Pushing security token to the Exchange Online API


So how do we get a token from our STS (exchanging username token for SAML assertion) to be accepted by the Microsoft Online gateway? The goal is, after all, to have that gateway’s builtin STS accept our SAML assertion and mint a replacement fit for use at the Exchange Online API endpoint of our Office tenant.

For what its worth, we already have things working using the standard method – when using a federation domain (rapmlsqa.com) that is one of several now hosted in the netmagic.onmicrosoft.com Office 365 subscription. In that case, we can setup a service context capable of landing on the Exchange API …

            ExchangeService service1 = new ExchangeService(ExchangeVersion.Exchange2013);
            service1.Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx");
            service1.PreAuthenticate = true;

            service1.Credentials = new WebCredentials("rapstaff2@rapmlsqa.com", "password");

            {
                FindItemsResults findResults1 = service1.FindItems(
                    WellKnownFolderName.Inbox,
                    new ItemView(2));
            }

and similarly another minor variant that can land on the SharePoint API:


                using (ClientContext clientContext = new ClientContext("https://netmagic.sharepoint.com"))
                {
                    SecureString passWord = new SecureString();
                    foreach (char c in "password".ToCharArray()) passWord.AppendChar(c);

                    clientContext.Credentials = new SharePointOnlineCredentials(("rapstaff2@rapmlsqa.com", passWord);

                    Web web = clientContext.Web;
                    clientContext.Load(web);

                    clientContext.ExecuteQuery();

                    var s = web.Title;
                }

In both these cases what happens on the wire is that basic authentication credentials (in the HTTP authorization header) are sent to the API endpoint. A dance then occurs at this guard, with the server first doing a ws-trust handshake with our STS producing an ID assertion and then another handshake citing that result to get an access token usable at the API.

In what follows, for the Exchange API case, we wish to PUSH the assertion through this process, rather that expect Microsoft Online to pull them (as above). IN doing so, we are acting more like the Lync client. Classically, we just need to exploit the username binding, and then the issuer token binding.

In reverse we see the code that sends a suitable SAML assertion (an id token) to the Online Exchange STS that produces the Access token.

        private GenericXmlSecurityToken do_test_exchangeoffice(SecurityToken FromSwapnatoken, EndpointAddress issuerAddress, EndpointAddress mexAddress)
        {
            const string office365STS = "https://login.microsoftonline.com/extSTS.srf";

            WSTrustChannel channel = null;

            UriBuilder u = new UriBuilder(office365STS);

            var un = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
            var iss = new IssuedTokenWSTrustBinding(un, issuerAddress, SecurityMode.TransportWithMessageCredential, TrustVersion.WSTrustFeb2005, mexAddress)
            {
                EnableRsaProofKeys = false,
                KeyType = SecurityKeyType.BearerKey
            };
            WSTrustChannelFactory trustChannelFactory2 = new WSTrustChannelFactory(iss,new EndpointAddress(u.Uri.AbsoluteUri));
            trustChannelFactory2.TrustVersion = TrustVersion.WSTrustFeb2005;
            trustChannelFactory2.ConfigureChannelFactory();
            if (trustChannelFactory2.Credentials != null) trustChannelFactory2.Credentials.SupportInteractive = false;

            trustChannelFactory2.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
            trustChannelFactory2.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;

            GenericXmlSecurityToken token = null;
            try
            {
                RequestSecurityToken rst = new RequestSecurityToken(WSTrustFeb2005Constants.RequestTypes.Issue, WSTrustFeb2005Constants.KeyTypes.Bearer);
                rst.AppliesTo = new EndpointAddress("https://outlook.office365.com/EWS/Exchange.asmx/WSSecurity");
                rst.SignatureAlgorithm = SecurityAlgorithms.RsaSha1Signature;

                channel = (WSTrustChannel)trustChannelFactory2.CreateChannelWithIssuedToken(FromSwapnatoken);

                RequestSecurityTokenResponse rstr = null;
                token = channel.Issue(rst, out rstr) as GenericXmlSecurityToken;
            }
            catch (Exception ex)
            {
            }
            finally
            {
                if (null != channel)
                {
                    channel.Abort();
                }
                trustChannelFactory2.Abort();
            }
            return token;
        }

Then we see the handshake whose output token is the input token, above:

      private SecurityToken do_test_feb2005_sts(NameValueCollection nvc, Boolean swap)
        {
            WSTrustChannel channel = null;

            UriBuilder u = new UriBuilder(Request.Url);
            u.Path = ResolveUrl("~/issuer.svc);

            WSTrustChannelFactory trustChannelFactory2 = new WSTrustChannelFactory(
                 new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
                  new EndpointAddress(u.Uri.AbsoluteUri));
            trustChannelFactory2.TrustVersion = TrustVersion.WSTrustFeb2005;
                trustChannelFactory2.Credentials.UserName.UserName = "rapstaff2@rapmlsqa.com";
                trustChannelFactory2.Credentials.UserName.Password = "password";
            trustChannelFactory2.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
                trustChannelFactory2.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;

            GenericXmlSecurityToken token = null;
            try
            {
                RequestSecurityToken rst = new RequestSecurityToken(WSTrustFeb2005Constants.RequestTypes.Issue, WSTrustFeb2005Constants.KeyTypes.Bearer);
                rst.AppliesTo = new EndpointAddress("urn:federation:MicrosoftOnline");
                rst.TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.OasisWssSaml11TokenProfile11;
                rst.SignatureAlgorithm = SecurityAlgorithms.RsaSha1Signature;

                channel = (WSTrustChannel)trustChannelFactory2.CreateChannel();
                RequestSecurityTokenResponse rstr = null;
                token = channel.Issue(rst, out rstr) as GenericXmlSecurityToken;

                SecurityTokenHandlerCollection collection = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();

                List ACSIssuerTokens = new List();
                ACSIssuerTokens.Add(new X509SecurityToken(Global.cert));
                SecurityTokenResolver AcsIssuerResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(ACSIssuerTokens.AsReadOnly(), false);
                collection.Configuration.IssuerTokenResolver = AcsIssuerResolver;

                collection.Configuration.AudienceRestriction.AudienceMode = AudienceUriMode.Never;
                collection.Configuration.CertificateValidator = new MyX509CertificateValidator("CN=SSOCLIENT");

                var reg = new ConfigurationBasedIssuerNameRegistry();
                reg.AddTrustedIssuer(Global.cert.GetCertHashString(), Global.cert.Subject);
                collection.Configuration.IssuerNameRegistry = reg;

                IClaimsIdentity claimsIdentity = null;
                var reader = XmlReader.Create(new StringReader(token.TokenXml.OuterXml));
                SamlSecurityToken samltoken = collection.ReadToken(reader) as SamlSecurityToken;
                var claimsIdentitycollection = collection.ValidateToken(samltoken);
                claimsIdentity = claimsIdentitycollection.FirstOrDefault();

                {
                    var mexURLindex = u.Uri.AbsoluteUri.IndexOf(".svc/", StringComparison.InvariantCultureIgnoreCase);
                    var mexUrl = "";
                    if (mexURLindex > 0)
                    {
                        mexUrl = u.Uri.AbsoluteUri.Remove(mexURLindex + 5) + "mex";
                    }
                    GenericXmlSecurityToken token2 = do_test_exchangeoffice(token, new EndpointAddress(u.Uri.AbsoluteUri), new EndpointAddress(mexUrl));
                }

            }
            catch (Exception )
            {
            }
            finally
            {
                if (null != channel)
                {
                    channel.Abort();
                }
                trustChannelFactory2.Abort();
            }
            return token as SecurityToken;
        }

Now, I suppose the next question is: how do we arrange for the SOAP messages used at the Exchange API to use these tokens?

 

The actual messages exchanged were, in time order, from client to ID-checking STS:

POST https://ssoservices.rapmlsqa.com:44300/issuer.svc/office365/OTHER/bariazuresso/18/VCRD HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8
Host: ssoservices.rapmlsqa.com:44300
Content-Length: 2096
Expect: 100-continue
Accept-Encoding: gzip, deflate

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <s:Header>
    <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
    <a:MessageID>urn:uuid:72920909-00ce-447b-a368-a0fcecf7ca69</a:MessageID>
    <ActivityId CorrelationId="7480a962-2de1-4678-bbf4-620d1f6a5699" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">a804a1f7-89ba-49a8-a6bd-039c72cfd987</ActivityId>
    <a:ReplyTo>
      <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
    </a:ReplyTo>
    <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo21+tfOiO29LgAW35fUvp+EAAAAApVhyHwzk7Em8PKPUqzycEZ+0PN/EzzpBijI4LLdqOxoACQAA</VsDebuggerCausalityData>
    <a:To s:mustUnderstand="1">https://ssoservices.rapmlsqa.com:44300/issuer.svc/office365/OTHER/bariazuresso/18/VCRD</a:To>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <u:Timestamp u:Id="_0">
        <u:Created>2013-07-20T22:08:47.914Z</u:Created>
        <u:Expires>2013-07-20T22:13:47.914Z</u:Expires>
      </u:Timestamp>
      <o:UsernameToken u:Id="uuid-381be886-95c3-43b5-be4a-14247dba953a-1">
        <o:Username>rapstaff2@rapmlsqa.com</o:Username>
        <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password>
      </o:UsernameToken>
    </o:Security>
  </s:Header>
  <s:Body>
    <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
      <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <a:EndpointReference>
          <a:Address>urn:federation:MicrosoftOnline</a:Address>
        </a:EndpointReference>
      </wsp:AppliesTo>
      <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
      <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
      <t:SignatureAlgorithm>http://www.w3.org/2000/09/xmldsig#rsa-sha1</t:SignatureAlgorithm>
    </t:RequestSecurityToken>
  </s:Body>
</s:Envelope>


HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 8166
Content-Type: application/soap+xml; charset=utf-8
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 20 Jul 2013 22:09:23 GMT

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <s:Header>
    <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</a:Action>
    <a:RelatesTo>urn:uuid:72920909-00ce-447b-a368-a0fcecf7ca69</a:RelatesTo>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <u:Timestamp u:Id="_0">
        <u:Created>2013-07-20T22:09:23.450Z</u:Created>
        <u:Expires>2013-07-20T22:14:23.450Z</u:Expires>
      </u:Timestamp>
    </o:Security>
  </s:Header>
  <s:Body>
    <t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
      <t:Lifetime>
        <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2013-07-20T22:09:23.449Z</wsu:Created>
        <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2013-07-20T23:09:23.449Z</wsu:Expires>
      </t:Lifetime>
      <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <a:EndpointReference>
          <a:Address>urn:federation:MicrosoftOnline</a:Address>
        </a:EndpointReference>
      </wsp:AppliesTo>
      <t:RequestedSecurityToken>
        <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_1780d74a-496a-448b-80a5-01d76e9dbee0" Issuer="https://ssoportal.rapmlsqa.com/spinitiatedssohandler.aspx/bariazuresso" IssueInstant="2013-07-20T22:09:23.449Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
          <saml:Conditions NotBefore="2013-07-20T22:09:23.449Z" NotOnOrAfter="2013-07-20T23:09:23.449Z">
            <saml:AudienceRestrictionCondition>
              <saml:Audience>urn:federation:MicrosoftOnline</saml:Audience>
            </saml:AudienceRestrictionCondition>
          </saml:Conditions>
          <saml:AttributeStatement>
            <saml:Subject>
              <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">rapstaff2@rapmlsqa.com</saml:NameIdentifier>
              <saml:SubjectConfirmation>
                <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
              </saml:SubjectConfirmation>
            </saml:Subject>
            <saml:Attribute AttributeName="name" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
              <saml:AttributeValue>rapstaff2</saml:AttributeValue>
            </saml:Attribute>
   
            </saml:Attribute>
               <saml:Attribute AttributeName="upnSuffix" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
              <saml:AttributeValue>rapmlsqa.com</saml:AttributeValue>
            </saml:Attribute>
            <saml:Attribute AttributeName="UPN" AttributeNamespace="http://schemas.xmlsoap.org/claims">
              <saml:AttributeValue>rapstaff2@rapmlsqa.com</saml:AttributeValue>
            </saml:Attribute>
            <saml:Attribute AttributeName="ImmutableID" AttributeNamespace="http://schemas.microsoft.com/LiveID/Federation/2008/05">
              <saml:AttributeValue>MWY1ODhkZmEtNTE2YS00NDhlLWVjYWYtYWVjM2M2Yjg1NzAy</saml:AttributeValue>
            </saml:Attribute>
          </saml:AttributeStatement>
          <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" AuthenticationInstant="2013-07-20T22:09:23.449Z">
            <saml:Subject>
              <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">rapstaff2@rapmlsqa.com</saml:NameIdentifier>
              <saml:SubjectConfirmation>
                <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
              </saml:SubjectConfirmation>
            </saml:Subject>
          </saml:AuthenticationStatement>
          <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
              <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
              <ds:Reference URI="#_1780d74a-496a-448b-80a5-01d76e9dbee0">
                <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>Op42sIbKYPzizqb7fka+yMVLa/0=</ds:DigestValue>
              </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>8=</ds:SignatureValue>
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
              <X509Data>
                <X509Certificate>cNAzE4=</X509Certificate>
              </X509Data>
            </KeyInfo>
          </ds:Signature>
        </saml:Assertion>
      </t:RequestedSecurityToken>
      <t:RequestedAttachedReference>
        <o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
          <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_1780d74a-496a-448b-80a5-01d76e9dbee0</o:KeyIdentifier>
        </o:SecurityTokenReference>
      </t:RequestedAttachedReference>
      <t:RequestedUnattachedReference>
        <o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
          <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_1780d74a-496a-448b-80a5-01d76e9dbee0</o:KeyIdentifier>
        </o:SecurityTokenReference>
      </t:RequestedUnattachedReference>
      <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
      <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
      <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
    </t:RequestSecurityTokenResponse>
  </s:Body>
</s:Envelope>

and then the posting of the result of the above to the STS In the federation gateway, targeting the exchange API endpoint:

POST https://login.microsoftonline.com/extSTS.srf HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8
Host: login.microsoftonline.com
Content-Length: 7317
Expect: 100-continue
Accept-Encoding: gzip, deflate

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <s:Header>
    <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
    <a:MessageID>urn:uuid:3e5a7e4a-a35a-4a39-b781-2570d8ea6648</a:MessageID>
    <ActivityId CorrelationId="2a0922e7-4b7d-4f05-90a1-4c3e22364b66" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">16abb648-56ea-4203-b30d-a9a45230a00e</ActivityId>
    <a:ReplyTo>
      <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
    </a:ReplyTo>
    <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo25+tfOiO29LgAW35fUvp+EAAAAApVhyHwzk7Em8PKPUqzycEZ+0PN/EzzpBijI4LLdqOxoACQAA</VsDebuggerCausalityData>
    <a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <u:Timestamp u:Id="_0">
        <u:Created>2013-07-20T22:08:54.719Z</u:Created>
        <u:Expires>2013-07-20T22:13:54.719Z</u:Expires>
      </u:Timestamp>
      <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_1780d74a-496a-448b-80a5-01d76e9dbee0" Issuer="https://ssoportal.rapmlsqa.com/spinitiatedssohandler.aspx/bariazuresso" IssueInstant="2013-07-20T22:09:23.449Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
        <saml:Conditions NotBefore="2013-07-20T22:09:23.449Z" NotOnOrAfter="2013-07-20T23:09:23.449Z">
          <saml:AudienceRestrictionCondition>
            <saml:Audience>urn:federation:MicrosoftOnline</saml:Audience>
          </saml:AudienceRestrictionCondition>
        </saml:Conditions>
        <saml:AttributeStatement>
          <saml:Subject>
            <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">rapstaff2@rapmlsqa.com</saml:NameIdentifier>
            <saml:SubjectConfirmation>
              <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
            </saml:SubjectConfirmation>
          </saml:Subject>
          <saml:Attribute AttributeName="name" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
            <saml:AttributeValue>rapstaff2</saml:AttributeValue>
          </saml:Attribute>

          
          </saml:Attribute>
          <saml:Attribute AttributeName="UPN" AttributeNamespace="http://schemas.xmlsoap.org/claims">
            <saml:AttributeValue>rapstaff2@rapmlsqa.com</saml:AttributeValue>
          </saml:Attribute>
          <saml:Attribute AttributeName="ImmutableID" AttributeNamespace="http://schemas.microsoft.com/LiveID/Federation/2008/05">
            <saml:AttributeValue>MWY1ODhkZmEtNTE2YS00NDhlLWVjYWYtYWVjM2M2Yjg1NzAy</saml:AttributeValue>
          </saml:Attribute>
        </saml:AttributeStatement>
        <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" AuthenticationInstant="2013-07-20T22:09:23.449Z">
          <saml:Subject>
            <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">rapstaff2@rapmlsqa.com</saml:NameIdentifier>
            <saml:SubjectConfirmation>
              <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
            </saml:SubjectConfirmation>
          </saml:Subject>
        </saml:AuthenticationStatement>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_1780d74a-496a-448b-80a5-01d76e9dbee0">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>Op42sIbKYPzizqb7fka+yMVLa/0=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>.../nN4yf8=</ds:SignatureValue>
          <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <X509Data>
              <X509Certificate>...GXFcRcNAzE4=</X509Certificate>
            </X509Data>
          </KeyInfo>
        </ds:Signature>
      </saml:Assertion>
    </o:Security>
  </s:Header>
  <s:Body>
    <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
      <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <a:EndpointReference>
          <a:Address>https://outlook.office365.com/EWS/Exchange.asmx/WSSecurity</a:Address>
        </a:EndpointReference>
      </wsp:AppliesTo>
      <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
      <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
      <t:SignatureAlgorithm>http://www.w3.org/2000/09/xmldsig#rsa-sha1</t:SignatureAlgorithm>
    </t:RequestSecurityToken>
  </s:Body>
</s:Envelope>


HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 13223
Content-Type: application/soap+xml; charset=utf-8
Expires: Sat, 20 Jul 2013 22:08:30 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: vv=1500&1374383370; expires=Sun, 04-Aug-2013 05:09:30 GMT;domain=login.microsoftonline.com;path=/;HTTPOnly= ;version=1
PPServer: PPV: 30 H: CO1IDOALGN02 V: 0
Date: Sat, 20 Jul 2013 22:09:30 GMT
Connection: close

<?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa="http://www.w3.org/2005/08/addressing">
  <S:Header>
    <wsa:Action xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Action" S:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</wsa:Action>
    <wsa:To xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="To" S:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
    <wsse:Security S:mustUnderstand="1">
      <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="TS">
        <wsu:Created>2013-07-20T22:09:30Z</wsu:Created>
        <wsu:Expires>2013-07-20T22:14:30Z</wsu:Expires>
      </wsu:Timestamp>
    </wsse:Security>
  </S:Header>
  <S:Body>
    <wst:RequestSecurityTokenResponse xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault">
      <wst:TokenType>urn:oasis:names:tc:SAML:1.0</wst:TokenType>
      <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">
        <wsa:EndpointReference>
          <wsa:Address>https://outlook.office365.com/EWS/Exchange.asmx/WSSecurity</wsa:Address>
        </wsa:EndpointReference>
      </wsp:AppliesTo>
      <wst:Lifetime>
        <wsu:Created>2013-07-20T22:09:30Z</wsu:Created>
        <wsu:Expires>2013-07-21T22:09:30Z</wsu:Expires>
      </wst:Lifetime>
      <wst:RequestedSecurityToken>
        <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="Assertion0" Type="http://www.w3.org/2001/04/xmlenc#Element">
          <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"></EncryptionMethod>
          <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <EncryptedKey>
              <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"></EncryptionMethod>
              <ds:KeyInfo>
                <ds:X509Data>
                  <ds:X509SKI>Jd5bsV6UjLPeNTrmnIrqm6Jn2Ps=</ds:X509SKI>
                </ds:X509Data>
                <ds:KeyName>outlook.office365.com</ds:KeyName>
              </ds:KeyInfo>
              <CipherData>
                <CipherValue>WWBTkM+iCTju6UiWUIB0iy7bhGZxrG6Dvl2PAWydOo5yBz3Zw9GZ9+9tZhKehHJD0aHSP0tyDa+J+59pI0x7w8mBmD4pcvJvump2Tgte1CWeWGEcAuDeRkQnPjE1AXeEE5WRBPHheiNUNj3AX+r/GyAZNDcX/K2P5ycQRcF4jx7/P1GAaBTtZXrqksL/YDlkoRkWTcVDdKGyxhIsr7oxN3bcaHHtLxsEhhRc9CHkkfblSoPLNvQP180Y1pHtiajDmclVanM5oGDsF9McOZ/aM55M0i5G1QV1gCVBTQdiRHqHsY2tdtS3/14v1NO3n+S4pOVrmOM9KNPjhqzoDpsGaw==</CipherValue>
              </CipherData>
            </EncryptedKey>
          </ds:KeyInfo>
          <CipherData>
            <CipherValue>nZlslZBiI0bmOwgvyo8bhiNpPkvkz6vWFrWVBHOo1PBBxIWRhJb9O/iAlI8QI9Fde8vUq9Bt6lV8mDiJVZi+sP8QW4Eq4yxZlvE+uNHpuii3cSTng1D43q6sD3UGJkOJGS0VhKQxRu8aY+pKrF9WFUs2+7/FFIkMUONCwmY0yoeU2ZSoPAkHGNhBM7t8jX9t16ChvL0pCKjJn02wnmVZ1590i8oNlO0szd35aMSCY4WBHKYN2mvkkyg9cwKVe3P/Er6KR4i+/gRfrDM1yCAOUSxHmLk0TLvIsZCTnqFdoZliO4O78mW9qPXx/LEvmgWNQyaBnPPUd9kbWxTdc4dHlUxWEW7Qu956iRhYBpY14OJzO94E6VhNuPXRvSFtZP8RkRtsUvVVTGJ5Gir7kDNmOc+CPaNJKZySBZLvFMv8gbrx/AHDodypiYf36zr80Cfo9D/c8Tx7d+s+Z2UvJD36K++wFkZYx+42/9y7myHkukviyHhcaE2QNGD51RWr3dXfBF4rGQw/g8cxvL0wqhIilziOGNHILit0o/ePZ44jJKkRqX887XS1kg3jw76dnDx/3UkDj5JDEqRj/j4FueyFTZTHurJ24Q/BL8RMX3QHgGZoVvSxAwLXtxQj+lgEacRR2o0m6+itP3kG/7inH/CM9GW0UmIKQvz4Z4vmphb7hGjaEA3QX0HdwBq1zDVCKldXOjskhpO7jdtxwAeG7p0fXb7XA3qox+qFLWstmoYkYisWNHMMq+jz1PYBZSxw4gRD9iXvpnyc3QBwmeXMYFWvUaVOv0XGslTMxPHbNlvBhNRSWNc5Xp8dKk0QKcwgx2YodTB63GNCNEI8B17dBg/4mDhOcG8Kjds2bfl9WzWSoHFczmrpqDPYedJ+WGoSk8JQQtWLzFbilYzfNojmtoAH8W7PBxUApIcS7x256233hiB56TyCJuq7HWHv47HbkXKXb5N2RxkPcfnV4xmoYUWYyZjM7lj5D7emE4VHkjbDqK1xPPQN8uqrpWR/ZVaYdOSsyeELTjWZ51CRwCeATVdvP8aI1Yni3a4u/snanFEC09/O9SAshSUd0kyTNYTphgjERly/GdCQaiXNAjrANGY4YG3vpWvshpZWPLOj7TdkZyWnQ3nhKhVXbia6w4FmPjq6mSryrI+X8/KJgr63i11a/2qh6yP/lQACrGx5g+9GyqhMakH3TEqp3MlJz4/aV8nMBlf41IyC/oJXNA7usb60a6iw9YAno5CvNAdd+qJvCcAn93eOUemlB6VbVs1+OKnzFvC6gi61JnSBQZ0NnxZHGTXwNxYRxLVaf15kNdzP85hFuWTO4PvXns4fWJLOsWU/eJBXDdfY4Jtp8wZ2TCmGyxQvUmSTh5EKHVxo2hQvMQk6frRaHuD9gdD09iSU/cm1XUSEijCiwk5VU9wXWCyt5eek9AAx75rNX83HtUHO2961h9p9J2KC/Nl3z66QqqZaR8uuGDkhehHCnGnLAPMAhzVeW7MIuRzsz7LLFCeATS6LUsJkau8/njQKH/uKBwGKtcch1DIWyHBv9WMyY1eZFvzuhOmWYpX5qgCGOcBst/wqoNpjucqFpa3lIKVtll2yrFQyATgvrAuraE60L21CL5yPBqO3R62hzaYzguk63uPPY5MMTCyUVYvzRLUYw1/LPrXjdjxc0f3x4bOvMPqtjjejPHmQbKP++wV1Q1yFUwObDGP/TI8PGJ1eveVl6HLpDNoStZiC4eczHDwcEjdWODlchYn/aBFN1BvRrjLvdn0mmTVDn2AJsVJNpZZ3Dmg1CXcymVtntQSrLcgOwv/8Sl+owJcdWN/q0bu6gbpyQDw0I2Ih4KT8AVwmv0Pk+q/peDR/smxOg2FjCLDOxUUSwqRD+XJ6rAons2VU/QzpO1G0OQT/tQY3lsGKk7JuBmHiHKEDpyOPtJSBFN2+H8HBpjLoHLXWwLjNKXWZohGRSCzwNoKZh9GcpnUnH1VLAZiJ2HM5l4XgPqFoX1SHhPOaTt1hUfxisJUEnaUU75Bxw70Br3I4hgoVrRZ3L3It+LZc8Ua/nM7xpt9hPtHIwhtqlvGFZnE8QfrI87KTf6TwsaNXPUgBvFkfcEuJ//kjIsfGZV1aLkhdnj+vBbo6S/skJqFkqkvHestWuar9jFkzqpBCv+6bvw4qODvEs8/uOhw4vtHJRhBhsmXzybZGmSlKo654AkCFulcyR0I4/IXIFW3zMY/G5A3LVbRsOUezH9hgO1e46JAkzeNiz5rR1OSOuXZnr0dwyYpmu5y0CXBMooNGkohXUBtaqdkr1n/LIRR/aHA46Jkip3/GIkk9opg2772Y5LUFQR462p5ZsXJZR+g32lilDJ4zKyva9WBO1bJJTscbDNQCD5B4jHTjnGaBCxjXD34VXnZ7KHlJerC+S9Gqy0cwU7hgNgBvYMSlIfRKqI6T66mYRaplOSBflGt/DHqkBNkPw2xCjXok92fOKOOs6hghW1IjBIqm5fOIkda9FQg26Ocs8/f+d0kvv8JfupMlzWhr4p3cJD1WY0e+4nlkX0LS659IDP5oZnyOhtMQycKA+U40Vf+fW1sNxFpwfAbfMU2QlFCzQsvPLtZ+UFQdvxYrRKpNbNNz+JbmsXNm/+KPATdNQtLaAYVqLBGSuyeE69NvvaNB5qh+pSnHBoFcrd1tsIjj5WuzC8YPjrMJtS0So1jE+/N0InIQYsp5CuY+mRM34VI+nyqx8IdQR850CZPWx1z6N6viiGVuSf0ISPav6PntJEg9f1TXuMAUesy+i9SgczLkG5iZH3NjAcWGqMcPY6FW+HBFfrS+MGMlOkiX1KeEB2RmUPbiVIIbjwae4J1WBmW1s46Wud8oX3uKJ99udFXGFRFcpaSf3xOwxeUHHOuEDgaBrEtVluFUTZJe0XezdGrTfGsbOYg9DCna6SXjYx5xvA+IbHDZh0D+2Ez/J40IWvxPPHZLCFKk/Dfe/xsnCj4UOUp6Op4R6XS5ZiqLfFQV+8INSRuDUfyZhpOHe2nsW0LbMHdv0Ikad+U3OVZcljFe7FQR4eZmj0aO6SxCJgFiHiM9X4c2qIF41Y3tFIwRcMwaq/7pr8YtS1UJ0JLy4B15hh+c9/Vb7Z/7cf+lJGfsTnpf/sVk69C79NopOPc4JuevThhq+skPr/duiygJ/EiV1eiPAB70mFTzFCt7s5plo6z+Sa4VKa01tC6aZksQSIeBSwwDuG7PHXCdn8yRXG0RRozxl6UZ0FK63WFnQnmx5pWevda4GamrxIdTSYm+RIIxd6NmOmBWTBDkULtSBGWWfJlIumfrO4L4OGloHzXfCdLZZCFjKnUVe/q7vVN1PfsMuq69LdpzwM7+OcBBD+bRniQuwnvMoB3GbugKaZ1Kn5KUabAY/pvJ9zI3Kj35LFfz59lZlw+dktZoWSlj4Y5f3tSyvL2ORBHLvQq28hM7pq4LwhKLozT+X9pgzWJHScjDn3eCGR4R6rljP261rPeY4Lcvaoa59nI8h3aMfwshFXmDIYG0NWR4CFE+mezR4gjiHnvw0vlVg/ro3HbzMmL/wwjNMA5lB8iG+eM9CiKAosFwimz2zTCOv11Ggz+o/gRXGMbiqc3mQ7Vifs+UCNyObxMlQ/z2/jtuQAC5EoYpd+ZdFqeZUImvXP48bNur7j58Bh6qhRY/n8y0V9g6nk2/WF6zSTPVGb2KotXBYhx1kxAXMOuFHMXGmdWvoBjbZG6BoFZfZrY4gMPGuMuy2Vxc/IMUi+HSlNo/lY/Yd00e3nu2nS1tn0OicoeA5X/heEff1aEPqK9rPxBQPKgGqbdKuu6jcfzlTL5e94ij3CpXbrt53SZVgRi1rrlp25jfE5RoO9lLt/FetLC/ahQ3zgZg1RZN+/rcuC+RO+epwqNgR9+BMWfKCRT2zNfy1typ/Xt1O9mz+xMWocwn7zBhMj5sUF7tanYO6De8wm9G6snhWh9WakSD1wOkk4TB5UaqalPeG1Xo0D4XRlfOEGF/IkqFKwP4kaXDj5kwyLu4I2NaR00zlPTLfXE+ubk3tsA+BscgKCN753/Ph6RLMIgmYAWi9VuxwPOJWfNvyEIXHrR2zoWdbveOIayv0VNf6U0dNis1GVj7jl37u9DVI5yRbyqMHSDCOuvwNcfV9RbNbhNWIT24has7AHSmr33B3j+2kMcuuanom9uMagiwt6/uirTL+nMmZsYRv0Fwpw0bc2tcCvLda30uggiOvxPpb12YfaHQgfKH8BZ/TSWNS9eSTeqkT+qp5EsVxlQFmpKAiOOlfqcrsh+YUpdqF0MSINa1RngE91bIR07vA5ZsvxwoaHYjUo9TzgmaxaTJjs/bYgQ43K3/xAHuC8Vt1x4HNbxU8iLguVN/fQZrTt5+Gg96ZGGEi4HK6hREAzctmRDNrlBrg8DSOPPR+SNXDuio/2mAFkeQ+9SbSEaCQ+G7EiDcAH2n8pAVrmQYKQnJIGjqKBkRAELS4n/CXLWYUbsAcG8iFA+MmG99w97FDFZMiwW7e40zA4Zv2e4DcDQLRAPt2iSXh56KWZ2E/xyLHPg+0rY0/rUmhannL5BFDdENZdmDIJ90UAGd41v6/ds/F/IvkiM9Egm+aDoJWjagdaffzb0c1ieIYZAa8UWx3n5UISaf++ZnLRFer7sr6erNUsR4MSqP0PJlzYHJk4u6pr/obcGlVWDrEJaD0VOSLGn15zBEFoajxvbHdUnFuBgbU0lJFShSmVg6IcUpm1rHVMLh6rF9KLELmmN9LtBtkkT31RZDXr9vHAgxxkCIyiNktHmKKFEgyA5WMSgoenstf6KKKpaQqaV4TCKsBsy09vSdZ2dGwfaRIA/F/dSBQSbXs2u4tjrx8G9LMVzdrvyDkFJqTOmOXv7xLf5ahR2ltamum3s/picc3D7xiVFdqyDraKiHpslHJ+2pc8yssD4jmevNr/P90CcCbQ/5lAE5QldZepeqWsw4WsekFIh4biR0oiosuNfVJJnEKx1x7rZ8c7tXsPDTJJ5KJnWDKC2fnNCTkCsyqbGq7B0AcyF2RZWfpzaZKyiPkNbDUCcf3YdkzJVfRriOgVN9raOqieo39j0LSa4zwsUKTMZ4ESkjS/EdWQ9gjx4jubIm++GVUr2ePB4GLQ4UxdZc63xeiB34NlaiI2oliPd8GFfzPt2RF8k8OuAXU+lLO0u+SRhXBUaiL7Qtr/BtuwgB/hREfErhgxROOix30o7pgZGZz0g5hIkNqn/8qtVZIKQFW8CxU6793iyVi5zwBTShfEVb8/ju5+GfO3XM27vJ4pGuau1U6wiQO9niKkqZiK/a/47tIWeGAjCaXJvNgnqQBMjbBAaqHSj24ClhwHJ0u9yriWl6uV2YSr7TnDKZKEs97MWu64Gi761y8/OQkRnXWwe4IaFvG+mvEmwfV2tETVUkpqZW/Yk+EDjuGO63x1Fj1AO4dyooiFMibu52BoNkqfVut3xev/093Kat2rNqwKsqq/iGKqdtegstkeHNZ194D+rVPI97Gq0GA1UqDI9OkjbNAzLmv7/3Qt+QETOOoCWT0SXSWEBMlOXpQst5hL1pyXGCWiPa9U2DNNP59ndfDn/3bwnwlUskk4xWGsSqd6/1wzcm6ZMl3tuW27tyB/CU4jRSZav75zgXgco/tI5A8SuKjRweQz04Oa2Wi9y9AGK0utq5/I+b+5wIRNy0zSj7IdpNgLcD46GHyJ2wvW2w+zgR0r/oQXqV2VZKabqm69soi2SHoO4cHehP8j0f94MotjD9UNtmKas9Agm1fP1asl8IFaKZadTtihBQE1nBXJgbzrYMxUT9avX812vTmpAOD7NkAl7NccCpBnXIa5NYk8u/RQtQazQyD3leE40ymR7tTH3S78YfGPxvujA9h/NVk0hwHqH01/uTnMwy0AEfM6SS68fo/hE04pGcpk/FD2Ktj0yVj5LSqUobX79pKOUHK+rXkRPP5PYBjZ2irlI7VfCGMpjoo7CEK+e8GGWrtuTGFJkeT5UszZYyePU1GD+W2cJxDcUBu35uNIuol6FhIowXuW4FPk5e8j2qfOUs6ihq5B77w1scBORGU/5tl0qILgUzwlBdjfcCyZ+RV7FLEv/SC97Je/NUsUbnyw/FkVXwIExCk6pGQE3zWueQMkdOzXNoMjmUhksF/zfXj9x4VqCpJNvVU38RXVB9/NQDbNEiIFoI+cMadiYiEnDGXCAnJnE3gsKPuAXr0PcsfvJhDUnN9YGfEK5pqTSKDN1OPL4VcfkvGfXeyAnZZYCa7oHiStg/Jh6HvvmCH3jHtg8I1ehWdFWmqrLllAvWFzaVtjyGkx8JHmIQMCOBkjOz6/uC/uF/tcNYzNVAkxHu/tIYGVc3OLrX6j/ZZfZ0s965suFgBQZvy1sIa3Gxnc/bNCxNHOKbEiHU5dWMIn1DzqZoe1oVa056Im+o3lUlccR3IINP33598lvse7/00lss5ltQDrcdxS2XTdpHo4muf74r3nFUKeK2aQRYcm2e+E/ponj2iCNdDlUNjdK8CYp6VUbrXOxqhn05ftUlHwYvYdGpi8VOxiKy7QjNYcFClA+rh/eTwAKMeToOs7N6wT8+H4q+vhIy8li608RM3CgjPDmSl3XeKsDaGOLZY8QGc2Lq0DzsYRnDEP9wwee125pnD3PyJAsFtTgVXOn8LwhE/M3XITwCiE94tRnnoe9S0Kp7FJBPd/z39KmuLSQsb8U4lhcqjtPXaQ7BqnJ6eoH7M8/Bp90t3P+ZDWAlPnw51QwZQwxSKhx3HE5gteRok4wQBuN3k+RmShgMeCBh0A1CbM516hqDOB79K/7EsENqx30GmxC6/oF9DJJFka1cPqbcBWs2OiB7iwpwHVohWzHzz+7YdVv2z3iiFbuJ1mCa8YdNM7APg4A2l+xKas1iEfcLnzw79kUQy5RwjZCIjp9ToxY+nFsY5JZnfHIFHxpc7usY6MB+ocwmJmryoplJ2Fe0U3+I73Eprj81WhTMSC3uvXQFX0mp0oXjxFpwhL07+yL5emWKuItDtwYSZs1lj/T5H1AjC7aCJNW24roIPK9usuEY3DPYtzaGrdQAGVoQtaIgkFG7HDIP9axiet6ji0JCoQ6cBpw3AjD7uk3pRODiRvvPVb+wcehTm6+ACukPbE463r/x/uO7Dz5M+JibzJ7yWIVRvkeZ0MIZY/En3t5UI4T+DWrwro/PDwG6lYl4d2tJi4qClY2H47blLrPDZjMgYbzSDnPw6kNDoTh0ThB49FKNgrAnTAhEN3W8DBtplXC5NlB9OeG+uGo+q8wqmi6VJdZIP/EpkUa+uF2shsYKwgGpIhskTiGKe7AyE5hW569jmRxWSJqKl899c7UkaexwFHSRctefBBq+mK3gMwRKzix9KC+20oQTQ3bmVaGbwAPT/frgBrSjX/90SYcJEjnAnBkYm9Ga+JG98uXVrKaYnR0AU/rU+wsEIgfbIEaSpFROFkobl4piXuGLNSF5DiuL4Ltx4vus55ZyT9dwzKL9CydIlOm0hX6UzHWXSx0Lm4o/zFOo9/mGbI1UJ8rMSvznLASCf6VlooRHhL/ubIy9oxDvAhkw2yZlzlJWZcTN6skORMe1bMjyjNbcIbjGAcFG7kky7A4lGFoNyK+779+xKokhPq8MdayXdiIEy765KRoagwtBEfzVgDEe1JL0KXp01V8ud6jsq+p+lfLH3a6RFkjsj+qHFTb1SHB3aMO68BNL3nQr9BiC108Gmc3BzfP8lcMZ10MkKkG18D61uxGUaVZfa5tUhb5r4/lOcdbr9RgsSU+3N2cPJna3YrDFwLRpNuAb+NWXHw2r8GqmhWHPoasht0QqC8eUONM7Vw2f7lo6k7gN10yoGhSXDQSPotwRnAt7/nlku9MibbcheTBZh6DqSp8QY5ZJT87hxocva8IIlNGmciRqp7R3XW0VO3gLKGEF3SWT6wvhvCI5DI8sFi2KoDhwIUSGRj9DWUAppD0n73YnlcjoNYZDX+ZgDB/751WxtSKXkDgfyLQDZtcYfGKekyB0+4uFY+fpeXt0+rB69imxL7IatiY5Td0t8SrtFqJ5UjDSIhXGPU6bJFkRGu/j7g9d9lr7VOg/y1Y/x8UmtM4bfWaPgcDb2Hx6DK+l7522nmo/qdX7dRVezmjJckzprswCGGLuRmXG9zCk2p/iwMqGbam46MBLQHiY/+AHeD/kF8d5ljcv2XKY6JtBtxmbRQzui7xqBt0TwZ76mczJ5Ai66iLkeDmqnKzoPDwuBoKqqJbZg9yIR0r1oa3pLXHAFD5A1Wi5FsyYrlaotmHzz0Fq6LmOqreIRHEOE36ihPf5OsW9XtJMyWJLjUWX4H4sJcvveVNhpKb2/lhK5xHbhXH2DmjUzSccZVMF27u8v+9Q6P8c7jpHIBM6r/mJjjZltq6uWO/dMi0EOSIKF7cCdmW6xB1kxt+TwNOXciDdbf6HPRo+QKhk2YvGjODXpunYEn3V1Cn5B6rnbFCszGkJD3L7Ep9v4qanFiPb1xBqLH/2wYZ0P2+XdqNv15ZWEXX/KXkmhkHax7dUVQH6D50Mn3lMfb80FzzfOoy0Asosj/WQGBWCBIxJ4Bu+U40BunGHhBj1FZPFXm6jA6+8sRkDtOxVdRWI+Na9tRnC0rcjMnEnySlqgDpSOnjv36ViSyYwVGefyY70YwA68tZEMPcau/RC8IYcx5DJLn2QhzUZ5/mAt/pFlB3Y5p47L8kLdJIypJm5SH/HqJhEwzkLrUm45IIXCPAWiiU8GOoSSm/XwjWvoEx25SxzomMVW+YGqpQh0kAiZVnhlnM/kFdFGlKHBpxUQgkJEM3yldWqbYmut2Xw3t5Lp92LWffVbkfzUxBA/GToOPmJJbibj4wWR5r6vkpnNUGrdfMZGUWWZpV8MMEWDjtwVxtNdNzyFStgZqNcjuj802Gqvh0T9fs1GzAnTeuQaBAPIFX00ISdbkasw7IdeSCU07oWB79GPWPTjCBTAveQgnVFk6j35I2kCRmYnnksJKuQPtfPVzWwHk1R0P1SpNVXn+4wetJYSsAmaGv3cTY1ffQ1x5Eq8kLVr3q7cQGvRpMbC1LJFM+OUHS73HkyLvhFLTS2kNbEzxKyXA7WC7Rpis0VUrImRbukB+uB7DAKQQNoza6AmKSPZ8EoPO4yARvjYVoP/WmmUM+/YeFSBfUpwcbqJKY00R8C//e3</CipherValue>
          </CipherData>
        </EncryptedData>
      </wst:RequestedSecurityToken>
      <wst:RequestedAttachedReference>
        <wsse:SecurityTokenReference>
          <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">uuid-70aec07f-a2e3-40f9-be6e-e7c857c93303</wsse:KeyIdentifier>
        </wsse:SecurityTokenReference>
      </wst:RequestedAttachedReference>
      <wst:RequestedUnattachedReference>
        <wsse:SecurityTokenReference>
          <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">uuid-70aec07f-a2e3-40f9-be6e-e7c857c93303</wsse:KeyIdentifier>
        </wsse:SecurityTokenReference>
      </wst:RequestedUnattachedReference>
      <wst:RequestedProofToken>
        <wst:BinarySecret>bEoLG9yEL/SJide2diPJ+0n6EDW6nmC1</wst:BinarySecret>
      </wst:RequestedProofToken>
    </wst:RequestSecurityTokenResponse>
  </S:Body>
</S:Envelope>

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in coding theory. Bookmark the permalink.