Performing a WS-Trust login request

Overview

After receiving a WS-Trust MEX response, the next step that the system performs for federated authentication with WS-Trust, meaning between security domains, is to send a login request to a federated identity provider (IdP).

The system uses the federationRequestURN and the URLs specified in the MEX response to create the WS-Trust login request, per Web Services Security Username Token Profile Version 1.1.1. The system doesn’t support PasswordDigest. The system sends the WS-Trust login using Simple Object Access Protocol (SOAP) to the endpoint in the MEX response.

For more information about federated authentication with WS-Trust, see Authentication process.

Receive the WS-Trust login response

The system loads the SOAP response as XML and validates it, which includes checking that the nonce is correct and the created and expires dates are current. The system then parses the TokenType and uses it to set the correct grant_type in the Platform SSO login request.

See Also

Login request

• Creating an embedded assertion
• Creating an encrypted embedded assertion
• Creating and validating a login request
• Creating a refresh request
• Supporting key requests and key exchange requests