4.7 Issuance Binding Response Message

Article
06/24/2021
The following is an example of a <RequestSecurityTokenResponseCollection> element used with the issuance binding based on [WSTrust1.3] returning a SAML token.
 <wst:RequestSecurityTokenResponseCollection xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
   <wst:RequestSecurityTokenResponse Context="urn:uuid:5ec07384-0bb0-4d80-a439-517ad3ea4ca2">
     <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV 1.1</wst:TokenType>
     <wst:RequestedSecurityToken>
       <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="saml-1" Issuer="urn:test-sts" IssueInstant="2008-08-15T02:18:57.472Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
         <saml:Conditions NotBefore="2008-01-03T05:00:00.000Z" NotOnOrAfter="2108-12-01T03:08:59.000Z"/>
         <saml:Advice/>
         <saml:AttributeStatement>
           <saml:Subject>
             <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">a@b.com</saml:NameIdentifier>
             <saml:SubjectConfirmation>
               <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
               <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                 <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                   <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                     <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                   </e:EncryptionMethod>
                   <KeyInfo>
                     <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                       <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">...</o:KeyIdentifier>
                     </o:SecurityTokenReference>
                   </KeyInfo>
                   <e:CipherData>
                     <e:CipherValue>...</e:CipherValue>
                   </e:CipherData>
                 </e:EncryptedKey>
               </KeyInfo>
             </saml:SubjectConfirmation>
           </saml:Subject>
           <saml:Attribute AttributeName="UserName" AttributeNamespace="urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName">
             <saml:AttributeValue>Test1</saml:AttributeValue>
           </saml:Attribute>
           <saml:Attribute AttributeName="EmailName" AttributeNamespace="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
             <saml:AttributeValue>a@b.com</saml:AttributeValue>
           </saml:Attribute>
         </saml:AttributeStatement>
         <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
           <SignedInfo>
             <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
             <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
             <Reference URI="#saml-1">
               <Transforms>
                 <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                 <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
               </Transforms>
               <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
               <DigestValue>...</DigestValue>
             </Reference>
           </SignedInfo>
           <SignatureValue>...</SignatureValue>
           <KeyInfo>
             <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
               <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">...</o:KeyIdentifier>
             </o:SecurityTokenReference>
           </KeyInfo>
         </Signature>
       </saml:Assertion>
     </wst:RequestedSecurityToken>
     <wst:RequestedAttachedReference>
       <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">saml-1</o:KeyIdentifier>
       </o:SecurityTokenReference>
     </wst:RequestedAttachedReference>
     <wst:RequestedUnattachedReference>
       <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">saml-1</o:KeyIdentifier>
       </o:SecurityTokenReference>
     </wst:RequestedUnattachedReference>
     <wst:RequestedProofToken>
       <wst:BinarySecret>...</wst:BinarySecret>
     </wst:RequestedProofToken>
     <wst:Lifetime>
       <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2008-01-03T05:00:00.000Z</wsu:Created>
       <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2108-12-01T03:08:59.000Z</wsu:Expires>
     </wst:Lifetime>
     <wst:KeySize>256</wst:KeySize>
   </wst:RequestSecurityTokenResponse>
 </wst:RequestSecurityTokenResponseCollection>
4.7 Issuance Binding Response Message

Additional resources
