To the factory method that sets up the API port and its metadata that cooperates with the metadata of a suitable STS (ACS in our case), we add another endpoint – called “Rsa”:
Back on the auto-generated client, we see now two client-side bindings – one of which seems to be capable of talking to the ACS and requesting an asymmetric-token (i.e. a token with RSA-wrapped DES-key that encrypts an RSA public key (now).
So, looking at the wire can we talk to ACS and at least formulate the RST suitable for asymmetric token issuing? We expect to see a more complex SOAP-message bearing the RST – one with a signature in the SOAP header (which we do):-
with corresponding response:
When we look at the proofs actually exchanged, post STS interaction, between client and server, we see an asymmetric signature supporting the assertion’s proof service
Now we need to learn how to do this WITHOUT using the auto-generated clientside proxy.