4.3.1.3 RequestSecurityToken Example: Request using On-Premise Authentication
The following snippet demonstrates the call to the RequestSecurityToken message using <AuthPolicy> "OnPremise".
-
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ac="http://schemas.xmlsoap.org/ws/2006/12/authorization"> <s:Header> <a:Action s:mustUnderstand="1"> http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RST/wstep </a:Action> <a:MessageID>urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749</a:MessageID> <a:ReplyTo> <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> </a:ReplyTo> <a:To s:mustUnderstand="1"> https://enrolltest.contoso.com:443/ENROLLMENTSERVER/DEVICEENROLLMENTWEBSERVICE.SVC </a:To> <wsse:Security s:mustUnderstand="1"> <wsse:UsernameToken u:Id="uuid-cc1ccc1f-2fba-4bcf-b063-ffc0cac77917-4"> <wsse:Username>user@contoso.com</wsse:Username> <wsse:Password wsse:Type= "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">mypassword </wsse:Password> </wsse:UsernameToken> </wsse:Security> </s:Header> <s:Body> <wst:RequestSecurityToken> <wst:TokenType> http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken </wst:TokenType> <wst:RequestType> http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> <wsse:BinarySecurityToken ValueType="http://schemas.microsoft.com/windows/pki/2009/01/enrollment#PKCS10" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary"> DER format PKCS#10 certificate request in Base64 encoding Insterted Here </wsse:BinarySecurityToken> <ac:AdditionalContext xmlns="http://schemas.xmlsoap.org/ws/2006/12/authorization"> <ac:ContextItem Name="UXInitiated"> <ac:Value>true</ac:Value> </ac:ContextItem> <ac:ContextItem Name="ExternalMgmtAgentHint"> <ac:Value>Agent1:Value1</ac:Value> </ac:ContextItem> <ac:ContextItem Name="DomainName"> <ac:Value>mydomain.fabrikam.com</ac:Value> </ac:ContextItem> <ac:ContextItem Name="OSEdition"> <ac:Value> 4</ac:Value> </ac:ContextItem> <ac:ContextItem Name="OSVersion"> <ac:Value>10.0.9999.0</ac:Value> </ac:ContextItem> <ac:ContextItem Name="DeviceName"> <ac:Value>MY_WINDOWS_DEVICE</ac:Value> </ac:ContextItem> <ac:ContextItem Name="MAC"> <ac:Value>FF:FF:FF:FF:FF:FF</ac:Value> </ac:ContextItem> <ac:ContextItem Name="MAC"> <ac:Value>CC:CC:CC:CC:CC:CC</ac:Value> </ac:ContextItem> <ac:ContextItem Name="IMEI"> <ac:Value>49015420323756</ac:Value> </ac:ContextItem> <ac:ContextItem Name="IMEI"> <ac:Value>30215420323756</ac:Value> </ac:ContextItem> <ac:ContextItem Name="EnrollmentType"> <ac:Value>Full</ac:Value> </ac:ContextItem> <ac:ContextItem Name="DeviceType"> <ac:Value>CIMClient_Windows</ac:Value> </ac:ContextItem> <ac:ContextItem Name="ApplicationVersion"> <ac:Value>10.0.9999.0</ac:Value> </ac:ContextItem> <ac:ContextItem Name="DeviceID"> <ac:Value>7BA748C8-703E-4DF2-A74A-92984117346A</ac:Value> </ac:ContextItem> <ac:ContextItem Name="EnrollmentData"> <ac:Value>3J4KLJ9SDJFAL93JLAKHJSDFJHAO83HAKSHFLAHSKFNHNPA2934342</ac:Value> </ac:ContextItem> <ac:ContextItem Name="TargetedUserLoggedIn"> <ac:Value>True</ac:Value> </ac:ContextItem> <ac:ContextItem Name="Locale"> <ac:Value>en-us</ac:Value> </ac:ContextItem> <ac:ContextItem Name="HWDevID"> <ac:Value>FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF </ac:Value> </ac:ContextItem> <ac:ContextItem Name="ZeroTouchProvisioning"> <ac:Value>ffffffff-ffff-4fff-afff-ffffffffffff</ac:Value> </ac:ContextItem> <ac:ContextItem Name = "OfflineAutoPilotEnrollmentCorrelator"> <ac:Value>ffffffff-ffff-4fff-afff-ffffffffffff</ac:Value> </ac:ContextItem> <ac:ContextItem Name="NotInOobe"> <ac:Value>True</ac:Value> </ac:ContextItem> </ac:AdditionalContext> </wst:RequestSecurityToken> </s:Body> </s:Envelope>