是否有WSO2 Is服务来验证wso2car-sts生成的SAML令牌？

Question

我参考了下面的链接，以从SOAP生成SAML令牌。但是在is中没有公开的服务来验证SAML令牌。http://charithaka.blogspot.ae/2013/07/broker-trust-relationships-with-wso2.html

SOAP请求中的SAML示例请求

{Service.url}/services/wso2car-sts

{Service.url}/services/wso2carbon-sts.wso2carbon-stsHttpsSoap12Endpoint/

<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
   <soapenv:Header xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="true">
         <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
            <wsu:Created>2014-12-17T11:59:30.226Z</wsu:Created>
            <wsu:Expires>2014-12-17T11:59:30.226Z</wsu:Expires>
         </wsu:Timestamp>
         <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
            <wsse:Username>admin</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password>
         </wsse:UsernameToken>
      </wsse:Security>
      <wsa:To>https://localhost:9443/services/wso2carbon-sts</wsa:To>
      <wsa:ReplyTo>
         <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
      </wsa:ReplyTo>
      <wsa:MessageID>urn:uuid:258de3bc-c053-4b41-93d5-5d292a896b3a</wsa:MessageID>
      <wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>
   </soapenv:Header>
   <soapenv:Body>
      <wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
         <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
         <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
         <wst:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/Bearer</wst:KeyType>
         <wst:Claims xmlns:wsp="http://schemas.xmlsoap.org/ws/2005/02/trust" wsp:Dialect="http://wso2.org/claims">
            <wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/emailaddress"></wsid:ClaimType>
            <wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/givenname"></wsid:ClaimType>
         </wst:Claims>
      </wst:RequestSecurityToken>
   </soapenv:Body>
</soapenv:Envelope>

还使用了来自https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/products/is/5.0.0/modules/samples/sts/sts-client的sts客户端

在WSO2中给出的验证令牌是-> Tools -> Validate请求，在提供生成的RSTR(响应安全令牌请求)时，它似乎不适用于手头的用例。

sts客户端和上面提供的链接之间有什么区别吗？寻找通过SOAP服务(SOAP)验证SAML令牌的方法？

Answer 1

WSO2IS 5.0.0提供的示例客户端将调用使用sts保护的服务(echo)。因此，它在访问服务之前在内部验证sts令牌，但在那里它没有提供单独的API来验证令牌。

在WSO2 IS -> Tools中，->验证SAML请求，它只验证SAML注销请求和登录请求，而不仅仅是SAML断言。

但是在is5.1.0中(从下一个版本开始)wso2car-stsapi将提供验证服务。