The generic security token login modules are Java Authentication and Authorization Service (JAAS) login modules. These login modules issue, validate, and exchange security tokens using an external Security Token Service (STS).
The generic security token login module for the token generator sends a token request to a WS-Trust service using a WS-Trust client using either an issue or validate request. The returned or validated token is set in the security header of the SOAP message as an authentication token. For more information, see the documentation about the generic security token login modules for the token generator.
The generic security token login module for the token consumer sends the received token in the security header of the SOAP message within a WS-Trust Validate request to a designated WS-Trust service. The request might result in a new token or in a notification that the sent token has been validated successfully. As required, the new or originally validated token is used as the caller token for authorization purposes. For more information, see the documentation about the generic security token login modules for the token consumer.
The following illustration
shows the flow of information through the generic security token login
module process.
A PassTicket is a dynamically generated, one-time use, substitute password. You can use the PassTicket to authenticate to a service rather than sending the actual password.