The following communication paths are illustrated in the above figure using arrows.
- The requester
- provides credentials to STS and grant a security token by sending a RST to the STS or from a third party application.
- STS validates the client credentials and reply with security token (SAML) to the requester.
- The token is then submitted to the relying party(web service) by the requester in order to access its services.
- The Web service either trusts the issuing security token service or may request a token service to validate the token (or the Web service may validate the token itself).
- Then STS send the decision to the web service.
- If the token is valid then web service allow accessing the protected resource(s).
Configuring the Identity Server to request tokens
You can run the STS client without setting the relying party in IS in order to grant a security token. It is not necessary to have a relying party to grant the security token from the STS.
- Navigate to
The client code is written to send RSTs to a given endpoint defined in the the
- The following is the service URL of the STS if you have started the IS on default port:
Without changing other any of the properties you can safely run the client via the shell script located at that is inside the
<IS_SAMPLES>/modules/samples/sts/sts-clientfolder via the following command directory.
It prints the received SAML assertion on the terminal. You can also can view the RST and RSTR on the the SOAP tracer of of the Management Console in the Identity Server.
The SAML 2.0 tokens that are received by the Identity Server can eventually expire according to the following attribute specification. This section defines how to renew the received bearer type SAML 2.0 token using the WSO2 Identity Server’s resident token service.
This section defines how to renew the received bearer type SAML 2.0 token using the WSO2 Identity Server’s resident token service.
After the security token service is configured(refer Configuring the Identity Server to request tokens) you can follow the below steps to run the STS client as as the token renewer.
Running the client