4.1.2 Responding Node Sends Back a RequestSecurityTokenResponse

An example of a RequestSecurityTokenResponse message follows.

 (00) <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" 
                  xmlns:wsa10="http://www.w3.org/2005/08/addressing">
 (01)  <s:Header>
 (02)    <wsa10:Action s:mustUnderstand="1">RequestSecurityTokenResponse</wsa10
 :Action>
 (03)    <wsa10:RelatesTo>urn:uuid:b3d053cc-eced-43ee-acc1-6c836e219f36</wsa10:
 RelatesTo>
 (04)    <wsa10:To s:mustUnderstand="1">http://www.w3.org/2005/08/addressi
 ng/anonymous</wsa10:To>
 (05)  </s:Header>
 (06)  <s:Body>
 (07)    <t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoa
 p.org/ws/2005/02/trust" xmlns:u="http://docs.oasis-open.org/wss/2004/0
 1/oasis-200401-wss-wssecurity-utility-1.0.xsd">
 (08) <t:TokenType> http://schemas.microsoft.com/net/2006/05/peer/peerh
 ashtoken</t:TokenType>
 (09)      <t:Status>
 (10)<t:Code> http://schemas.xmlsoap.org/ws/2005/02/trust/status/valid<
 /t:Code>
 (11)      </t:Status>
 (12)      <t:RequestedSecurityToken>
 (13) <peer:PeerHashToken xmlns:peer="http://schemas.microsoft.com/net/
 2006/05/peer">
 (14) <peer:Authenticator> Z9Mbuum3+S/uoCrG2611nIvHiKC9Aj/NCmqscaOoQao=
 </peer:Authenticator>
         </peer:PeerHashToken>
       </t:RequestedSecurityToken>
     </t:RequestSecurityTokenResponse>
   </s:Body>
 </s:Envelope>

The following notes give more detail on interesting elements of this message.

02 - Action header. Must be set to "RequestSecurityTokenResponse".

03 - RelatesTo header identifying the MessageID of the corresponding RequestSecurityToken message (see previous section).

07 - RequestSecurityTokenResponse element. Start of the body containing the response.

08 - Identifies the token type. Must be the same token type as what is in the RequestSecurityToken message.

09 - Start of the Status element. This element contains the result of the validation of the requesting node's token.

10 - Start of the "Code" element. Indicates the status code. Note that the only legal value is "http://schemas.xmlsoap.org/ws/2005/02/trust/status/valid". In error cases, a reply message must not be sent by the responding node. Instead, the responding node must close the connection.

12 - Start of the "RequestedSecurityToken" element. This contains the response of the responding node. This must contain the PeerHashToken of the responding node. The hash that the requesting node separately computes for the responding party must match this value for the security handshake to succeed.

13 - Start of the PeerHashToken element.

14 – Authenticator element containing the hash.