No description or website provided.
JavaScript Objective-C
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
WS-Trust Login.xcodeproj
WS-Trust Login

How it works

It is basically a carefully crafted SOAP envelope with the RequestSecurityToken against an HTTPS endpoint that supports basic auth.

var rst = "<s:Envelope xmlns:s=\"\" xmlns:a=\"\">" +
    "<s:Header>" +
    "<a:Action s:mustUnderstand=\"1\"></a:Action>" +
    "<a:To s:mustUnderstand=\"1\">{0}</a:To>" +
    "</s:Header>" +
    "<s:Body>" +
        "<trust:RequestSecurityToken xmlns:trust=\"\">" +
            "<wsp:AppliesTo xmlns:wsp=\"\">" +
                "<a:EndpointReference>" +
                    "<a:Address>{1}</a:Address>" +
                "</a:EndpointReference>" +
        "</wsp:AppliesTo>" +
        "<trust:KeyType>" + keyType + "</trust:KeyType>" +
        "<trust:RequestType></trust:RequestType>" +
        "</trust:RequestSecurityToken>" +
    "</s:Body>" +

        url: this.stsUrl,
        data: body,
        type: 'POST',
        beforeSend: function(xhr) {
            xhr.setRequestHeader("Authorization", "Basic " + Base64.encode(username + ":" + pass));
            xhr.setRequestHeader("Content-Type", "application/soap+xml; charset=utf-8");
        timeout: 5000,
        dataType: 'xml',
        success: function(data, status){
        error: function(qXHR, textStatus, errorThrown){

This was tested from PhoneGap / XCode against ADFS with the usernamebasictransport endpoint turned on.

IMPORTANT: in order to make external http requests you will have to edit the PhoneGap.plist and include the host name of your STS in the ExternalHosts list.