Quick Test WS-Trust with WSO2 Identity Server

Dehami Koswatte
3 min readApr 15, 2020


As you all know that WSO2 Identity Server uses the STS(Security Toke Service) as an implementation for WS-Trust which is capable of issuing SAML1.1 and 2.0 tokens. This API can be secured with any WS-Security mechanism. So, if you want to test out the UserNameTokenscenario you can use the following client instead of the one located at Identity Server Distribution.

Setting Up

  • If you are using IS versions 5.11.0-m25+ you might want to add the connector.
  • Download the Identity Server Distribution through WSO2 Official Site.
  • Run the server by executing the command ./wso2server.sh in PRODUCT_HOME/bin.
  • Access it through https://localhost:9443/carbon/ and login with admin as the username and password.
  • On the Main tab, click Identity > Identity Providers > Resident.
Click on the highlighted resident tab

You’ll be redirected to the following page:

Resident Identity Provider Page
  • Insert the values localhost, 15 and 2 to the fields Home Realm Identifier, Idle Session Time Out and Remember Me Period.
  • Click on Update.
  • Expand the Inbound Authentication Configuration section, click Security Token Service Configuration > Apply Security Policy.
Expanded Inbound Authentication Configuration
  • Select Yes in the Enable Security? dropdown and select a pre-configured security scenario according to your requirements. For this client, use UsernameToken under the Basic Scenarios section.
Apply Security Policy Page
  • Click Next. The user domain and user group selection appear as follow.
Select Domain and User Groups Page
  • Select ALL-USER-STORE-DOMAINS for Select Domain and admin for User Groups.
  • Click Finish. Click Ok on the confirmation dialog window that appears. Click Update to complete the process.
  • On the Main menu, click Identity > Service Providers > Add.
Click on the highlighted tab in Service Providers
  • Fill in the Service Provider Name and provide a brief Description of the service provider. Only the Service Provider Name is a required field. And click on Register.
Register SP Page
  • Under the Inbound Authentication Configuration section, click WS-Trust Security Token Service Configuration > Configure. The STS Configuration page appears.
Service Provider Inbound Configuration Page
Add Trusted Service Page

Testing Out Scenario

  1. Visit the GitHub repository sample-sts-client.
  2. Clone the repository with the command git clone https://github.com/deshankoswatte/sample-sts-client.git.
  3. Run the command mvn clean install on the root directory.
  4. After that run the client using the command java -cp ws-trust-client/target/ws-trust-client-1.0-SNAPSHOT.jar org.wso2.samples.is.sts.wstrust.client.Client.
  5. You will be able to see both the requests and responses sent clearly.




Dehami Koswatte

Undergraduate at University of Westminster, Former Trainee Software Engineer @wso2