3.1.4.1.1.2 IWindowsDeviceEnrollmentService_RequestSecurityToken_OutputMessage Message

  • Article

A WSDL message containing the response for the RequestSecurityToken WSDL operation.

The SOAP action value is:

 http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RSTRC/wstep

The IWindowsDeviceEnrollmentService_RequestSecurityToken_OutputMessage ([WSTrust1.3] section 3.2 RequestSecurityTokenResponseCollection). The WSDL definition is:

 <wsdl:message name="IWindowsDeviceEnrollmentService_RequestSecurityToken_OutputMessage">
   <wsdl:part name="responseCollection" element="wst:RequestSecurityTokenResponseCollection"/>
 </wsdl:message>

The IWindowsDeviceEnrollmentService_RequestSecurityToken_OutputMessage message contains the elements that are part of a server response to a client.

The following elements MUST be included in the SOAP body.

  • wst:RequestSecurityTokenResponseCollection: Defined in section 3.1.4.1.2.9.

    This element MUST be a child of the <s:Body> element.

  • wst:RequestSecurityTokenResponse: Defined in section 3.1.4.1.2.10

    This element MUST be a child of the <wst:RequestSecurityTokenResponseCollection> element (see [WSTrust1.3] section 3.2).

  • wst:TokenType: Defined in section 3.1.4.1.2.6. The <wst:TokenType> element MUST be http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken.

    This element MUST be a child of the <wst:RequestSecurityTokenResponse> element (see [WSTrust1.3] section 3.1).

  • wst:RequestedSecurityToken: Defined in section 3.1.4.1.2.11

    This element MUST be a child of the <wst:RequestSecurityTokenResponse> element.

  • wsse:BinarySecurityToken: Defined in section 3.1.4.1.2.3. The ValueType attribute MUST be http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc. The EncodingType attribute MUST be http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary. The <wsse:BinarySecurityToken> element MUST contain a base64 encoded XML document formatted as a Provisioning Document (section 3.1.4.1.2.12). The XML document MUST contain an X.509 Certificate [RFC5280].

    This element MUST be a child of the <wst:RequestedSecurityToken> element.

  • ac:AdditionalContext: Defined in section 3.1.4.1.2.7 (See [WSFederation] section 9.2).

    This element MUST be a child of the <wst:RequestSecurityTokenResponse> element.

  • ac:ContextItem: Defined in section 3.1.4.1.2.8. The request MUST provide the following information in <ac:ContextItem> elements as child elements of the <ac:AdditionalContext> element.

    Name attribute

    Description

    The literal string: "UserPrincipalName" 

    The <ac:Value> element contains the value of the http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn claim in the JWT that was sent to the server (section 3.1.4.1.1.1).