3.1.1.1 GetFsTrustInformation
The client calls this method to get the information the client needs to verify security tokens issued by the server to the client using the protocol defined in [MS-MWBF]. The following data is used in the request and response.
Name |
Description |
Corresponding message parameter |
---|---|---|
Client Policy GUID |
This is a globally unique identifier (GUID)* for the policy that is held by the client at the time of a GetFsTrustInformation request. If the client does not have this value (such as prior to emitting the first protocol request), it is required to represent it in the protocol as "00000000-0000-0000-0000-000000000000". |
All Requests: Guid element |
Server Policy GUID |
This is a globally unique identifier for the policy that is maintained by the server at the time of issuing a GetFsTrustInformation response. |
All Responses: Guid element |
Client Policy Version |
This is a version number for the policy that is held by the client at the time of a GetFsTrustInformation request. If the client does not have this value (such as prior to emitting the first protocol request), it is required to represent it in the protocol as "0". |
All Requests: Version element |
Server Policy Version |
This is a version number for the policy that is maintained by the server at the time of issuing a GetFsTrustInformation response. |
All Responses: Version element |
Trusted Certificates |
This is a list of identifiers for the certificates that can be used to sign security tokens targeted at the client. The identifiers are used to identify the certificates contained in the Federation Certificates data item discussed below. |
All Responses: TrustedCertificates |
Revocation Flags |
This is a value that indicates whether and how revocation of X.509 certificates contained in the Federation Certificates list is to be checked. |
All Responses: RevocationCheckFlags |
Federation Certificates |
This is a list of the X.509 certificates and their corresponding X.509 certificate issuer chains that can be used to sign security tokens targeted at the client. The X.509 certificates in this collection that can be used to sign security tokens are identified by the Trusted Certificates data item described above. |
All Responses: certificates |
Federation Service Domain Account |
This is a service principal name that identifies the domain account under which the server is running. |
All Responses: fsDomainAccount |
Hosted Realm URI |
This is an identifier for the server. This URI is used in security tokens to identify the server as the issuer of the security token. |
All Responses: hostedRealmUri |
Login Service URL |
This is the URL to which the client redirects service requests using the protocol described in [MS-MWBF]. |
All Responses: lsUrl |
* Unless otherwise specified, all GUID values in this document follow the pattern specified for the "guid" simple type, which is first defined in section 3.1.4.1.1.1.