The wsignin1.0 request message is sent to the IP/STS to request that a security token be issued for a specific user to allow access to resources managed by the relying party. For normative descriptions and details on this request message, see [WSFedPRP] section 3.2. This message MUST contain either a wtrealm parameter or a wreply parameter. This message consists of an HTTP GET with the following query string parameters, formatted as specified in [WSFedPRP] sections 3.1 and 3.2:
-
wa: The value MUST be the literal string "wsignin1.0".
-
wtrealm: This parameter MUST be included in a request message to a different security realm from the relying party. If present, this value MUST be a URI that the requestor IP/STS and the relying party have agreed to use to identify the security realm of the relying party in messages to the requestor IP/STS. If present, the wreply parameter MUST NOT be present. For processing semantics on wtrealm and wreply, see section 3.1.5.4.2.
-
wreply: This parameter MUST be included in request messages to the same security realm as the relying party. If present, this value MUST be a URL at the relying party to which responses MUST be directed. If present, the wtrealm parameter MUST NOT be present. For processing semantics on wtrealm and wreply, see section 3.1.5.4.2.
-
wctx (optional): This value is an opaque context that MAY be passed in the request by the relying party.<12>
-
wct (optional): This value is the current time at the relying party that MUST be the string encoding of time, using the XML schema <datetime> time with Coordinated Universal Time (UTC) notation.<13>
-
wauth (optional): This value is a URI that indicates the method of authentication wanted.<14>
-
whr (optional): This value is a URI that uniquely identifies the requestor IP/STS that SHOULD receive the wsignin1.0 request message.<15>