From a78c6a022378cb3c1fa32b7a6eb9be31697d721e Mon Sep 17 00:00:00 2001
From: Eugenio Pace <eugeniop@auth0.com>
Date: Sat, 29 Aug 2015 10:00:43 -0700
Subject: [PATCH] Added support for ws-trust 1.3 namespace

---
 lib/passport-wsfed-saml2/wsfederation.js |  7 ++++++
 package.json                             |  2 +-
 test/interop.tests.js                    | 31 ++++++++++++++++++++++++
 test/wsfed-result.xml                    | 16 ++++++++++++
 4 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 test/wsfed-result.xml

diff --git a/lib/passport-wsfed-saml2/wsfederation.js b/lib/passport-wsfed-saml2/wsfederation.js
index 1521e3e..54f28ad 100644
--- a/lib/passport-wsfed-saml2/wsfederation.js
+++ b/lib/passport-wsfed-saml2/wsfederation.js
@@ -29,7 +29,14 @@ WsFederation.prototype = {
 
   extractToken: function(req) {
     var doc = new xmldom.DOMParser().parseFromString(req.body['wresult']);
+
+    // //Probe WS-Trust 1.2 namespace (http://schemas.xmlsoap.org/ws/2005/02/trust)
     var token = doc.getElementsByTagNameNS('http://schemas.xmlsoap.org/ws/2005/02/trust', 'RequestedSecurityToken')[0];
+
+    // //Probe WS-Trust 1.3 namespace (http://docs.oasis-open.org/ws-sx/ws-trust/200512) 
+    if(!token){
+      token = doc.getElementsByTagNameNS('http://docs.oasis-open.org/ws-sx/ws-trust/200512', 'RequestedSecurityToken')[0];
+    }
   
     return token && token.firstChild;
   }
diff --git a/package.json b/package.json
index e2cba77..b1339a9 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "passport-wsfed-saml2",
-  "version": "2.0.1",
+  "version": "2.0.2",
   "description": "SAML2 Protocol and WS-Fed library",
   "scripts": {
     "test": "mocha --reporter spec"
diff --git a/test/interop.tests.js b/test/interop.tests.js
index 7429f54..e1643c2 100644
--- a/test/interop.tests.js
+++ b/test/interop.tests.js
@@ -6,6 +6,7 @@ var assert = require('assert'),
     saml11 = require('saml').Saml11,
     SamlPassport = require('../lib/passport-wsfed-saml2/saml').SAML,
     samlp = require('../lib/passport-wsfed-saml2/samlp');
+    wsfed = require('../lib/passport-wsfed-saml2').Strategy;
 
 var request = require('request');
 var server = require('./fixture/samlp-server');
@@ -266,7 +267,37 @@ describe('interop', function () {
     };
   });
 
+  it('should validate an assertion from a WS-Fed STS using WS-Trust 1.3 namespaces', function (done) {
+    
+    var options = {
+      thumbprint: '1756139e2a046d3c494daae6bbfa542a4367bc60',
+      checkExpiration: false,
+      realm: 'http://dev.pms.baxon.net/'
+    };
+
+    var s = new wsfed(options, function(u,done){
+      expect(u['email']).to.equal('fhermida@baxonpe.com');
+      done();
+    });
+
+    s.fail = function(e,code){
+      done(e);
+    };
 
+    s.error = function(e){
+      done(e);   
+    };
+
+    var response = fs.readFileSync(__dirname + '/wsfed-result.xml').toString();
+
+    var req = {
+      body : {
+        wresult: response
+      }
+    };
+
+    s._authenticate_saml(req);
+  });
   // it('should validate a saml response from datapower', function (done) {
   //   var SAMLResponse = '<samlp2:Response xmlns:samlp2="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" ID="SAML-309e11f6-3b9e-4452-9db6-d3cf6cf99d9f" IssueInstant="2013-05-08T21:55:08Z" Destination="http://epolicy.azurewebsites.net/"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">www.axa-equitable.com</saml2:Issuer><samlp2:Status><samlp2:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp2:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="SAML-02cd7eb4-0117-4dee-bee9-31bf076e709e" IssueInstant="2013-05-08T21:55:08Z"><saml2:Issuer>www.axa-equitable.com</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">Christopher.Owen@axa-advisors.com.datastage</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData NotOnOrAfter="2013-05-08T22:55:08Z" Recipient="http://epolicy.azurewebsites.net/"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2013-05-08T21:55:08Z" NotOnOrAfter="2013-05-08T22:55:08Z"/><saml2:AuthnStatement AuthnInstant="2013-05-08T21:55:08Z" SessionNotOnOrAfter="2013-05-08T22:55:08Z"><saml2:SubjectLocality Address="10.74.68.219"/><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement><saml2:Attribute Name="userid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue>3338532</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="firstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue>Christopher</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="lastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue>Owen</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="emailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue>Christopher.Owen@axa-advisors.com.datastage</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#SAML-309e11f6-3b9e-4452-9db6-d3cf6cf99d9f"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>7mSr1qvkKTrrV2bV+HFVJKpKaCI=</DigestValue></Reference></SignedInfo><SignatureValue>BQTRkGg8M/g2LpkgvW3MQG/B0cDxsz0zHa2wejIN2010r+hS4BCj7YcIH319R+Y4oZTmlxmJIT/4wlR9rxHQWxX95jdB1DfeoUMLAlk2JfAT+ByZ14F+N4B7lDILuNUTrDBNa9GLDIo8MyAK8SBUdeyqDtNFqb44/gGg6B0h2qEbDNLHY7WlAxvz4TfndKqk5v/VP96xiCS4d1AjYPvUL8EzR5kS83ABHX0jg2bYxdtctdiKOilcHQOHEIKosWw86b9uDQPjIrSt1JzW8SSSeA6M3nJ7HJ/5EsSYEMvt/FshBnKP2LI4HMGktlzw/9gOnmxR/CQykMmN2vvCwPsnXA==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIFQTCCBCmgAwIBAgIETB7lIzANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMzAxMzExNTM2MjBaFw0xNTAzMzAxOTA2MTJaMIGGMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMS0wKwYDVQQKEyRBWEEgRXF1aXRhYmxlIExpZmUgSW5zdXJhbmNlIENvbXBhbnkxIjAgBgNVBAMTGXJ0aWdpbnQuYXhhLWVxdWl0YWJsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn6cGpvyzVSQ2c1oK7LzuxUXW4sxBOTGLVCqo4FWcta7QAU7RU5i3ATWxyo9HFmD8Qcyj6YuIQYtljJFAx/JcZigtXNRVudtl0uuvCUTGfsR67+gGRWe7hNg/9gIWLXZGkikRT4g9yBqutMzHeuX0ecignFHJxw5S7p1rtxJmuXQR/8uOeAse+48PkZcCHFdzBp6u3Z+pzite12LA2F8C0K5nv9FgkHVEQjqgtgAjKin2QmWqI1gj6mIe0oMxWB4l3j7dsEXVO4zPU1ujIylY0y2QnK4PbNdGu+W1GElwvUhSaz+jmIUFWklJtsFyhFVGcgFRE5iXXmrlnK4GZv3/FAgMBAAGjggGIMIIBhDALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxYy5jcmwwZAYIKwYBBQUHAQEEWDBWMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAvBggrBgEFBQcwAoYjaHR0cDovL2FpYS5lbnRydXN0Lm5ldC8yMDQ4LWwxYy5jZXIwSgYDVR0gBEMwQTA1BgkqhkiG9n0HSwIwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMCQGA1UdEQQdMBuCGXJ0aWdpbnQuYXhhLWVxdWl0YWJsZS5jb20wHwYDVR0jBBgwFoAUHvGriQb4SQ8BM3fuFHruGXyTKE0wHQYDVR0OBBYEFJSL34z5hLkS08mEdEodVmeUrUC5MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAFCpXB2HagR+B4C5XKbtBPNZ3F94zJoFlCb+7/5Q9HWMGew1XiRx7GFhV4FCIsr6Gp9EYFLlVO+afdSMvNC7RauZ6nw7ylK8yRyuvbpJWC+XAfP4nVKroYYFPmKJdkELIBLIwt1Nsr3KsY0JIykokuQR/pWDSNVgo3arsNxXOhvxate0yoloMCUhHh+9b8WRY2JECN6fAEpg54pr5cjTCOCLFEN37M3Hl1+LRYNb6XAKUiL4b5CNkd/qUI5PZsJvGg/AOYRiCPY3iZezs9OT1RCkBrgM1W9rRF/zXCniRV3ASH22AU1jUn0OT1wy9B8PO15liIzw4WuYIdFqCxaIyJE=</X509Certificate><X509IssuerSerial><X509IssuerName>CN=Entrust Certification Authority - L1C, OU="(c) 2009 Entrust, Inc.", OU=www.entrust.net/rpa is incorporated by reference, O="Entrust, Inc.", C=US</X509IssuerName><X509SerialNumber>1277093155</X509SerialNumber></X509IssuerSerial></X509Data></KeyInfo></Signature></samlp2:Response>';
   //   //var SAMLResponse = '<samlp2:Response xmlns:samlp2="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" ID="SAML-309e11f6-3b9e-4452-9db6-d3cf6cf99d9f" IssueInstant="2013-05-08T21:55:08Z" Destination="http://epolicy.azurewebsites.net/"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">www.axa-equitable.com</saml2:Issuer><samlp2:Status><samlp2:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp2:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="SAML-02cd7eb4-0117-4dee-bee9-31bf076e709e" IssueInstant="2013-05-08T21:55:08Z"><saml2:Issuer>www.axa-equitable.com</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">Christopher.Owen@axa-advisors.com.datastage</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData NotOnOrAfter="2013-05-08T22:55:08Z" Recipient="http://epolicy.azurewebsites.net/"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2013-05-08T21:55:08Z" NotOnOrAfter="2013-05-08T22:55:08Z"/><saml2:AuthnStatement AuthnInstant="2013-05-08T21:55:08Z" SessionNotOnOrAfter="2013-05-08T22:55:08Z"><saml2:SubjectLocality Address="10.74.68.219"/><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement><saml2:Attribute Name="userid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue>3338532</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="firstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue>Christopher</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="lastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue>Owen</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="emailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue>Christopher.Owen@axa-advisors.com.datastage</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></samlp2:Response>';
diff --git a/test/wsfed-result.xml b/test/wsfed-result.xml
new file mode 100644
index 0000000..4f383a5
--- /dev/null
+++ b/test/wsfed-result.xml
@@ -0,0 +1,16 @@
+<trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><trust:RequestSecurityTokenResponse Context="rm=0&amp;id=passive&amp;ru=%2fpcmsnet%2fdefault.aspx"><trust:Lifetime><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2015-07-23T15:40:26.113Z</wsu:Created><wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2015-07-23T16:40:26.113Z</wsu:Expires></trust:Lifetime><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><EndpointReference xmlns="http://www.w3.org/2005/08/addressing"><Address>http://dev.pms.baxon.net/</Address></EndpointReference></wsp:AppliesTo><trust:RequestedSecurityToken><saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_b996a6d2-0556-4292-ab63-bcbb183a1eca" Issuer="http://dev.pms.baxon.net/sts/" IssueInstant="2015-07-23T15:40:26.113Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2015-07-23T15:40:26.113Z" NotOnOrAfter="2015-07-23T16:40:26.113Z"><saml:AudienceRestrictionCondition><saml:Audience>http://dev.pms.baxon.net/</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AttributeStatement><saml:Subject><saml:NameIdentifier>1266</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:Attribute AttributeName="name" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml:AttributeValue>admin</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="emailaddress" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml:AttributeValue>fhermida@baxonpe.com</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_b996a6d2-0556-4292-ab63-bcbb183a1eca"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>6SWgcwiTgl1oclmMGiV0p/QQ2hi9irdIbQuPhsvcsHY=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>0Wg17usFmMpPNDlPcyXvP9f6i2kQ3RDRvkebBkrEZkYYfmyj8VUhGrkrYRiyGPZNp8jEkbbt/tujc4lOkYB03rpj3FvUx+v8Y/RZbPyfCjXR9FLdWfXwhkz2HW1+n7vqwNxpuLRZDXmOiT1RgSYoLG9A7EgBqMtRZBXS75+rWZfCGqYk9KN+NoSUJnRepdA3BquQXq2zvPO/NwUtPNhfDiE763Wx7AgS1Ni3WO+Yqc0lFA04LJ4uU1KPVKHaY48nSWRLGMJJIF65qEHLdJXl164W72vAXGkZutFh46diNu7g2U+0SHoz04BewTcLR1HfcMo955O4Y1PZz32bw+TTuQ==</ds:SignatureValue><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIC8DCCAdigAwIBAgIQUwBSjcy73ZVOX5nV9aGv0zANBgkqhkiG9w0BAQUFADAcMRowGAYDVQQDExFkZXYucG1zLmJheG9uLm5ldDAeFw0xMjA5MTgxODEzMjhaFw0xMzA5MTkwMDEzMjhaMBwxGjAYBgNVBAMTEWRldi5wbXMuYmF4b24ubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ldGxCKIA5sIbwsl9WNpF59jVFG7UZvKjPixxNoxnUHKHll5u14XA1eJvZUgPdOSjRTMTnWN9YpMLumC2PWzNg7PKDNMP6uVnFkmdXI+q31b5WjYkuKOyaGdjFEGRMcr+vqSrcnkUWujXL1t3P+RoabN5svduYaQF20GU5I52EOhzzK+ogE6zHHFaHibjiFQ4ww/Ip9cytCzCsfl258RkauJ3xCVCTVji9MpwmX/1Rj8sma54FN+u2MB9i8GcGrN+ZFxoM98WX6GA1/5B3ZCx1BgHz0D3dXhCi4xU7N7yvkYC4TwHkOjLxmkjz2UP/jm28/R0NNO/HdbFPNFtZ66/wIDAQABoy4wLDALBgNVHQ8EBAMCBPAwHQYDVR0OBBYEFPbqbWG48yDRzE3kutclDzPN3pDnMA0GCSqGSIb3DQEBBQUAA4IBAQB6QIauvKs8bzhI5YZHOdqAhINVbA1m4ulJzlLXbPDbwfD5U4ginePbLxPvvP3jfTujaztD7YK9bxdFTFWdvCSX+RV1zK8wvNZSRV4d3F7ZSXZzmipoInUsTh9U+grqdpdcMddKge/6RDubLD92k6aSKLrOyrFj0oJfkqFgXJnPpVqIlfqjjXRtQ90RUJQJh4qssOHC2a/cwgeBsFj2ei8Rq4tFIo5QO8zDtvKz7E3ZBFiclWjhcZ3t8u2M7JSRk/bk0tTiQyFFzzDx7nZvi8qP00l3ynNOmsz2SeHkSAPrDQ4JRee50ULOuPCC5ySZS326gsq/UXz8zQybp6fFGW1B</X509Certificate></X509Data></KeyInfo></ds:Signature></saml:Assertion></trust:RequestedSecurityToken>
+	<trust:RequestedAttachedReference>
+		<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+			<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_b996a6d2-0556-4292-ab63-bcbb183a1eca</o:KeyIdentifier>
+	</o:SecurityTokenReference>
+	</trust:RequestedAttachedReference>
+<trust:RequestedUnattachedReference>
+	<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+		<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_b996a6d2-0556-4292-ab63-bcbb183a1eca</o:KeyIdentifier>
+	</o:SecurityTokenReference>
+</trust:RequestedUnattachedReference>
+<trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
+<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
+<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
+</trust:RequestSecurityTokenResponse>
+</trust:RequestSecurityTokenResponseCollection>