3.1.5.1.2.4 Security Realm Data

The security realm data returned in the response MUST be cached in order to offer the web browser requestor the appropriate security realm choices. All security realm entries from the response without a security realm type of "TrustedRealm" MUST be ignored by the client. Security realms with a security realm type of "TrustedRealm" are used to offer the web browser requestor the appropriate security realm choices of security realms where a security token can be obtained.

If the response contains any security realm Accepted Authentication Methods URIs, then the client MUST include those URIs in the wauth parameter sent to the Requestor STS as described in [MS-MWBF] section 2.2.3. The security realm Login Service URL MUST be used to direct the [MS-MWBF] request to the appropriate URL after a web browser requestor has selected a security realm. The security realm Display Name MAY be used to provide a human readable identifier for the security realm.<5>