Defines a set of token characteristics requested by the vCenter Single Sign-On client. The vCenter Single Sign-On client specifies this data object in a call to the Issue, Renew, and Validate methods. The vCenter Single Sign-On server may satisfy a request for a particular characteristic or it may use a different value in the issued token. The response to the token request contains the actual token values. See RequestSecurityTokenResponseType.
The vCenter Single Sign-On API supports a subset of the RequestSecurityTokenType elements defined in the WS-Trust specification. The following table shows the supported elements and attributes. An item in the table is defined as an element in the WSDL unless explicitly identified as an attribute.
| Element | Datatype | Description |
|---|---|---|
| Context | string | RequestSecurityToken attribute specifying a URI (Uniform Resource Identifier) that identifies the original request. If you include this in a request, the vCenter Single Sign-On server will include the context identifier in the response. This attribute is required when the request includes a BinaryExchange property. |
| TokenType | string | Identifies the requested token type, specified as a URI (Uniform Resource Identifier). The following list shows the valid token types:
|
| RequestType | string | Identifies the request type, specified as a URI. The RequestType property is required. The following list shows the valid request types:
|
| Lifetime | LifetimeType | Time period during which a token is valid. The vCenter Single Sign-On server can ignore the requested lifetime and assign a different lifetime to the token. The lifetime specifies creation and expiration values. This property is optional – used with Issue and Renew requests. |
| ValidateTarget | Specifies the token to be validated. This property can contain either a reference to the token or it can contain the token itself. The property is required for and used only with the Validate method. | |
| RenewTarget | Specifies the token to be renewed. This property can contain either a reference to the token or it can contain the token itself. This property is required for and used only with the Renew method. | |
| Renewing | RenewingType | Specifies a request for a renewable token. This property is optional. If you do not specify the Renewing property, the vCenter Single Sign-On server will issue a renewable token. This property is optional. |
| DelegateTo | Specifies a security token or token reference for an identity to which the requested token will be delegated. The DelegateTo value must identify a solution. | |
| Delegatable | xs:boolean | Indicates whether the requested token can be delegated to an identity. Use this property together with the DelegateTo property. The default value for the Delegatable property is false. |
| UseKey | UseKeyType | References a token for subject confirmation. Required for Issue, Renew, and Validate methods. |
| KeyType | string | String value corresponding to a KeyTypeOpenEnum value. The value is a URI (Uniform Resource Identifier) that specifies the requested key cryptography type. This property is optional. |
| SignatureAlgorithm | string | Specifies a URI (Uniform Resource Identifier) for an algorithm that produces a digital signature for the token. The following list shows the valid values:
|
| BinaryExchange | BinaryExchangeType | Contains data for challenge negotation between the vCenter Single Sign-On client and vCenter Single Sign-On server. |
| Participants | ParticipantsType | Specifies the identities of participants that are authorized to use the token. |
| AdviceSet | AdviceSetType | List of AdviceType. |
