imposing a policy on the RST of microsoft Online (and cite passport stuff!)


at https://yorkporc.wordpress.com/2013/07/14/mosdal-logs-of-online-signin-assistant-talking-to-office-servers/ we showed the output from the MOSDAL toolkit as it spied on the interaction of the Windows “online sign-in assistant service” and our STS (and thence using the STS’s output the RST2 STS of Microsoft online).

Here we see our emulation of that process, with all the tokens now on display as they are sent and received from the Microsoft online STS. (We don’t show the obvious interaction with our own STS.)


        // GenericSecurityToken token = ... output of previous STS
        //GetOlidTicket(token.TokenXml.OuterXml, "https://login.microsoftonline.com/RST2.srf");

        private const string soapEnvelopeTemplate =
        @"<s:Envelope xmlns:s=""http://www.w3.org/2003/05/soap-envelope"" xmlns:ps=""http://schemas.microsoft.com/Passport/SoapServices/PPCRL"" xmlns:wsse=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"" xmlns:saml=""urn:oasis:names:tc:SAML:1.0:assertion"" xmlns:wsp=""http://schemas.xmlsoap.org/ws/2004/09/policy"" xmlns:wsu=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"" xmlns:wsa=""http://www.w3.org/2005/08/addressing"" xmlns:wssc=""http://schemas.xmlsoap.org/ws/2005/02/sc"" xmlns:wst=""http://schemas.xmlsoap.org/ws/2005/02/trust"">
            <s:Header>
            <wsa:Action s:mustUnderstand=""1"">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>
            <wsa:To s:mustUnde

rstand=""1"">https://login.microsoftonline.com:443/RST2.srf</wsa:To>
            <wsa:MessageID>1373862536</wsa:MessageID>
            <ps:AuthInfo xmlns:ps=""http://schemas.microsoft.com/Passport/SoapServices/PPCRL"" Id=""PPAuthInfo"">
                <ps:HostingApp>{{12B07E85-1B47-41C4-A4E2-43B0C66A0CF6}}</ps:HostingApp>
                <ps:BinaryVersion>7</ps:BinaryVersion>
                <ps:UIVersion>1</ps:UIVersion>
                <ps:Cookies></ps:Cookies>
                <ps:RequestParams>AQAAAAIAAABsYwQAAAAxMDMz</ps:RequestParams>
            </ps:AuthInfo>
            <wsse:Security>{0}</wsse:Security>
            </s:Header>
            <s:Body>
            <ps:RequestMultipleSecurityTokens xmlns:ps=""http://schemas.microsoft.com/Passport/SoapServices/PPCRL"" Id=""RSTS"">
                <wst:RequestSecurityToken Id=""RST0"">
                <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
                <wsp:AppliesTo>
                    <wsa:EndpointReference>
                    <wsa:Address>http://Passport.NET/tb</wsa:Address>
                    </wsa:EndpointReference>
                </wsp:AppliesTo>
                </wst:RequestSecurityToken>
                <wst:RequestSecurityToken Id=""RST1"">
                <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
                <wsp:AppliesTo>
                    <wsa:EndpointReference>
                    <wsa:Address>https://outlook.office365.com/EWS/Exchange.asmx/WSSecurity</wsa:Address>
                    </wsa:EndpointReference>
                </wsp:AppliesTo>
                <wsp:PolicyReference URI=""MBI_FED_SSL""></wsp:PolicyReference>
                </wst:RequestSecurityToken>
            </ps:RequestMultipleSecurityTokens>
            </s:Body>
        </s:Envelope>";
        #endregion
 
        public string GetOlidTicket(string token, string url)
        { 
            var request = WebRequest.Create(url);
            request.Method = "POST";
            request.ContentType = "application/soap+xml; charset=UTF-8";
            request.Timeout = 10 * 1000;

            string soapEnvelope = string.Format(soapEnvelopeTemplate, token); 
            byte[] bytes = System.Text.Encoding.UTF8.GetBytes(soapEnvelope);
            using (var str = request.GetRequestStream())
            {
                str.Write(bytes, 0, bytes.Length);
                str.Close();
            }
 
            string xml;
            using (var response = request.GetResponse())
            {
                using (var reader = new StreamReader(response.GetResponseStream()))
                    xml = reader.ReadToEnd();
 
                response.Close();
            }
        }
POST https://login.microsoftonline.com/RST2.srf HTTP/1.1
Content-Type: application/soap+xml; charset=UTF-8
Host: login.microsoftonline.com
Content-Length: 8129
Expect: 100-continue

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
  <s:Header>
    <wsa:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>
    <wsa:To s:mustUnderstand="1">https://login.microsoftonline.com:443/RST2.srf</wsa:To>
    <wsa:MessageID>1373862536</wsa:MessageID>
    <ps:AuthInfo xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" Id="PPAuthInfo">
      <ps:HostingApp>{12B07E85-1B47-41C4-A4E2-43B0C66A0CF6}</ps:HostingApp>
      <ps:BinaryVersion>7</ps:BinaryVersion>
      <ps:UIVersion>1</ps:UIVersion>
      <ps:Cookies></ps:Cookies>
      <ps:RequestParams>AQAAAAIAAABsYwQAAAAxMDMz</ps:RequestParams>
    </ps:AuthInfo>
    <wsse:Security>
      <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_78b51a27-baa1-4058-ae05-af480c023016" Issuer="https://ssoportal.rapmlsqa.com/spinitiatedssohandler.aspx/bariazuresso" IssueInstant="2013-07-21T22:45:33.144Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
        <saml:Conditions NotBefore="2013-07-21T22:45:33.144Z" NotOnOrAfter="2013-07-21T23:45:33.144Z">
          <saml:AudienceRestrictionCondition>
            <saml:Audience>urn:federation:MicrosoftOnline</saml:Audience>
          </saml:AudienceRestrictionCondition>
        </saml:Conditions>
        <saml:AttributeStatement>
          <saml:Subject>
            <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">rapstaff2@rapmlsqa.com</saml:NameIdentifier>
            <saml:SubjectConfirmation>
              <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
            </saml:SubjectConfirmation>
          </saml:Subject>
          <saml:Attribute AttributeName="name" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
            <saml:AttributeValue>rapstaff2</saml:AttributeValue>
          </saml:Attribute>

          <saml:Attribute AttributeName="UPN" AttributeNamespace="http://schemas.xmlsoap.org/claims">
            <saml:AttributeValue>rapstaff2@rapmlsqa.com</saml:AttributeValue>
          </saml:Attribute>
          <saml:Attribute AttributeName="ImmutableID" AttributeNamespace="http://schemas.microsoft.com/LiveID/Federation/2008/05">
            <saml:AttributeValue>MWY1ODhkZmEtNTE2YS00NDhlLWVjYWYtYWVjM2M2Yjg1NzAy</saml:AttributeValue>
          </saml:Attribute>
        </saml:AttributeStatement>
        <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" AuthenticationInstant="2013-07-21T22:45:33.144Z">
          <saml:Subject>
            <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">rapstaff2@rapmlsqa.com</saml:NameIdentifier>
            <saml:SubjectConfirmation>
              <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
            </saml:SubjectConfirmation>
          </saml:Subject>
        </saml:AuthenticationStatement>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <ds:Reference URI="#_78b51a27-baa1-4058-ae05-af480c023016">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
              <ds:DigestValue>sd7SRuBw9MzPQ69+12dbHSxFrb4=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>jt2a+t1nwDLkYvddWElldNVHiHO1c2S1QYQ3Fy5E2J1OAnRDOVgKsDREdm8JlR0373mZC1GH00sQGtT/dLn/RCVRpxQgEd/SJEON1+OW8xzf8qLYJzIVsBey92ZfYqtddBrD7OZv+gsMbo+41Fyi/3tAUk4S5A5HC1g8RDmM46s=</ds:SignatureValue>
          <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <X509Data>
              <X509Certificate>MIIBzDCCATmgAwIBAgIQIpJL7HymeY9NR0CfwKQtsTAJBgUrDgMCHQUAMBQxEjAQBgNVBAMTCVNTT0NMSUVOVDAeFw0wODA3MzAyMDExMjdaFw0xMzA3MjkyMDExMjdaMBQxEjAQBgNVBAMTCVNTT0NMSUVOVDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3A1JY1pzrjk4m/P+DLLeoKZCx3YM+bpk+aMioxnYbpZCzHnCPwDsoUkXMIBcMqlnCOk07lwg09A5SX7MHQKbgV6bYOfSZtSzK1XNcXZQVV33VR7c+DTUh0O4lsDQhukOvr3hZxJDj+6Na56AJotBikAjQO0h2byUqDoH+a/12ykCAwEAAaMnMCUwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDgYDVR0PBAcDBQCwAAAAMAkGBSsOAwIdBQADgYEARz+9C6ADu99Vq1bj+zysDlGe/JN6L0AJpsrulUthuHXj/6QKLHNExkf7po5TTlV+qnoE1WoPPLYvsliVEQQQsD9ijHn/FvLP4Be6+t360DGh0RiXJOpEVary08qFWeZvy/BRZwkpV6PVydhRm6o6r3kBlirvgYH/GXFcRcNAzE4=</X509Certificate>
            </X509Data>
          </KeyInfo>
        </ds:Signature>
      </saml:Assertion>
    </wsse:Security>
  </s:Header>
  <s:Body>
    <ps:RequestMultipleSecurityTokens xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" Id="RSTS">
      <wst:RequestSecurityToken Id="RST0">
        <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
        <wsp:AppliesTo>
          <wsa:EndpointReference>
            <wsa:Address>http://Passport.NET/tb</wsa:Address>
          </wsa:EndpointReference>
        </wsp:AppliesTo>
      </wst:RequestSecurityToken>
      <wst:RequestSecurityToken Id="RST1">
        <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
        <wsp:AppliesTo>
          <wsa:EndpointReference>
            <wsa:Address>https://outlook.office365.com/EWS/Exchange.asmx/WSSecurity</wsa:Address>
          </wsa:EndpointReference>
        </wsp:AppliesTo>
        <wsp:PolicyReference URI="MBI_FED_SSL"></wsp:PolicyReference>
      </wst:RequestSecurityToken>
    </ps:RequestMultipleSecurityTokens>
  </s:Body>
</s:Envelope>
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 20490
Content-Type: application/soap+xml; charset=utf-8
Expires: Sun, 21 Jul 2013 22:44:44 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: vv=1500&1374471944; expires=Mon, 05-Aug-2013 05:45:44 GMT;domain=login.microsoftonline.com;path=/;HTTPOnly= ;version=1
PPServer: PPV: 30 H: CO1IDOALGN55 V: 0
Date: Sun, 21 Jul 2013 22:45:44 GMT
Connection: close

<?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa="http://www.w3.org/2005/08/addressing">
  <S:Header>
    <wsa:Action xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Action" S:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</wsa:Action>
    <wsa:To xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="To" S:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
    <wsse:Security S:mustUnderstand="1">
      <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="TS">
        <wsu:Created>2013-07-21T22:45:44Z</wsu:Created>
        <wsu:Expires>2013-07-21T22:50:44Z</wsu:Expires>
      </wsu:Timestamp>
    </wsse:Security>
    <psf:pp xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault">
      <psf:serverVersion>1</psf:serverVersion>
      <psf:PUID>10037FFE8667421E</psf:PUID>
      <psf:configVersion>9.0.16994.0</psf:configVersion>
      <psf:uiVersion>3.100.2179.0</psf:uiVersion>
      <psf:mobileConfigVersion>9.0.16994.0</psf:mobileConfigVersion>
      <psf:authstate>0x48803</psf:authstate>
      <psf:reqstatus>0x0</psf:reqstatus>
      <psf:serverInfo Path="Live1" RollingUpgradeState="PreferNew" LocVersion="0" ServerTime="2013-07-21T22:45:44Z">CO1IDOALGN55 2013.07.02.22.39.51</psf:serverInfo>
      <psf:cookies/>
      <psf:browserCookies>
        <psf:browserCookie Name="MH" URL="http://www.microsoftonline-m.com">MSFT; path=/; domain=.microsoftonline-m.com; expires=Wed, 30-Dec-2037 16:00:00 GMT</psf:browserCookie>
        <psf:browserCookie Name="MHW" URL="http://www.microsoftonline-m.com">; path=/; domain=.microsoftonline-m.com; expires=Thu, 30-Oct-1980 16:00:00 GMT</psf:browserCookie>
        <psf:browserCookie Name="MH" URL="http://www.microsoftonline.com">MSFT; path=/; domain=.microsoftonline.com; expires=Wed, 30-Dec-2037 16:00:00 GMT</psf:browserCookie>
        <psf:browserCookie Name="MHW" URL="http://www.microsoftonline.com">; path=/; domain=.microsoftonline.com; expires=Thu, 30-Oct-1980 16:00:00 GMT</psf:browserCookie>
        <psf:browserCookie Name="MH" URL="http://www.outlook.com">MSFT; path=/; domain=.outlook.com; expires=Wed, 30-Dec-2037 16:00:00 GMT</psf:browserCookie>
        <psf:browserCookie Name="MHW" URL="http://www.outlook.com">; path=/; domain=.outlook.com; expires=Thu, 30-Oct-1980 16:00:00 GMT</psf:browserCookie>
      </psf:browserCookies>
      <psf:credProperties>
        <psf:credProperty Name="MainBrandID">MSFT</psf:credProperty>
        <psf:credProperty Name="BrandIDList"></psf:credProperty>
        <psf:credProperty Name="IsWinLiveUser">true</psf:credProperty>
        <psf:credProperty Name="CID">aebdc3e216ab5031</psf:credProperty>
        <psf:credProperty Name="IsRandomPassword">true</psf:credProperty>
        <psf:credProperty Name="PasswordExpiryDate">-1</psf:credProperty>
        <psf:credProperty Name="PasswordExpiryUrl"></psf:credProperty>
        <psf:credProperty Name="AuthMembername">rapstaff2@rapmlsqa.com</psf:credProperty>
        <psf:credProperty Name="FirstName">rap2</psf:credProperty>
        <psf:credProperty Name="Flags">60104641</psf:credProperty>
        <psf:credProperty Name="IP">12.235.4.253</psf:credProperty>
        <psf:credProperty Name="AssociatedForStrongAuth">0</psf:credProperty>
      </psf:credProperties>
      <psf:extProperties>
        <psf:extProperty Name="LastUsedCredType">3</psf:extProperty>
        <psf:extProperty Name="WebCredType">3</psf:extProperty>
        <psf:extProperty Name="CID">aebdc3e216ab5031</psf:extProperty>
      </psf:extProperties>
      <psf:response/>
    </psf:pp>
  </S:Header>
  <S:Body>
    <wst:RequestSecurityTokenResponseCollection xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault">
      <wst:RequestSecurityTokenResponse>
        <wst:TokenType>urn:passport:legacy</wst:TokenType>
        <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">
          <wsa:EndpointReference>
            <wsa:Address>http://Passport.NET/tb</wsa:Address>
          </wsa:EndpointReference>
        </wsp:AppliesTo>
        <wst:Lifetime>
          <wsu:Created>2013-07-21T22:45:44Z</wsu:Created>
          <wsu:Expires>2013-07-22T22:45:44Z</wsu:Expires>
        </wst:Lifetime>
        <wst:RequestedSecurityToken>
          <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="BinaryDAToken0" Type="http://www.w3.org/2001/04/xmlenc#Element">
            <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"></EncryptionMethod>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
              <ds:KeyName>http://Passport.NET/STS</ds:KeyName>
            </ds:KeyInfo>
            <CipherData>
              <CipherValue>AfcVRo+xhKnV641xYgyNIji2MUuDkbafjhc8nhzsR31/BG4wkPfeZ0Qfe9CNqBNbUdUvoR0n0gGkXRXOagt09K7tybT0OLx41d8RwbpiW7PYDGrd0luGi76KJBRiLBYaevV0l7Zf1OcuNrdeg76QafvcW6nj0eYudmzzVX1cRWuX+IZ1Wdc9VyUs64Q8lXA6ra3bDLVfWz3xx4PCQ6SsNR/F8mZKocyIL4SZO48zlPgpJjrn6d3RpinxOSKFrT4CwjfLIOXZzTl4eFhxxcp0mK+HpQeCsjnO/s/dSFrKi5+5FZA/t+eg9Jr1nwa20KOR3S244+qQwHJWc6NCfMFGXgO3mNoVDunHxc+Z99CIT5BXLTFb3yy1nQiFRuFAHgwuX/lyO3WwO2f3UBOF+yV5QUUk+W9DlvGV24Dx1t4n1uRUttGRNjsFAh0aPkH3zkKOQ5gBeJXjiQiCS3Q+qDUJpZrl9Dq68MRbwR09YsWb9SfQNdAJNGywZtFKXDuCwg9aSa9XgnefsS+yVRZZOr1iLf959Uv+XWoryWKV8sA=</CipherValue>
            </CipherData>
          </EncryptedData>
        </wst:RequestedSecurityToken>
        <wst:RequestedAttachedReference>
          <wsse:SecurityTokenReference>
            <wsse:Reference URI="2jmj7l5rSw0yVb/vlWAYkK/YBwk="></wsse:Reference>
          </wsse:SecurityTokenReference>
        </wst:RequestedAttachedReference>
        <wst:RequestedUnattachedReference>
          <wsse:SecurityTokenReference>
            <wsse:Reference URI="2jmj7l5rSw0yVb/vlWAYkK/YBwk="></wsse:Reference>
          </wsse:SecurityTokenReference>
        </wst:RequestedUnattachedReference>
        <wst:RequestedProofToken>
          <wst:BinarySecret>8zs4spkypCBnpOe5sfXXn95IexviQ2pj</wst:BinarySecret>
        </wst:RequestedProofToken>
      </wst:RequestSecurityTokenResponse>
      <wst:RequestSecurityTokenResponse>
        <wst:TokenType>urn:oasis:names:tc:SAML:1.0</wst:TokenType>
        <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">
          <wsa:EndpointReference>
            <wsa:Address>https://outlook.office365.com/EWS/Exchange.asmx/WSSecurity</wsa:Address>
          </wsa:EndpointReference>
        </wsp:AppliesTo>
        <wst:Lifetime>
          <wsu:Created>2013-07-21T22:45:44Z</wsu:Created>
          <wsu:Expires>2013-07-22T06:45:44Z</wsu:Expires>
        </wst:Lifetime>
        <wst:RequestedSecurityToken>
          <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="Assertion1" Type="http://www.w3.org/2001/04/xmlenc#Element">
            <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"></EncryptionMethod>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
              <EncryptedKey>
                <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"></EncryptionMethod>
                <ds:KeyInfo Id="keyinfo">
                  <wsse:SecurityTokenReference>
                    <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">Jd5bsV6UjLPeNTrmnIrqm6Jn2Ps=</wsse:KeyIdentifier>
                  </wsse:SecurityTokenReference>
                </ds:KeyInfo>
                <CipherData>
                  <CipherValue>...mDSkh2kAyUSPmutKYpGsXrsk1d1tfiQ==</CipherValue>
                </CipherData>
              </EncryptedKey>
            </ds:KeyInfo>
            <CipherData>
              <CipherValue>hXcfgjkyjVZeIs1PKt7uIKIBlf6FV5XERBEAzrqz/SzL3YnoqXtOZAMrd2emMcVxXKhIvSxP9ZtRvyV/o9wEpvafVlu5xjq3MMG2RSroijyBflG6SU...jBb9ONwmuhIwN0/4FplrJ2M8WD/rnb0uL68/k2oF79AMxcSyDboE00TZmWu9469DVDu++abdR5wyJTGh78fnqei8WzDYFlg+uilp/+JrOI1kPHCNS63ep0vumEPRk8gVZ7Uau9/+fcH43KiiikCRFIG3qW0kQ==</CipherValue>
            </CipherData>
          </EncryptedData>
        </wst:RequestedSecurityToken>
        <wst:RequestedAttachedReference>
          <wsse:SecurityTokenReference>
            <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">uuid-298c15c4-ef82-4d1f-afc2-5416beab7137</wsse:KeyIdentifier>
          </wsse:SecurityTokenReference>
        </wst:RequestedAttachedReference>
        <wst:RequestedUnattachedReference>
          <wsse:SecurityTokenReference>
            <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">uuid-298c15c4-ef82-4d1f-afc2-5416beab7137</wsse:KeyIdentifier>
          </wsse:SecurityTokenReference>
        </wst:RequestedUnattachedReference>
        <wst:RequestedProofToken>
          <wst:BinarySecret>ax/CI2OCylP5DiCJ7etjtHhdj3ch0qLP</wst:BinarySecret>
        </wst:RequestedProofToken>
      </wst:RequestSecurityTokenResponse>
    </wst:RequestSecurityTokenResponseCollection>
  </S:Body>
</S:Envelope>

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in coding theory. Bookmark the permalink.

One Response to imposing a policy on the RST of microsoft Online (and cite passport stuff!)

  1. Pingback: getting cookies for multiple calls to a token-based Exchange Online API requests | Peter's ruminations

Comments are closed.