4.3.1.4 RequestSecurityToken Example: Request using On-Premise Authentication

The following snippet demonstrates the call to the RequestSecurityToken message using <AuthPolicy> "OnPremise".
 <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" 
    xmlns:a="http://www.w3.org/2005/08/addressing" 
    xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" 
    xmlns:ac="http://schemas.xmlsoap.org/ws/2006/12/authorization">
    <s:Header>
       <a:Action s:mustUnderstand="1">
          http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RST/wstep
       </a:Action>
       <a:MessageID>urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749</a:MessageID>
       <a:ReplyTo>
          <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
       </a:ReplyTo>
       <a:To s:mustUnderstand="1">
          https://enrolltest.contoso.com:443/ENROLLMENTSERVER/DEVICEENROLLMENTWEBSERVICE.SVC
       </a:To>
       <wsse:Security s:mustUnderstand="1">
          <wsse:UsernameToken u:Id="uuid-cc1ccc1f-2fba-4bcf-b063-ffc0cac77917-4">
             <wsse:Username>user@contoso.com</wsse:Username>
             <wsse:Password wsse:Type=
               "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">mypassword
             </wsse:Password>
          </wsse:UsernameToken>
       </wsse:Security>
    </s:Header>
    <s:Body>
       <wst:RequestSecurityToken>
          <wst:TokenType>
     http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken
          </wst:TokenType>
          <wst:RequestType>
             http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
          <wsse:BinarySecurityToken 
             ValueType="http://schemas.microsoft.com/windows/pki/2009/01/enrollment#PKCS10" 
             EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary">
             DER format PKCS#10 certificate request in Base64 encoding Insterted Here
          </wsse:BinarySecurityToken>
          <ac:AdditionalContext xmlns="http://schemas.xmlsoap.org/ws/2006/12/authorization">
            <ac:ContextItem Name="UXInitiated">
                <ac:Value>true</ac:Value>
            </ac:ContextItem>
            <ac:ContextItem Name="ExternalMgmtAgentHint">
                <ac:Value>Agent1:Value1</ac:Value>
            </ac:ContextItem>
            <ac:ContextItem Name="DomainName">
                <ac:Value>mydomain.fabrikam.com</ac:Value>
            </ac:ContextItem>
             <ac:ContextItem Name="OSEdition">
                <ac:Value> 4</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="OSVersion">
                <ac:Value>10.0.9999.0</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="DeviceName">
                <ac:Value>MY_WINDOWS_DEVICE</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="MAC">
                <ac:Value>FF:FF:FF:FF:FF:FF</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="MAC">
                <ac:Value>CC:CC:CC:CC:CC:CC</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="IMEI">
                <ac:Value>49015420323756</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="IMEI">
                <ac:Value>30215420323756</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="EnrollmentType">
                <ac:Value>Full</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="DeviceType">
                <ac:Value>CIMClient_Windows</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="ApplicationVersion">
                <ac:Value>10.0.9999.0</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="DeviceID">
                <ac:Value>7BA748C8-703E-4DF2-A74A-92984117346A</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="EnrollmentData">
                <ac:Value>3J4KLJ9SDJFAL93JLAKHJSDFJHAO83HAKSHFLAHSKFNHNPA2934342</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="TargetedUserLoggedIn">
                <ac:Value>True</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="Locale">
                <ac:Value>en-us</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="HWDevID">
                <ac:Value>FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
                </ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="ZeroTouchProvisioning">
                <ac:Value>ffffffff-ffff-4fff-afff-ffffffffffff</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name = "OfflineAutoPilotEnrollmentCorrelator">
                <ac:Value>ffffffff-ffff-4fff-afff-ffffffffffff</ac:Value>
             </ac:ContextItem>
             <ac:ContextItem Name="NotInOobe">
                <ac:Value>True</ac:Value>
             </ac:ContextItem>
          </ac:AdditionalContext>
       </wst:RequestSecurityToken>
    </s:Body>
 </s:Envelope>
Last updated on 2022-04-27
4.3.1.4 RequestSecurityToken Example: Request using On-Premise Authentication

Additional resources
