Validates an existing SAML token.

Method Signature

Validate (token : RequestSecurityTokenType) returns RequestSecurityTokenResponseType


token : RequestSecurityTokenType – Security token request containing a SAML token previously obtained from a vCenter Single Sign-On server. The following RequestSecurityTokenType elements are required for a Validate request; the remaining elements are optional.

  • RequestType – Must specify the URL “”.
  • ValidateTarget – Identifies the SAML token to be validated.
  • Sig attribute (UseKey element) – Specifies a security token that contains an existing certificate key.
  • Context attribute – Required if you include a BinaryExchangeType element for SSPI authentication.

Return Value

RequestSecurityTokenResponseType – Response containing the validated token.


Performs validation of the token and its subject. It includes but is not limited to validations of the following elements:

  • Token signature
  • Token lifetime
  • Token subject
  • Token delegates
  • Group(s) to which the subject belongs