IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1

rst.xml file

Use the example RST message to get user credentials with the STS modules.

This RST and the example chain do not use the optional TokenType for matching chains. To use the RST message, see Using the security trust chain.

Note: The ampersand character (&) is not a valid XML character. The rst.xml file must not contain this character. Otherwise, it causes an error.

Content	Description
`<wst:ValidateTarget> <wss:UsernameToken ...> <wss:Username>user1</wss:Username> <wss:Password>password</wss:Password> ... </wss:UsernameToken> </wst:ValidateTarget>`	The wss:UserNameToken element contains the IBM® Security Access Manager for Enterprise Single Sign-On user name and password. wss:UserNameToken is stored in the ValidateTarget element of the RST. In the following example of an RST message in the ValidateTarget element, `user1` and `password` are specified as the username and password. If the logon fails because of values that are not correct, the STS chain returns an `Invalid Username or Password` status.
`<wst:RequestType> http://schemas.xmlsoap.org/ws/2005/02/ trust/Validate </wst:RequestType>`	The wst:RequestType must be set to validate because the trust chain is configured to validate requests.
`<wst:Issuer> <wsa:Address>esso/</wsa:Address> </wst:Issuer>`	The address for the issuer is the value that you specified when you configure the chain. For example: `esso/`.
`<wsp:AppliesTo> ... <wsa:Address>esso/get/</wsa:Address> ... </wsp:AppliesTo>`	The AppliesTo address must be `esso/get/`.

Example

<soapenv:Envelope 
  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
  xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<soapenv:Header/><soapenv:Body>
 <wst:RequestSecurityToken>
   <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Validate</wst:RequestType>
   <wst:Issuer><wsa:Address>esso/</wsa:Address></wst:Issuer>
   <wsp:AppliesTo><wsa:EndpointReference><wsa:Address>esso/get/</wsa:Address>
    </wsa:EndpointReference></wsp:AppliesTo>
  <wst:ValidateTarget>
<wss:UsernameToken wsu:Id="username8a2fcf7b-0128-124a-b5d0-adafae3d9ad1"
xmlns:wss="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
 <wss:Username>user1</wss:Username>
 <wss:Password>password</wss:Password>
  <wsu:Created>2010-05-25T01:45:08Z</wsu:Created>
  </wss:UsernameToken>
 </wst:ValidateTarget>   
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope>

Feedback