This documentation is for WSO2 Identity Server 5.4.0 . View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Do the following steps if you are using a Holder of Key subject confirmation method. See Configuring STS for Obtaining Tokens with Holder-Of-Key Subject Confirmation for more information.


The Subject confirmation methods define how a relying party (RP), which is the end service can make sure a particular security token issued by an STS is brought by the legitimate subject. If this is not done, a third party can take the token from the wire and send any request it wants including that token. The RP trusts that illegitimate party.