3.1.1.1 GetFsTrustInformation

The client calls this method to get the information the client needs to verify security tokens issued by the server to the client using the protocol defined in [MS-MWBF]. The following data is used in the request and response.

Name

Description

Corresponding message parameter

Client Policy GUID

This is a globally unique identifier (GUID)* for the policy that is held by the client at the time of a GetFsTrustInformation request. If the client does not have this value (such as prior to emitting the first protocol request), it is required to represent it in the protocol as "00000000-0000-0000-0000-000000000000".

All Requests: Guid element

Server Policy GUID

This is a globally unique identifier for the policy that is maintained by the server at the time of issuing a GetFsTrustInformation response.

All Responses: Guid element

Client Policy Version

This is a version number for the policy that is held by the client at the time of a GetFsTrustInformation request. If the client does not have this value (such as prior to emitting the first protocol request), it is required to represent it in the protocol as "0".

All Requests: Version element

Server Policy Version

This is a version number for the policy that is maintained by the server at the time of issuing a GetFsTrustInformation response.

All Responses: Version element

Trusted Certificates

This is a list of identifiers for the certificates that can be used to sign security tokens targeted at the client. The identifiers are used to identify the certificates contained in the Federation Certificates data item discussed below.

All Responses: TrustedCertificates

Revocation Flags

This is a value that indicates whether and how revocation of X.509 certificates contained in the Federation Certificates list is to be checked.

All Responses: RevocationCheckFlags

Federation Certificates

This is a list of the X.509 certificates and their corresponding X.509 certificate issuer chains that can be used to sign security tokens targeted at the client. The X.509 certificates in this collection that can be used to sign security tokens are identified by the Trusted Certificates data item described above.

All Responses: certificates

Federation Service Domain Account

This is a service principal name that identifies the domain account under which the server is running.

All Responses: fsDomainAccount

Hosted Realm URI

This is an identifier for the server. This URI is used in security tokens to identify the server as the issuer of the security token.

All Responses: hostedRealmUri

Login Service URL

This is the URL to which the client redirects service requests using the protocol described in [MS-MWBF].

All Responses: lsUrl

* Unless otherwise specified, all GUID values in this document follow the pattern specified for the "guid" simple type, which is first defined in section 3.1.4.1.1.1.