18.104.22.168.1 LsRequestSecurityToken Request
The server MUST consider the targetRealmName element as if it were the wtrealm parameter of the [MS-MWBF] request for a security token.
The credentialTypeUri and credentials elements MUST contain information about the method used at the client for authenticating the [MS-MWBF] web browser requestor. The client MAY use username and password authentication or SSL client certificate authentication.<12>
If SSL client certificate authentication was used, the credentialTypeUri parameter MUST be "urn:ietf:rfc:2246". If username and password authentication is used, the credentialTypeUri MUST be "urn:oasis:names:tc:SAML:1.0:am:password".
If SSL client certificate authentication was used, the credentials element MUST contain only two values. The first value MUST equal "Certificate". The value of the second string MUST be an X.509 certificate per [WSDL] that is Base64-encoded per [RFC4648].
If username and password authentication was used, the credential element MUST contain only four values. The value of the first string MUST be Username. The value of the second string MUST be a username for the web browser requestor. The value of the third string MUST be Password. The value of the fourth string MUST be a password for the web browser requestor. The credentials provided for the client MUST be used to generate a security token for the user as described in [MS-MWBF].