Managing Security Token Service

The "Security Token Service" component of WSO2 Carbon enables you to configure the generic STS to issue claim-based security tokens. This Security Token Service is capable of issuing SAML 1.1 and SAML 2.0 tokens as recommended in WS-Trust and SAML Web Service Token Profile specifications.

The WSDL of this service can be accessed by clicking this URL: https://(hostname):(port)/services/wso2carbon-sts?wsdl. For instance, with the default configuration, the URL is https://localhost:9443/services/wso2carbon-sts?wsdl.
Both SAML 1.1 and SAML 2.0 token types are supported by default. The issued token type is decided based on the Token type defined in the RST (Request Security Token).

Currently, the Bearer Subject Confirmation and Holder-Of-Key subject confirmation methods are both supported. With Holder-Of-Key, both Symmetric and Asymmetric key types are supported.

It is possible to obtain tokens containing claims which hold certain information about the subject. These claims can be extracted from the profiles or through custom claim callbacks which can be registered to the Carbon runtime.

Please see the following pages to learn more information about the Security Token Service:

• Configuring STS for Obtaining Tokens with Holder-Of-Key Subject Confirmation
• Securing the Security Token Service
• Security Token Service with WSO2 Identity Server
• WSO2 Identity Server and Claim Aware Proxy Services with ESB
• Extending WSO2 Identity Server to Handle Custom SAML Assertions