3.4.4.1.1.3 RequestSecurityTokenResponseCollection

The RequestSecurityTokenResponseCollection message contains the response for the RequestSecurityToken and RequestSecurityTokenOnBehalfOf operations.

The SOAP action value is:

   http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RSTRC/wstep

The RequestSecurityTokenResponseCollection message ([WSTrust1.3] section 3.2) is sent from the server to the client and contains the requested certificate and provisioning information.

 <wsdl:message name="RequestSecurityTokenResponseCollectionMsg">
   <wsdl:part name="responseCollection" element="wst:RequestSecurityTokenResponseCollection"/>
 </wsdl:message>

wst:RequestSecurityTokenResponseCollection: MDE modifies the implementation of the RequestSecurityTokenResponseCollection message as defined in [MS-WSTEP] section 3.1.4.1.1.2 and its associated protocols.

The following elements and attributes MUST be specified in the SOAP body of the response message.

wst:RequestSecurityTokenResponseCollection: The <wst:RequestSecurityTokenResponseCollection> element MUST be a child of <s:Body>.

wst:RequestSecurityTokenResponse: The <wst:RequestSecurityTokenResponse> element MUST be a child of <wst:RequestSecurityTokenResponseCollection> (see [WSTrust1.3] section 3.2).

wst:RequestedSecurityToken: The <wst:RequestedSecurityToken> element MUST be a child of <wst:RequestSecurityTokenResponse> (see [WSTrust1.3] section 3.2).

wst:TokenType: The <wst:TokenType> element MUST be a child of <wst:RequestedSecurityToken> and the value MUST be "http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken" (see [WSTrust1.3] section 3.1).

wsse:BinarySecurityToken: The <wsse:BinarySecurityToken> element MUST be a child of <wst:RequestedSecurityToken> and MUST contain a base64-encoded XML provisioning document that consists of an X509 certificate and provisioning information for the device management client. The provisioning document schema is described in section 3.6.

wsse:BinarySecurityToken/attributes/ValueType: The <wsse:BinarySecurityToken> ValueType attribute MUST be "http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc".

wsse:BinarySecurityToken/attributes/EncodingType: The <wsse:BinarySecurityToken> EncodingType attribute MUST be "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary".