2.2.2 Common Syntax for Response Messages

[WSFederation1.2] section 13.2.3 specifies the common mechanisms for returning security tokens. For processing guidance on handling unsupported parameters, see section 3.1.5.2. To simplify implementation and improve interoperability by restricting protocol variations, the following parameters are restricted by this protocol:

• wresult: The issued security token that MUST be encoded as a RequestSecurityTokenResponse (RSTR) element, as specified in [WSTrust] section 6.2. This format is detailed in section 2.2.4.1.

• wctx (optional in [WSFederation1.2]): An opaque context value that MUST be returned with the response if it is passed in the request by the relying party.<9>

To simplify implementation and improve interoperability by restricting protocol variations, implementations in conformance to this protocol SHOULD NOT<10> support the following parameter:

• wresultptr (optional in [WSFederation1.2]): A URL where the relying party can find (using an HTTP GET) the security token service's response.

If an implementation chooses to support this parameter (in addition to supporting the full protocol), it will still be compliant with the Microsoft Web Browser Federated Sign-On Protocol.