Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In summery, a security token is issued by the STS with the claims required by the service.

The Interaction between the client and the STS.

The interaction between a client who wants to access a service and the STS is given in the example below.

...

Once a client sends the RST to the STS, the STS first checks the authenticity of the requester by validating the request against the defined security policy of the STS. It then starts preparing the security token (Request Security Token Response). The STS includes all the requested claims and signs the token with its private key . It then finds the public certificate of the service to which this token will be sent by the client and encrypts the token with the certificate. The encrypted security token is opaque to the client.

STS in the WSO2 Data Services Server

The security token service offered by WSO2 is wso2carbon-sts. You can find this by default in the Deployed Services window of the Data Services Server.

...