json response bearing RSTR as access token (with saml assertion within)


{

"token_type":"bearer",

"expires_in":28800,

"scope":"service::urn:federation:MicrosoftOnline::MBI_FED_SSL_C14N",

"access_token":"<wst:RequestSecurityTokenResponse> SEE BELOW </wst:RequestSecurityTokenResponse>",

"refresh_token":"…$",

"user_id":"05061d4609325b60"

}

<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
  <wst:RequestedSecurityToken>
    <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="uuid-0f03c7f5-84b6-4e92-908f-c57bb76885cc" IssueInstant="2013-07-21T20:02:42Z" Issuer="uri:WindowsLiveID" MajorVersion="1" MinorVersion="1">
      <saml:Conditions NotBefore="2013-07-21T20:02:42Z" NotOnOrAfter="2013-07-22T04:02:42Z">
        <saml:AudienceRestrictionCondition>
          <saml:Audience>urn:federation:MicrosoftOnline</saml:Audience>
        </saml:AudienceRestrictionCondition>
      </saml:Conditions>
      <saml:AuthenticationStatement AuthenticationInstant="2013-07-18T23:45:01Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
        <saml:Subject>
          <saml:NameIdentifier Format="http://schemas.xmlsoap.org/claims/UPN>0002010001AB2A39@Live.com"></saml:NameIdentifier>
        </saml:Subject>
      </saml:AuthenticationStatement>
      <saml:AttributeStatement>
        <saml:Subject>
          <saml:NameIdentifier Format="http://schemas.xmlsoap.org/claims/UPN>0002010001AB2A39@Live.com"></saml:NameIdentifier>
        </saml:Subject>
        <saml:Attribute AttributeName="Managed" AttributeNamespace="http://schemas.xmlsoap.org/claims">
          <saml:AttributeValue>TRUE</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute AttributeName="LastName" AttributeNamespace="http://schemas.xmlsoap.org/claims">
          <saml:AttributeValue>Williams</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute AttributeName="Child" AttributeNamespace="http://schemas.xmlsoap.org/claims">
          <saml:AttributeValue>FALSE</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute AttributeName="TOUAccepted" AttributeNamespace="http://schemas.xmlsoap.org/claims">
          <saml:AttributeValue>TRUE</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute AttributeName="CID" AttributeNamespace="http://schemas.xmlsoap.org/claims">
          <saml:AttributeValue>05061d4609325b60</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute AttributeName="EmailAddress" AttributeNamespace="http://schemas.xmlsoap.org/claims">
          <saml:AttributeValue>home_pw@msn.com</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute AttributeName="FirstName" AttributeNamespace="http://schemas.xmlsoap.org/claims">
          <saml:AttributeValue>Peter</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute AttributeName="PUID" AttributeNamespace="http://schemas.xmlsoap.org/claims">
          <saml:AttributeValue>0002010001AB2A39</saml:AttributeValue>
        </saml:Attribute>
      </saml:AttributeStatement>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">></CanonicalizationMethod>
          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1">></SignatureMethod>
          <Reference URI="#uuid-0f03c7f5-84b6-4e92-908f-c57bb76885cc">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature">></Transform>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">></Transform>
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">></DigestMethod>
            <DigestValue>vVeM1t3TCplhPvjGwN1yb213oOU=</DigestValue>
          </Reference>
        </SignedInfo>
        <SignatureValue>2xLj/O4DhZSchZ2ZJKAYLJ6ogxiWXekpb6ozE4nGJ8P4JrNv5PhygppdXU0HNFfYB4Vxn2jeYr+K\u000d\u000aWhp6ivWgjSuum/vpYSKDI5KqozTdST0eDIX4woYLkfyl7/MF3VCZTmgzRezJCdHt923YViDib1i+\u000d\u000addR3iDyLZhavahlDjtI=</SignatureValue>
        <KeyInfo>
          <X509Data>
            <X509SKI>H1D81qx0njcaeJ3fI6gkm6N/jpA=</X509SKI>
          </X509Data>
          <KeyName>Window Live ID</KeyName>
        </KeyInfo>
      </Signature>
    </saml:Assertion>
  </wst:RequestedSecurityToken>
  <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
    <wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
      <wsa:Address>urn:federation:MicrosoftOnline</wsa:Address>
    </wsa:EndpointReference>
  </wsp:AppliesTo>
</wst:RequestSecurityTokenResponse>
Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in coding theory. Bookmark the permalink.