
Example: Establishing a security context token to secure reliable messaging
Concept topic Concept topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 1:23:07 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=cwbs_seccontexttoken
File name: cwbs_seccontexttoken.html