Build RST SOAP Request Assertion
The Build RST SOAP Request assertion is used to create a SOAP message containing a Request Security Token (RST) in the SOAP body. The security token requested from the service is either a Security Context Token (SCT) or a SAML Token.
Context Variables Created by This Assertion
The Build RST SOAP Request assertion sets details about the RST request message in the following context variables.
The default <prefix> is "requestBuilder" and can be changed in the assertion properties.
Stores the RST Request message generated
Stores the client entropy, if the option [
Generate and include client entropy] is selected in the assertion properties
Using the Assertion
- Do one of the following:
- To add the assertion to the Policy Development window, see Add an Assertion.
- To change the configuration of an existing assertion, proceed to step 2 below.
- Right-clickBuild RST SOAP [Cancel|Issue|Validate] Requestin the policy window and chooseRST SOAP Request Builder Propertiesor double-click the assertion in the policy window. The assertion properties are displayed.
- Configure the properties as follows.SettingDescriptionSOAP VersionChoose the SOAP version to be used in the RST SOAP message: 1.1 or 1.2.WS-Trust NamespaceChoose the WS-Trust namespace to be used in a RequestSecurityToken element:
Token TypeChoose the token type to be used in the message:<Not Included> (no token is requested)SAML2 AssertionSAML AssertionWS-SC SecurityContextTokenRequest TypeChoose the type of request to build:CancelIssue (default)Validate<wst:Issuer> AddressOptionally specify the issuer of the security token that is presented in the RST SOAP request message. The Issuer element's type is an endpoint reference as defined in WS-Addressing. You may reference context variables.<wsp:AppliesTo> AddressOptionally specify the URL of the <Address> in a <wsp:AppliesTo> element, which is a scope specified by the requestor for the issued token. You may reference context variables.Target Token VariableIf theRequest Typeis eitherCancelorValidate, optionally specify a context variable of type String that will be used for the target element (the CancelTarget or ValidateTarget elements, respectively). This context variable should either contain:
- http://docs.oasis-open.org/ws-sx/ws-trust/200512(v1.3 and v1.4)
You can use an indexing option to specify a value from a multivalued context variable. For example, use foo to choose the second value in the multivalued variable foo. For more information, see Indexing Options during Interpolation in Working with Multivalued Context Variables.Key Size (bits)Optionally specify the key size in bits.Token LifetimeOptionally, select this check box to specify a time range for the returned security token.The issuer is not obligated to honor this range and may return a more (or less) restrictive interval.Use System DefaultWhen specifying a Token Lifetime, select this check box to use the system default, as defined by the outbound.secureConversation.defaultSessionDuration cluster property. The default value for this property is 2 hours.Generate and include client entropyOptionally select this check box to generate client entropy and include it in the RST request. The generated entropy will be saved into the context variable <prefix>.clientEntropy.Variable PrefixEnter a prefix that will be added to the context variables created by this assertion. This prefix will ensure uniqueness and will prevent the variables from overwriting each other when multiple instances of this assertion appear in a policy.The default prefix is requestBuilder.For an explanation of the validation messages displayed, see Context Variable Validation.
- an Element—for example, one that was selected using an XPath; this Element should be a SecurityTokenReference or a security token.
- a Security Context Token (for example, one created by the Establish Outbound Secure Conversation Assertion. A SecurityTokenReference will be generated for the token.