Wednesday, December 30, 2009

What is a Security Token Service and what does it do?

The term Security Token Service is often bandied around, but clear examples of an STS in action tend to be lacking. Here is a video I've put together of an STS in action, including examples of the WS-Trust RequestSecurityToken / RequestSecurityTokenResponse messages.

The video shows the usage of an STS in conjunction with an XML Gateway (in fact the Vordel XML Gateway includes an STS built-in):



It also shows how SOAPbox can be used to call an STS using the RST/RSTR messages:



And we see the SAML assertions, returned from the STS, embedded into SOAP messages:



Check the video out for yourself at:
http://www.vordel.com/research/Security_Token_Service.html
Posted by Mark O'Neill at 10:08 PM