...
In summery, a security token is issued by the STS with the claims required by the service.
The Interaction between the client and the STS.
The interaction between a client who wants to access a service and the STS is given in the example below.
...
Once a client sends the RST to the STS, the STS first checks the authenticity of the requester by validating the request against the defined security policy of the STS. It then starts preparing the security token (Request Security Token Response). The STS includes all the requested claims and signs the token with its private key . It then finds the public certificate of the service to which this token will be sent by the client and encrypts the token with the certificate. The encrypted security token is opaque to the client.
STS in a Running Carbon Server
The security token service offered by WSO2 is wso2carbon-sts. The STS facilitated is provided by the following feature, which is bundled by default in all WSO2 service hosting products.
...