Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save pkarneliuk/4b49290e0fa3b786a2a2ee55847f424b to your computer and use it in GitHub Desktop.
Save pkarneliuk/4b49290e0fa3b786a2a2ee55847f424b to your computer and use it in GitHub Desktop.
Request:
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>
<wsa:MessageID>urn:uuid:259dd3b9-d057-406a-8e1e-fcb177483cc8</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>https://epbyminw1763t56.cluster.dom:9031/idp/sts.wst?TokenProcessorId=Kerberos</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-c5e11f40-6f6f-44b7-996f-1653eb171acf">
<wsu:Created>2017-05-06T08:59:43Z</wsu:Created>
<wsu:Expires>2017-05-06T09:04:43Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="SecurityToken-d222c214-40c4-4256-9bb8-299878baaf6c">YIIGXAYJKoZIhvcSAQICAQBuggZLMIIGR6ADAgEFoQMCAQ6iBwMFAAAAAACjggTSYYIEzjCCBMqgAwIBBaENGwtDTFVTVEVSLkRPTaIuMCygAwIBAqElMCMbBEhUVFAbG0VQQllNSU5XMTc2M1Q1Ni5jbHVzdGVyLmRvbaOCBIIwggR+oAMCARehAwIBBKKCBHAEggRsT7jJGN3ownjPyRBgQpYbI3a0C26qyXR8hmaMQPT/NGbSp/t9JTdYYhS2KFTOlHblxhlhuTpvia2IATMwcMuNe4RjQS997VFh6nDSlilzApo0Kk10a8n3qlk3zA40Q4lEB8UR0e7YMpV9ow+Xginoq6jAnjGB8LtEz2OoYEzqgaF5d7yD/FvIAoRGhhoEEqhgekreAPFoNiL0LkfeyXVXo+3XuMtSxpbd99MSMv+WWh+R3VfI2Y4rHWkIK7/pcc+3gUHl+JBwJm5RpH6qD4v/i5pv8ZppAUCOFbD9pEqaaV3PNTaCYwWO263wFWDmMT4h6lLk9hDc/b2F+gFuo1OwtxsGx8REfkGhyjLgQEpui64NSxr33xuB0JnZHw9TvzOQoZnYmB7etK9REUbJ2YWMYkxYia+wzqJIMG4E1VppIfddC8JQtHtyTXT3xnBHbz+0CY7vICHxdAu3HXNqU7F/Kv0//0VAJvqeDRPlOu/G5Ho1y/S4IGePh8ofprl/Z7NGZvAoDOlqu2+uNXWtk9nfYIcoRUNKSWqElNtWmWeeQlbFsMgFsDZGqWTL5U2+ScsFo0U79KX5sVkpiCjfzFuMb9jjr2Vbi3JeXp2rdBwr/VTg+RHVGRJ0BxdggR5Cbcp7b8WCjIZHEgI7Ax1CykNwOz0dPlpVxOAKTEt8F7zSfFZeqnunNuITEXE2M8Zoc58fMvj9T1KY9yYLfz2jIH2lKbSayIHSkyLgkUc6bofoWGvwRJqSG4MyUtCNf23sVP6ABPBd9uvV6NtFEREVb2jE35ZdcZIqgQJ7qp0+64H9vWXtxS5/3aiapm63dcJvfUweqhvtu8npaTk1G1I7nUl4UyZo9qJ6xeKCgB3OWV0vK+nopB6Uy5jGFqpo4hiEBkvDlh4nx2YiVeAjvgSb0UhMAYg6uHyBsZiC08CzZ8gYQYy0om22afpSoe1dl9uUk22nNouxyj8sh8gOFz5+EhxU+k6F9Wouzjs+EgWJWpng6RjuavEAjObhAwRw3nUZmaBRjBI3237vT8E0kWaZgAh42Ax+uJLhrymZJB5Cw20EkIuGqOA5SEtGuWw8ltmgvZl5L9QxAG/B+DINzLEivYQsln8sQBdXhiOdRzECN357CHZ3ts8LR7vEP2iFQ0WEgo/POXu4WFoVp3Vr19mlgqZNZ/tcOhq7QiDYV3AEx/1vpx6aQoZm+M6vgXocAqtzn+Dof/6Sj4ZUJle2Fr3sLQMDJXn1SG6MHRtC8/Fb9SXmPJspfvWyX5Ryh/YaBewNwM1o9K1J9w05QjQOhhkHVNZvgC49yixWLsHdNJS4sRA1GCFmEslDg6QzPgZLrm3q3IGcc/XDyy2QyrqStC6O08YBLvR0xDtQ/ukga/zXHg8N6iGoaU9LYNsHtr+Yj9M0MOvf27uzzrdxKsWUSUZOUNY7+/nHgHlkRPNqrPkvdZEvYeKT3r3Kzhs1TdXRfEiYLxWPY3ZI1WSbyJYq24yBpkvbvWR4kBGna3u6kdu62KSCAVowggFWoAMCAReiggFNBIIBSZubPSjiNoGmDgg+PbhSc4vT0D1+YIrCGxyyFJ+R2uIvcbI+KU/XTUScbfQC6yTj4QY4QpYYmqe4XffUfDrL2UM+2VMB2q0IIaUG3/tlwWyehuuA+013LIqFqYry2xwvSnxPfu/B90eKkSTQGfa2L/cNeWaAFhxTaZla1F+jXltvfQDMeB8rZbdr6hHmFdLKcpbHVX8Z0e4Xl++d5UWxnjWcWGsolJ7sVllc8oQdCp/Hwv/d4kmaKUBfWkc/O8D9Muz7ntjHkdMji9oJEghPwpbAzcTkIUaK21ClfT2M6wDA8j+MVgqyyjQRWF1KpGOkUyjq1vLY0+ZvhKXjjsVsMSeVmB4JoteWAzwZ8sjTtg8BXNk+wPMrxWx4HQtj0uByHrkedJGBvYPa4e38ZEB8iI6FPtUqL5FYwhH+5AX/6qDSHYTO1bGP1DKp</wsse:BinarySecurityToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsa:EndpointReference>
<wsa:Address>https://epbyminw1035t1/</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Lifetime>
<wsu:Expires>2017-05-06T12:59:43Z</wsu:Expires>
</wst:Lifetime>
<wst:OnBehalfOf>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-d222c214-40c4-4256-9bb8-299878baaf6c" ValueType="http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ" />
</wsse:SecurityTokenReference>
</wst:OnBehalfOf>
</wst:RequestSecurityToken>
</soap:Body>
</soap:Envelope>
Response:
<?xml version="1.0" encoding="UTF-8"?>
<S11:Envelope xmlns:S11="http://schemas.xmlsoap.org/soap/envelope/">
<S11:Header>
<wsa:To xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
<wsa:Action xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</wsa:Action>
<wsa:RelatesTo xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">urn:uuid:259dd3b9-d057-406a-8e1e-fcb177483cc8</wsa:RelatesTo>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" S11:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="accc7e2f-846b-43f0-b670-ce1cfa164785">
<wsu:Created>2017-05-06T09:00:53.204Z</wsu:Created>
<wsu:Expires>2017-05-06T09:05:53.204Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</S11:Header>
<S11:Body>
<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestedSecurityToken>
<saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
</xenc:EncryptionMethod>
<ds:KeyInfo>
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">681uPNPwe+Xc5cMkCUiZlxk56tA=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>MGc8G44sOyO18oHdpv4s9Uv6JFvugiejzWES95uhBgeYMtkBmwFYxt/kjtDialW5WqqK52nmZ7v3
qbT6jgTRTXVLCiMyHn/nKlxv52aTVRpx4rIjtcfjz1CFQdxou/sz/YqkFnzRrrSINfD5yGJPfhHJ
JGzhAf++fhrhuAf+/lfJZuRgnmbKHkWQOIiLcV8pCgw0SNg9ShCcLMDoJCRBPFkdDKb7NKwXh0Dv
1vradm/fywRAMkh6gXsJUbPwS6z3pVxHgviBTZguOiAN2kH9QcKs93vpE6ZIVSoEqwjTEjZYiQmN
bTbqK+XGOJnNJPOsRGwFsSryiO9rZq8Fs9FxyQ==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>944QRl+Mo2rS+nreI5oAtE6tQlJdGJ8Wx62N/PepTBZcvJh0zcY4qzvGoaUd+fwLTB9LzrRD90mI
SpbkcHFJaoYJ73qZjJ7dcgUnrf4ZP7BwTetHpCxSZPM/hgeWFp/Wwu7+uNYH5f0WLKIQ8k2/HTRH
nqUupYymsiLNb0rPSwRLrcoLC+yxTgcfOTb0b5Lb32tBCkVkpqkp6glrP1f5PLwalxsW2Th08jLA
VYSRXBC9kbMdSOxrGQe1Ypp6lKo4aDbXB6cHfKxDxdP6/rCbey8XR/OwXsW6SiQSC0X0ospQZyQm
R11BeOyEaSOsALRpiodmFMKiON9/10/aeaBVW3IhZV+M7q9SexsX1zqqyZfKq7GdIHuV+V2dFQQz
QsU/Zk6a0N2zm0/4UBH7MV8yIWXKS4JsGDmpNXH/pz/SJSp4Xap8CHYZd3wsBwCuwjQD9z5esbAI
uIkjYtEBsbMBzQ5JHYUUgJcPinR9ubOrcmQPO0r6v0vMzGcW3Z8EVqadmprYC4jGR4FV4EQ2Gzaq
ItkrwOI7ICZNEaCnwNzhIW2oLrAU2Ec9cjxU051tHRlIffCmtmaKM+6f5Jb52eTQcMcCzrehsq9Y
kdkFrTpZOZUsWtN6GSGDk0pJ8omgU1qTzFSzyjKWoLjCHfLDLp0IaUx4qjz79AieeCDVMB64xiMA
vLIOfacVyuuoNQ86SABrHoDdC5wSccfKPDxw7NQOj7hbhZ7Sd/JJGgUgAWVl3TXGP4x+qExkHxqQ
M3yBCi1iL0HtRDGGC4uZQy6XFmqp37KuP1qJYEEGxA4fZW3ogWevrpiNJn+xCBCOMuAcyFowtR50
xQJt3nWzfMjUiWvI2iAR89JwHyJGDC4fgAJKmynuoDlTp54fDnulAzQQw+M4fGycKRtPIrpEJJYv
jZWqx+RbXUUrxDjuScP4HBBVPBJfhTJZBhXEOQNyOH4y9SeqCfjZS725Uw0iZoTqNrEIvmRxYtkJ
0hToG/Y8SFU9LXZfvfGQH6hnN/52/h1jBQx0Llm74bHpbdrF2RfwWhFDlHHbDDBgzUBg0aFSkHvF
zMLI0mtfkcZhIF9+OAjkZyWmGtEsSj8x+OjlA7K5QLGhZ8FQ1Qyf3kCr1tuDlAPhQyWjgUmg/1LQ
YcOHZkaeMvpiPlKV9jhKG1u34hm1+vzNlaY/1uL9Q+MdH/Nr6TSjkis4d+jDxj3WFpz32E3ckmBG
QTR3fHSMl94a1AMCS/9ihA47KehSU/a58J6My8ky9rS1kEXicglK98XNM6zhcOXMt6HWggNbnQ+g
4ET7XE6gq7p6igZSxav0CqKOegR0FFUPK4eNUHfxUy1BzfREOTcyUeAdXlVpSCM/+WNTzWi3/eMK
t2QjGgk1rZrtB95W3cjKA54ViqofTkf/hgPav7ZxYF6E1dMZoTfUTCFP8TRWC/3riGyYHUEkrBNn
o0vKi/QGkO4bwE+jiy/jHjm4VBgPwHUA8bGYysovVtUKnzSm1wjw5pto1/0CLZsq50etFyYeCHUi
6hetrBlYBWDL4hxKs1eVs9q22OQ/Wk6VAV0Ip+f3qY8yrgBZ9VZIcGQSblrjrLp/3iH15ML2ror5
T3nC3zboNJIkprGTcIfDofr6EcEOnZGWfafotWFMGGUdMWxo/WznZUBwbWRR6MsX+hXRiR8OCaUC
FR/uY7kkHpOZTo+tChg8KJTqwDAOK92vm9vDOOBuIQBdjZtx1K+oqzhG1Nf9mWfYnmDHAlXpHmTn
dS8KoVrrMcoOzfe9P3J6fUSTreP2fEYip63QO0Dt4gTP8zbnJ0MYbr0A5rG1JFhjZoMH6Ozb4VPb
PMsMmfRDEr1O5M6ovcD90wqVrvTLfIUEArYfGdXXxyxkqNLqXo3qoIb6CQ8faOZY1iogWd8PNdfL
CjNYQ+uUtVV6KXc62R2oAD+DEWa1e5cb07KG6bDtQAuI9e6eU2RQf0W0rxZ6IIDLNQijo3RqsRWS
NLye7WKzKjF7TdHArHUf72aOW8xsXP/0jfn+xXYaXg4aENabE0s0Bj33TYCe1wCOaYBr3qmR6cJN
nf5voXRfhs+/kbyM+w1oL5qNx/G6/HnE+PhBOF0xLhg4jq+Z7KZmX2TKJ25HlrH7BScb/CpMYGes
XnNJz2rqKvRaXbO9fMoWeSIe0+6EAqszNh0+v7Jiaa02Y675VjU523fUoxiabCce1d0d+cTC4H8u
Y5s/NZYq+4G/ji71f0dwfWatYiLyze5HWxxGstw0Zi7JjoYGITrY69CG7KZLpYWUBfe4LqQA51ha
/l6DGoIxIEwirIMFyPfbbpMTTOKmldxn1M8cvS+i0WKegK6qvrROhD9jX+glqq5hUCUHnW6g+mmW
v+AjUB/OBCGYgPMEQXYmkcoZDpASy1MzcWKvCMCsqH5BMHPkun0eOebjO8chFkRSZP7tWzjVXWow
6dIuCBSsqaJC4E2y0TkktOwe/n9Qg6Snr8YavM9mvq2Nsb5+gzF74UvdPCUtTWjeSpTcpq+1d1c3
shKqmUtdYbgg5tRKI6QP5z6J1WB9qFVqsGGAjtz2aC8bA9OmSvEtqFQWtTzuBbzoNoh1z/Kvop8P
XrHjDckRMD4VncogStKHKbMIeqyVUw7tYzNwiV8CF94OqKu4tMj/0YG3XgmrPpW78wuqVp8dAO1a
OoyZ+Sj7g12+c/RWHNI19KEiR5RAFCcz8+4A4qfeoqkJ2Wo9GKXajS4WoediIzP4eG3ROiQEl4lH
hN3a/TeaZQOdM1GjUmWMUX5EkJE7VpUz0rJfTTAs5W/uYl57U9hdmwr6Flnp82wvkkfJz/JZdL6v
tGGP5sh11GOX2l+O7GKAz9sgLblIpRfQ8aZO4r/HJl6gWHekuLAupPzGCl27be3krDpIdYAViFX6
yILDGW4nxY+xnAsML3s2k8qFJ0Qi61DBJyKC6zlrDowwUPY2LBQsH4Iwwo2CYMt1FEdt+44QWVjM
rX4RLf8bEuDG+usVa2TTVuq1351nWp5Spet9Uow5H1ZtxO8zMzho5/TVTxg8srGmi73KOHFFK0bp
ve/ilvh4juDadqknDbx+EC9pEDdXOlmmZ6oYanQQRnQnHtUJ2cFQbQSP8qOhmqw41lQy2y5pqMEC
OACt9nxRIBvc13D5yBSgzRi7VY6ThrZigWFonurFO+DDbnqafhKdPn6ZDHit9yCH28xienioW3FC
id021qExTFH2eiddotYk0WBBBy+N+uLcLpI4Fkik/OvYaS0e54Hya/vHLeU8tInoJpKeyHIsjw6C
ioHo2xUs7g+V1IOIiSu9RgOPOhs2yu4ITro1MDbBJ/naOeCc/oe4at3BvIkIKW+QGSy9HjD/7t82
N9zIaddLfGbOlmsbY6kb6ZuNTSqK0tEV4HdQDBDR1C+UW32ljkVeIbj245r7EnsUwxqC0/azNFvL
yU4ar0fjbCfdYaJFZ1RRpbIkEDtTRLhMRmRnvo48NDIdgvzEHdlmLOm7C7HtLsek/njJVQ1806hJ
Q/tC38u/+WAQ9rfZb/n07+PD/KhffYVlU7c1AwknPbBm5AaqhcLOTnYZCQUVBAopBqs1GZfsJE86
i6t+JjTbhUPGKqtkXpZtPTnHszDLQj4KeMIASNPgBthdXuxrAAoaagxrHbWhi3RUAvSduYXko/f4
lZ9h3wtdTzqC1YsQFgQ+5yKlWkRkdNgBRi40yjTqtOrVpPJEjcrCqOiDi1Cah4q2S98dDSi8a9J2
dqqlrWGDAHAU7pJwM56zrcNdS8yVcSOgwkukRaf3fQLFjbIoVb0/slBgKzFKDn3yVYL5PXvQzFkb
pxkwpxW+N2HHcg0DHNuLEvboyZJOe+DuKIAXuJE2tvTUvbhuWZ0Z2CMRUFcHbqyCzfdpJ35SOpoh
ra0nZMiVpIKhGqD/QGQJtoFhmE4qxxWzXqTGkphNw8tjJPw1DcSJFt3lBAvRXVkdcjuJ1szg8dps
s02fCsOfbDO0lJSqVu4ue57nb9BTiTummT8aMYxFBtG1Jf6Rw1aEoJIsUZNx3jVZLUfeVOkkN2ls
8sAWymIEolrAOBdKHOUI80KZ+LyTTxyRgUsMfQxgAi2K7EGO5K3qY/fodgZfWHXRQ3b0MOccVJxW
2WPjYfGIrWtTz5ALQPAHpgNAgoic5g2vmH5eE+Zjrg30yGWjqDKomrf3V12bYY2beh/8WWn3a5tI
teMdnx3iGCQcVsiyqG8zgT41STwlTqEBb9ysD/aq3qnJG6kjYEHoiQCLrM9T8gmwf9RSWKH5YbVr
1wTQ8xBBx/IECHHrHqpsEmnQ4k7SM05Vdg75TjUQKpddQfGQGAbyfij81SmhcXk7ZQsZfBUzSXOX
+52+9EKVlVJFEFTr7ByzOEIaYiH7QVXui1uvdJQRt3xgCkJ0kvIrQ+3MRQFPAdDeW/fH/SkNwOFQ
Zqvb34VmFE/+MhRQUqYXWQIvIQdHzUbyIf2dmYU0LuPN6BXZ3ndxJkB/YcPdXCjBGWFjX1OxCZns
Cl5KhV3K62vNRh7xXc5mQDeP4Xh/et/w0tpUT0/UmVHXh+WuBFG+5FeZ5FegSDAUnvS4xSdSgrxS
S2uIwJpRAGaXtxRYQM8CHr+mhkw318yIIwh3blOTaRum94FjIpbRabTHUjpDmYyU/LPPFUlSNkY3
BqMg3zcNQCDcZ7Zc9fiJpFqbjsb2GzIwGZIkwgiTNnNhJVvGpgNLINNVkTu837xp6LUBzN7Nu9iA
1CgjOEHLxoGALs272gy/5C2oGsabdaAp1rz3nJ7xXSpfhRvLENHhtM/lVvM06LvqXOm6zhOW37KN
hgOJHg5x0SsdwBREqBf9B/HZ1xepFYHUAA==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml:EncryptedAssertion>
</wst:RequestedSecurityToken>
<wst:Lifetime>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2017-05-06T09:00:53.047Z</wsu:Created>
<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2017-05-06T09:30:53.047Z</wsu:Expires>
</wst:Lifetime>
<wst:RequestedAttachedReference>
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">FrHqN0d4pwLUk27_Zg6S5bDfRz_</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</wst:RequestedAttachedReference>
<wst:RequestedProofToken>
<wst:BinarySecret xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey">ag50mZkU/2ukM9XmTSp5Dg==</wst:BinarySecret>
</wst:RequestedProofToken>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<wsa:Address>https://epbyminw1035t1/</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityTokenResponse>
</S11:Body>
</S11:Envelope>
@pkarneliuk
Copy link
Author

I could not get a SAML assertion via com.pingidentity.Security.STS.Client.STSClient API because it throws an exception for Kerberos tokens.
The Ping Identity .Net SDK uses Microsoft.Web.Services3 components (from .NET Framework 2.0 era) which has internal problem with length of Kerberos keys. See the link.

C:\jre>sts_client.exe E:\SampleApp\Bin\XML\Input.xml
RequestType ISSUE
Endpoint: https://epbyminw1763t56.cluster.dom:9031/idp/sts.wst?TokenProcessorId=Kerberos
RequestedTokenType: -
SendingTokenType: KERBEROS
AppliesTo: https://epbyminw1035t1
/==========================================

Target Principal: HTTP/EPBYMINW1763T56.cluster.dom
/==========================================

****** Exception Raised ******
System.ArgumentException: WSE2351: Incorrect size for key material, expected 32 bytes.
at Microsoft.Web.Services3.Security.Cryptography.AES.set_KeyBytes(Byte[] value)
at Microsoft.Web.Services3.Security.SecurityTokenServiceClient.SetupIssuedToken(SecurityTokenMessage request, RequestSecurityTokenResponse response)
at Microsoft.Web.Services3.Security.SecurityTokenServiceClient.RequestSecurityToken(SecurityTokenMessage request, String methodName)
at com.pingidentity.Security.STS.Client.CustomXmlSecTokenServiceClient.RequestSecurityToken(RequestData requestData, Object authObject)
at com.pingidentity.Security.STS.Client.CustomXmlSecTokenServiceClient.ProcessSecurityToken(RequestData requestData, Object authObject)
at com.pingidentity.Security.STS.Client.STSClient.IssueToken(SecurityToken token)
at com.pingidentity.Demo.SampleStsClient.SampleStsClient.Run(String filePathWithInputParams) in c:\Users\Pavel_Karneliuk\Downloads\SampleApp\Src\SampleStsClient\SampleStsClient.cs:line 497


The SOAP Request and Response above were captured by Fiddler

@pkarneliuk
Copy link
Author

Some explanation of System.ArgumentException: WSE2351: Incorrect size for key material, expected 32 bytes.
The Microsoft.Web.Services3 does not support 256 bit keys for Kerberos tokens

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment