Defines a set of token characteristics requested by the vCenter Single Sign On client. The vCenter Single Sign On client specifies this data object in a call to the Issue, Renew, and Validate methods. The vCenter Single Sign On Server may satisfy a request for a particular characteristic or it may use a different value in the issued token. The response to the token request contains the actual token values. See RequestSecurityTokenResponseType.The vCenter Single Sign On API supports a subset of the RequestSecurityTokenType elements defined in the WS-Trust specification. The following table shows the supported elements and attributes. An item in the table is defined as an element in the WSDL unless explicitly identified as an attribute.
RequestSecurityToken attribute specifying a URI (Uniform Resource Identifier) that identifies the original request. If you include this in a request, the vCenter Single Sign On Server will include the context identifier in the response. This attribute is required when the request includes a BinaryExchange property. Identifies the requested token type, specified as a URI (Uniform Resource Identifier). The following list shows the valid token types:
■ urn:oasis:names:tc:SAML:2.0:assertion – for issue and renew requests.
■ http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Status – for validation requests. Identifies the request type, specified as a URI. The RequestType property is required. Time period during which a token is valid. The vCenter Single Sign On Server can ignore the requested lifetime and assign a different lifetime to the token. The lifetime specifies creation and expiration values. This property is optional – used with Issue and Renew requests. Specifies the token to be validated. This property can contain either a reference to the token or it can contain the token itself. The property is required for and used only with the Validate method. Specifies the token to be renewed. This property can contain either a reference to the token or it can contain the token itself. This property is required for and used only with the Renew method. Specifies a request for a renewable token. This property is optional. If you do not specify the Renewing property, the vCenter Single Sign On Server will issue a renewable token. This property is optional. Specifies a security token or token reference for an identity to which the requested token will be delegated. The DelegateTo value must identify a solution. Indicates whether the requested token can be delegated to an identity. Use this property together with the DelegateTo property. The default value for the Delegatable property is false. String value corresponding to a KeyTypeOpenEnum value. The value is a URI (Uniform Resource Identifier) that specifies the requested key cryptography type. This property is optional. Specifies a URI (Uniform Resource Identifier) for an algorithm that produces a digital signature for the token. The following list shows the valid values: Contains data for challenge negotation between the vCenter Single Sign On client and vCenter Single Sign On Server. Returned by the Issue method. This type contains a response to the request or the requested token. .
List of token request response objects. The current architecture supports a single token response onlySpecifies the token lifetime. Used in RequestSecurityTokenType and RequestSecurityTokenResponseType.
Creation time of the token. XML date and time, expressed as a standard time value (Gregorian calendar). Time interval during which the token is valid, starting at the created time. The time interval is an absolute value specified in seconds.
Specifies a request for a token for which the lifetime can be extended. This property is optional. The default value is true. Indicates that the vCenter Single Sign On client will accept a token that can be renewed after it has expired. This property is optional. The default value is false. If you specify this property, you must specify a value of false. A token that can be renewed after expiration does not provide adequate security.Specifies a set of enumerated type values that identify the supported types of key cryptography used for security tokens. The values are URIs (Universal Resource Identifiers).
Specifies asymmetric key cryptography using a combination of public and private keys. Use this key type for holder-of-key tokens. Indicates a bearer token, which does not require a key to authenticate the token.
URI (Universal Resource Identifer) that refers to a security token which contains an existing key. If specified, the vCenter Single Sign On Server will use the associated certificate for subject confirmation.
Specifies additional informational attributes to be included in the issued token. The vCenter Single Sign On client can ignore this data. Advice data will be copied to delegate tokens. This type is used in RequestSecurityTokenType.
AdviceType attribute specifying a URI representing the identity that provides the advice Attribute elements. This attribute is required.
AttributeType attribute specifying a URI that is the unique name of the attribute. This attribute is required. AttributeType attribute specifying a human-readable form of the name. This attribute is optional. The AttributeValue structure depends on the following criteria:
■ If the attribute has one or more values, the AttributeType contains one AttributeValue for each value. Empty attribute values are represented by empty AttributeValue elements.
■