IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2

rstr.xml

The rstr.xml file contains the response from the STS test after an RST message is sent to get a credential after a specified date.

The RSTR content has the following characteristics:
  • The message response from the STS is in the form of a Request Security Token Response Collection (RSTRC). The collection consists of multiple independent Request Security Token Response (RSTR) elements.

    Example of a Request Security Token Response Collection:

    <wst:RequestSecurityTokenResponseCollection ...>  
<wst:RequestSecurityTokenResponse ...> ...</wst:RequestSecurityTokenResponse> 
</wst:RequestSecurityTokenResponseCollection>
  • Each RSTR contains a UsernameToken for one authentication service. The authentication service is mentioned in the second AppliesTo element of each RSTR.
  • The 'Salt' used for Password-Based Encryption (PBE) is in the Nonce field of the UsernameToken. See Password-based encryption.
  • The status is in the wst:status element of the RSTR.

Example

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <soapenv:Header />
  <soapenv:Body>
    <wst:RequestSecurityTokenResponseCollection xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
    <wst:RequestSecurityTokenResponse wsu:Id="uuid2f8e7b3c-0130-14ff-87b9-f88a0599ea80"
    xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

      <wsp:AppliesTo xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
      xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <wsa:EndpointReference>
          <wsa:Address>esso/get/</wsa:Address>
        </wsa:EndpointReference>
      </wsp:AppliesTo>
      <wst:Status>
        <wst:Code>0x0</wst:Code>
        <wst:Reason>Account Credentials retrieved successfully</wst:Reason>
      </wst:Status>
    </wst:RequestSecurityTokenResponse>
    <wst:RequestSecurityTokenResponse wsu:Id="uuid2f8e7dce-0130-1314-85e4-f88a0599ea80"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

      <wsp:AppliesTo xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
      xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <wsa:EndpointReference>
          <wsa:Address>esso/get/</wsa:Address>
        </wsa:EndpointReference>
      </wsp:AppliesTo>
      <wst:RequestedSecurityToken>
      <wss:UsernameToken wsu:Id="username2f8e7dcd-0130-164e-a8fc-f88a0599ea80"
      xmlns:wss="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

        <wss:Username>user2</wss:Username>
        <wss:Nonce 
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
Nl1h9u+vT1u06/OfbiunwrAfEy0=</wss:Nonce>
        <wss:Password Type="PBEwithSHA-256andAES-128">Hl12u2zsoVPvD4kcpj6s0A==</wss:Password>
      </wss:UsernameToken></wst:RequestedSecurityToken>
      <wsp:AppliesTo xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
      xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <wsa:EndpointReference>
          <wsa:Address>mail</wsa:Address>
        </wsa:EndpointReference>
      </wsp:AppliesTo>
    </wst:RequestSecurityTokenResponse>
    <wst:RequestSecurityTokenResponse wsu:Id="uuid2f8e7dd0-0130-1724-93c5-f88a0599ea80"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsp:AppliesTo xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
      <wsa:EndpointReference>
        <wsa:Address>esso/get/</wsa:Address>
      </wsa:EndpointReference>
    </wsp:AppliesTo>
    <wst:RequestedSecurityToken>
    <wss:UsernameToken wsu:Id="username2f8e7dcf-0130-1427-917a-f88a0599ea80"
    xmlns:wss="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

      <wss:Username>user2</wss:Username>
      <wss:Nonce 
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
      W3PBe5qjpb+XiS4Md1REIP9mBpw=</wss:Nonce>
      <wss:Password Type="PBEwithSHA-256andAES-128">3aZu1VwBRY4MeByUpRm3rQ==</wss:Password>
    </wss:UsernameToken></wst:RequestedSecurityToken>
    <wsp:AppliesTo xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
      <wsa:EndpointReference>
        <wsa:Address>notes</wsa:Address>
      </wsa:EndpointReference>
    </wsp:AppliesTo></wst:RequestSecurityTokenResponse>
    <wst:RequestSecurityTokenResponse wsu:Id="uuid2f8e7dd2-0130-14fd-b898-f88a0599ea80"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

      <wsp:AppliesTo xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
      xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <wsa:EndpointReference>
          <wsa:Address>esso/get/</wsa:Address>
        </wsa:EndpointReference>
      </wsp:AppliesTo>
      <wst:RequestedSecurityToken>
        <wss:UsernameToken wsu:Id="username2f8e7dd1-0130-1837-b349-f88a0599ea80"
        xmlns:wss="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

          <wss:Username>user2</wss:Username>
  <wss:Nonce 
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
UrZoQGodbzS/EPlFSkaXiZPkFf4=</wss:Nonce>
          <wss:Password Type="PBEwithSHA-256andAES-128">bA9gvoiAPfT46tFh/lxxgg==</wss:Password>
        </wss:UsernameToken>
      </wst:RequestedSecurityToken>
      <wsp:AppliesTo xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
      xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">- 
      <wsa:EndpointReference>
        <wsa:Address>dir_skype</wsa:Address>
      </wsa:EndpointReference></wsp:AppliesTo>
    </wst:RequestSecurityTokenResponse>
    <wst:RequestSecurityTokenResponse wsu:Id="uuid2f8e7dd4-0130-1b70-af1a-f88a0599ea80"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsp:AppliesTo xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
      <wsa:EndpointReference>
        <wsa:Address>esso/get/</wsa:Address>
      </wsa:EndpointReference>
    </wsp:AppliesTo>
    <wst:RequestedSecurityToken>
    <wss:UsernameToken wsu:Id="username2f8e7dd3-0130-1611-96d0-f88a0599ea80"
    xmlns:wss="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

      <wss:Username>user1</wss:Username>
      <wss:Nonce 
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
      tz5f6KP56AZ3jXEnnRFejSGcodc=</wss:Nonce>
      <wss:Password Type="PBEwithSHA-256andAES-128">ki40fjbr8H9RRtr0hPbu7Q==</wss:Password>
    </wss:UsernameToken></wst:RequestedSecurityToken> 
    <wsp:AppliesTo xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
      <wsa:EndpointReference>
        <wsa:Address>dir_ibm.example.com</wsa:Address>
      </wsa:EndpointReference>
    </wsp:AppliesTo></wst:RequestSecurityTokenResponse></wst:RequestSecurityTokenResponseCollection>
  </soapenv:Body>
</soapenv:Envelope>
Parent topic: Getting a user credential updated after a specified date

Feedback