3.4.4.1.1.3 RequestSecurityTokenResponseCollection
The RequestSecurityTokenResponseCollection message contains the response for the RequestSecurityToken and RequestSecurityTokenOnBehalfOf operations.
The SOAP action value is:
-
http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RSTRC/wstep
The RequestSecurityTokenResponseCollection message ([WSTrust1.3] section 3.2) is sent from the server to the client and contains the requested certificate and provisioning information.
-
<wsdl:message name="RequestSecurityTokenResponseCollectionMsg"> <wsdl:part name="responseCollection" element="wst:RequestSecurityTokenResponseCollection"/> </wsdl:message>
wst:RequestSecurityTokenResponseCollection: MDE modifies the implementation of the RequestSecurityTokenResponseCollection message as defined in [MS-WSTEP] section 3.1.4.1.1.2 and its associated protocols.
The following elements and attributes MUST be specified in the SOAP body of the response message.
wst:RequestSecurityTokenResponseCollection: The <wst:RequestSecurityTokenResponseCollection> element MUST be a child of <s:Body>.
wst:RequestSecurityTokenResponse: The
<wst:RequestSecurityTokenResponse> element MUST be a child of
<wst:RequestSecurityTokenResponseCollection> (see [WSTrust1.3] section
3.2)
.
wst:RequestedSecurityToken: The
<wst:RequestedSecurityToken> element MUST be a child of
<wst:RequestSecurityTokenResponse> (see [WSTrust1.3] section 3.2)
.
wst:TokenType: The <wst:TokenType> element MUST
be a child of <wst:RequestedSecurityToken> and the value MUST be "http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken"
(see [WSTrust1.3] section 3.1).
wsse:BinarySecurityToken: The <wsse:BinarySecurityToken> element MUST be a child of <wst:RequestedSecurityToken> and MUST contain a base64-encoded XML provisioning document that consists of an X509 certificate and provisioning information for the device management client. The provisioning document schema is described in section 3.6.
wsse:BinarySecurityToken/attributes/ValueType: The
<wsse:BinarySecurityToken> ValueType attribute MUST be "http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc".
wsse:BinarySecurityToken/attributes/EncodingType: The
<wsse:BinarySecurityToken> EncodingType attribute MUST be "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary".