2.2.5 LsRequestSecurityToken Response

  • Article

The SOAP body of the response message MUST conform to the following XML Schema.

 <s:element name="LsRequestSecurityTokenResponse">
   <s:complexType>
     <s:sequence>
       <s:element minOccurs="0" maxOccurs="1" name="rstr" type="tns:RSTRResult" />
     </s:sequence>
   </s:complexType>
 </s:element>
 <s:complexType name="RSTRResult">
   <s:sequence>
     <s:element minOccurs="1" maxOccurs="1" name="Status" type="tns:RSTRStatus" />
     <s:element minOccurs="0" maxOccurs="1" name="PolicyVersion" type="tns:VersionInformation" />
     <s:element minOccurs="0" maxOccurs="1" name="CredentialsVerification" type="tns:CredentialsVerificationInfo" />
     <s:element minOccurs="0" maxOccurs="1" name="ForeignRealmUri" type="s:string" />
     <s:element minOccurs="0" maxOccurs="1" name="SecurityToken" type="s:base64Binary" />
     <s:element minOccurs="0" maxOccurs="1" name="LogonAcceleratorToken" type="s:base64Binary" />
   </s:sequence>
 </s:complexType>
 <s:simpleType name="RSTRStatus">
   <s:restriction base="s:string">
     <s:enumeration value="Success" />
     <s:enumeration value="WrongPrincipal" />
     <s:enumeration value="NoAcceptableCredential" />
     <s:enumeration value="InvalidTarget" />
     <s:enumeration value="ValidationFailure" />
     <s:enumeration value="GenerationFailure" />
     <s:enumeration value="SidExpansionFailure" />
     <s:enumeration value="NoAccountStores" />
     <s:enumeration value="NoActiveDirectoryForSids" />
     <s:enumeration value="NoAccountStoresForCert" />
     <s:enumeration value="Unset" />
   </s:restriction>
 </s:simpleType>
 <s:complexType name="VersionInformation">
   <s:sequence>
     <s:element minOccurs="1" maxOccurs="1" name="SoftwareVersion" type="s:long" />
     <s:element minOccurs="1" maxOccurs="1" name="Guid" type="s1:guid" />
     <s:element minOccurs="1" maxOccurs="1" name="Version" type="s:long" />
   </s:sequence>
 </s:complexType>
 <s:complexType name="CredentialsVerificationInfo">
   <s:sequence>
     <s:element minOccurs="1" maxOccurs="1" name="AccountStoreType" type="tns:AccountStoreType" />
     <s:element minOccurs="0" maxOccurs="1" name="AccountStoreTypeDisplay" type="s:string" />
     <s:element minOccurs="0" maxOccurs="1" name="AccountStoreUriString" type="s:string" />
     <s:element minOccurs="0" maxOccurs="1" name="AccountStoreDisplayName" type="s:string" />
     <s:element minOccurs="0" maxOccurs="1" name="UserValidationData" type="tns:UserValidationInfo" />
   </s:sequence>
 </s:complexType>
 <s:simpleType name="AccountStoreType">
   <s:restriction base="s:string">
     <s:enumeration value="ActiveDirectoryType" />
     <s:enumeration value="LdapDirectoryType" />
     <s:enumeration value="UnknownStoreType" />
   </s:restriction>
 </s:simpleType>
 <s:complexType name="UserValidationInfo">
   <s:sequence>
     <s:element minOccurs="1" maxOccurs="1" name="ErrorCode" type="s:long" />
     <s:element minOccurs="0" maxOccurs="1" name="AdditionalValidationInfo" type="tns:ArrayOfString" />
   </s:sequence>
 </s:complexType>
 <s:complexType name="ArrayOfString">
   <s:sequence>
     <s:element minOccurs="0" maxOccurs="unbounded" name="string" nillable="true" type="s:string" />
   </s:sequence>
 </s:complexType>

 Parameter

 Value

SoftwareVersion

The value of this parameter MUST be 1.

ForeignRealmUri

This parameter MUST be a URI conforming to [RFC2396].

SecurityToken

This parameter MUST be a Base64-encoded [RFC4648] security token conforming to [MS-MWBF] section 2.2.4.2.

AccountStoreUriString

The syntax of this parameter is specified in section 3.2.5.2.2.3.