46.2 Introduction to Token Service Partners and Partner Profiles

The following topics provide an overview about Token Service partners and partner profiles:

• About Token Service Partners

• About Security Token Service Partner Profiles

• Partner Entries

46.2.1 About Token Service Partners

A Token Service partner represents a partner trusted by the Security Token Service.

Table 46-1 describes the partner types.

Table 46-1 Security Token Service Partners

Partner Type	Description
Requester	Represents a Web Service Client interacting directly with Security Token Service in order to issue or validate tokens
Relying Party	References a Web Service Provider that will be the recipient of tokens issued by the Security Token Service server
Issuing Authority	Represents an Assertion issuer. When validating an Assertion, its issuer must be a known Issuing Authority Partner entry in Security Token Service

Table 46-2 describe the Security Token Service that can interact with client types.

Table 46-2 Security Token Service Clients

Client Type	Description
Web Service Client	Modules defined as requester partners in Security Token Service (typically SOAP clients).
End users	End users are not defined as requester partners, but possibly present in the User Identity Store.

46.2.2 About Security Token Service Partner Profiles

A Partner Profile contains configuration properties that are common to a set of partners, and each partner entry is associated to a Partner Profile.

Similar to the partners, there are three types of partner profiles: Requester, and Issuing Authority Partner Profiles.

• Requester Profile

• Relying Party Profile

• Issuing Authority Partner Profile

46.2.2.1 Partner Entries

Security Token Service Partner Entries include Certificates, Reference, and Reference only.

Table 46-3 describes a partner entry:

Table 46-3 Security Token Service Partner Entry

Partner Entry	Description
Certificates	Signing and Encryption Certificates
Reference	Reference to a Partner Profile
Requester only	When the partner is a Requester, the partner entry also contains Username Token credentials, and Identification strings used to map incoming data to a requester.

46.2.2.2 Partner Profile Data

Security Token Service partner profile data includes requester, Relying Party, and Issuing Authority.

Table 46-4 describes a partner profile entry.

Table 46-4 Security Token Service Partner Profile Data

Client Type	Description
Requester	Claims Mappings WS-Trust Validation Templates used to validate tokens present in the OnBehalfOf element
Relying Party	Attributes to be sent to RP Issuance Templates to be used
Issuing Authority	Attribute Name/Value Mapping settings Specific Mapping Actions Rules used to map an incoming token to a partner/user