The configuration options available in this section enable you to
extract various parts of the WS-Trust message and store them in
message attributes for use in subsequent filters.
Extract Token:
Extracts a <RequestedSecurityToken> from the
WS-Trust message and stores it in a message attribute. Select the
expected value of the <TokenType> element in
the <RequestSecurityToken> block. The
default URI is http://schemas.xmlsoap.org/ws/2005/02/sc/sct .
Extract BinaryExchange:
Extracts a <BinaryExchange> token from the
message and stores it in a message attribute. You should select the
ValueType of the token from the drop-down list.
Extract Entropy:
The client can provide its own key material (entropy) that the token
issuer may use when generating the token. The issuer can use this
entropy as the key itself, it can derive another key from this entropy,
or it can choose to ignore the entropy provided by the client altogether
in favor of generating its own entropy.
Extract RequestedProofToken:
Select this option if you want to extract a
<RequestedProofToken> from the WS-Trust
message and store it in a message attribute for later use. You must
select the type of the token (encryptedKey or
computedKey ) from the drop-down list.
Extract CancelTarget:
You can select this option to extract a
<CancelTarget> block from the
WS-Trust message and store it in a message attribute.
Extract RequestedTokenCancelled:
You can select this option to extract a
<RequestedTokenCancelled> block from the
WS-Trust message and store it in a message attribute.
Match Context ID:
Select this option if you wish to correlate the response message from the
STS with a specific request message. The Context
attribute on the RequestSecurityTokenResponse
message is compared to the value of the
ws.trust.context.id message attribute, which contains
the context ID of the current token request.
Extract Lifetime:
Select this option to remove the <Lifetime>
elements from the WS-Trust token.
Extract Authenticator:
Select this option to extract the <Authenticator>
from the WS-Trust token and store it in a message attribute.
|