3.2.5.2.2.3 CredentialsVerification

The information found within the CredentialsVerification structure is informational only, and the server MAY omit it.

The AccountStoreType value SHOULD be ActiveDirectoryType if Active Directory is used for generating claims in the security token returned. The AccountStoreType value SHOULD be LdapDirectoryType if an LDAP directory is used for generating the claims in the security token returned.

The AccountStoreTypeDisplay value SHOULD be a human readable string that identifies the type of account store. The AccountStoreUriString value SHOULD be a URI that uniquely identifies the account store at the server. The AccountStoreDisplayName value SHOULD be a human-readable string that identifies the account store at the server. Windows follows all SHOULD statements for the CredentialsVerification element.

The UserValidationData MUST contain an ErrorCode. The ErrorCode value MUST be 0 for a successful validation. When an error occurs, the ErrorCode value depends on the underlying account store used. The UserValidationData MAY contain an AdditionalValidationInfo element with further data.<15>