This documentation is for WSO2 Identity Server 5.4.0 . View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The following communication paths are illustrated in the above figure using arrows.

    • The requester
  • may grant
    • provides credentials to STS and grant a security token by sending a RST to the STS or from a third party application.
    • STS validates the client credentials and reply with security token (SAML) to the requester.      
    • The token is then submitted to the relying party(web service) by the requester in order to access its services.
    • The Web service either trusts the issuing security token service or may request a token service to validate the token (or the Web service may validate the token itself).
    • Then STS send the decision to the web service. 
    • If the token is valid then web service allow accessing the protected resource(s).

Requesting tokens

Configuring the Identity Server to request tokens