Web Service Client Communicating with Token Protected Web Service Provider

In this scenario, a web service client situated outside the enterprise tries to access a web service provider hosted inside the enterprise.

This process consists of requesting a token by means of the request-response message pairs of a Request Security Token (RST) and a Request Security Token Response (RSTR). The tokens are included in SOAP messages.

The following diagram illustrates this scenario:

  1. A web service client, which is outside the enterprise, sends its credentials to WS-Trust STS and request for the security token through RST.

  2. WS-Trust STS verifies the client’s credentials and then issues a security token (SAML token) through RSTR.

    The web service client caches the security token and then uses it in multiple requests to the web service provider.

  3. The web service client presents the token to the web service provider.

  4. The web service provider validates the token and sends the response to the web service client.