custom-adal 1.0.1

data/spec/fixtures/wstrust/too_many_security_tokens.xml

@@ -0,0 +1,219 @@
+<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
+  xmlns:a="http://www.w3.org/2005/08/addressing"
+  xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+  <s:Header>
+    <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal</a:Action>
+    <o:Security s:mustUnderstand="1"
+      xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+      <u:Timestamp u:Id="_0">
+        <u:Created>2014-10-11T01:57:52.927Z</u:Created>
+        <u:Expires>2014-10-11T02:02:52.927Z</u:Expires>
+      </u:Timestamp>
+    </o:Security>
+  </s:Header>
+  <s:Body>
+    <trust:RequestSecurityTokenResponseCollection
+      xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+      <trust:RequestSecurityTokenResponse>
+        <trust:Lifetime>
+          <wsu:Created
+            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-10-11T01:57:52.802Z</wsu:Created>
+          <wsu:Expires
+            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-10-11T02:57:52.802Z</wsu:Expires>
+        </trust:Lifetime>
+        <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+          <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
+            <wsa:Address>urn:federation:MicrosoftOnline</wsa:Address>
+          </wsa:EndpointReference>
+        </wsp:AppliesTo>
+        <trust:RequestedSecurityToken>
+          <saml:Assertion MajorVersion="1" MinorVersion="1"
+            AssertionID="_3ad77714-87a7-4ec5-b3e8-dfd2ef68a49e" Issuer="urn:federation:MSFT"
+            IssueInstant="2014-10-11T01:57:52.927Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+            <saml:Conditions NotBefore="2014-10-11T01:57:52.802Z"
+              NotOnOrAfter="2014-10-11T02:57:52.802Z">
+              <saml:AudienceRestrictionCondition>
+                <saml:Audience>urn:federation:MicrosoftOnline</saml:Audience>
+              </saml:AudienceRestrictionCondition>
+            </saml:Conditions>
+            <saml:AttributeStatement>
+              <saml:Subject>
+                <saml:NameIdentifier
+                  Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">11111</saml:NameIdentifier>
+                <saml:SubjectConfirmation>
+                  <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer
+                  </saml:ConfirmationMethod>
+                </saml:SubjectConfirmation>
+              </saml:Subject>
+              <saml:Attribute AttributeName="UPN"
+                AttributeNamespace="http://schemas.xmlsoap.org/claims">
+                <saml:AttributeValue>sdfb4@vsfdbs.com</saml:AttributeValue>
+              </saml:Attribute>
+              <saml:Attribute AttributeName="objectGUID"
+                AttributeNamespace="http://tempuri.com">
+                <saml:AttributeValue>sefgbw4w4tbwrtb==
+                </saml:AttributeValue>
+              </saml:Attribute>
+              <saml:Attribute AttributeName="PersonnelNumber"
+                AttributeNamespace="http://schemas.xmlsoap.org/claims">
+                <saml:AttributeValue>11111</saml:AttributeValue>
+              </saml:Attribute>
+              <saml:Attribute AttributeName="ImmutableID"
+                AttributeNamespace="http://schemas.microsoft.com/LiveID/Federation/2008/05">
+                <saml:AttributeValue>11111</saml:AttributeValue>
+              </saml:Attribute>
+              <saml:Attribute AttributeName="insidecorporatenetwork"
+                AttributeNamespace="http://schemas.microsoft.com/ws/2012/01">
+                <saml:AttributeValue>true</saml:AttributeValue>
+              </saml:Attribute>
+              <saml:Attribute AttributeName="psso"
+                AttributeNamespace="http://schemas.microsoft.com/2014/03">
+                <saml:AttributeValue>true</saml:AttributeValue>
+              </saml:Attribute>
+            </saml:AttributeStatement>
+            <saml:AuthenticationStatement
+              AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"
+              AuthenticationInstant="2014-10-11T01:57:52.786Z">
+              <saml:Subject>
+                <saml:NameIdentifier
+                  Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">11111</saml:NameIdentifier>
+                <saml:SubjectConfirmation>
+                  <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer
+                  </saml:ConfirmationMethod>
+                </saml:SubjectConfirmation>
+              </saml:Subject>
+            </saml:AuthenticationStatement>
+            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+              <ds:SignedInfo>
+                <ds:CanonicalizationMethod
+                  Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+                <ds:Reference URI="#_3ad77714-87a7-4ec5-b3e8-dfd2ef68a49e">
+                  <ds:Transforms>
+                    <ds:Transform
+                      Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+                  </ds:Transforms>
+                  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+                  <ds:DigestValue>11112412434fgvwefb24rb=</ds:DigestValue>
+                </ds:Reference>
+              </ds:SignedInfo>
+              <ds:SignatureValue>yc2hltEY1z/0zgEdUKdIo9K8BAauLYCvEM21Jrasdnvkadsjv9834759384utfhwrgEDSDGSDFG34543fFFwdffeeeeCfnoRal7Q1PXtxwsDqg/maesA7/1eYG75Q6/MyB5s+GZqUDK5Sif1XXseTe3hbocz/dMfVIeHKZ/BJ9iKdjI+WhDJspJ282sCu9e31h0CKEEgHwwe3U+0iwtwXrBxJKi9wNrrShez7CW+18jz2bQ+hFxsLYpuXSskOgeB6wza5BR9QjLHjjntqchVZOgZNQzmnULQBXIbPHGvrcKZZ1+05y27505B8T1jOopN6ncdic2b3tt712n/lDbtQCBKOUp5A0ZIP8nupkUE4lvIE0qFiETrWFKbRKgNLzPSS8Fb0ITuq5FPQRNDZkYebVqBvQavd7T8qx9RnhXwJNYBABxZ2NgicCT1QnAhPwyU4vvMaSeCbguAsbO0z6IM9Y6pzLe6eehvzh2/WfIckEExeHvPTEZZWMiA16msBSWLX+NkVMLfVBj8GA2sK7Qj4wnvK6ip+8x5PBl5z3Ra8p7MXsDVnunZcl5LnjBM7Z0puX9vT79xVuJ7+q3jD6GRjiH0XZr4yZXCJk2Ipfq9P4S+8fT50=
+              </ds:SignatureValue>
+              <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+                <X509Data>
+                  <X509Certificate>vwbeiurkjbhvnsfbMMWEFGVWERBwbdfefwbbFowITEfMB0GA1UEAxMWbXNmdC5zdHMubWljcm9zb2Z0LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMsKK87jKV6UdjZWE5gu2lUecEJeBH35aEG89U9fAXqRIbsmkAgnZAqtmD3dw4W0edvOMW0YxLejvHpxrrei4Hc3KOYczFaiJGOxeir6Fymk5cOJ0x3ioJGSCn/X0J0vka6sUijwUlFzaqOyTO5YP23AzSu2a39SUxBCVNqgkGrbjMp4xl1LP6rYrNc1QG/aBGvT0od0oXF4Hy5uiCxqq49Wb+QjCyJ76+1kzkWHTK18r8vOG9GxfWfNeshT9W9XoT9ChgRcxIHt/Y2ZUrOT86ldpakld58gTq1E0l5jho3CZPAnZjnwBhYv9bUgsgwHUU29Ceig/iqdjUDzS50F4pn2pcncoWGmrQP3hOEvJRCs0BWz6+VW/ATV5TGknsLDfq89c5b69haZ3fiDQmU+RZQBIsLEcrRs3Vyld++rmM7OdfZ4CAbo8l3F4ONpHczWfNKhGnor4GH0vC6G5gR3otWCdM6bcrNCYjm4PEVaF0I5+94PvJ2SkaGL4k86u+Ns4OpFLGawC5D3bq0SPMgsUWbXzq4VXq946fewWLV4Jh4mvRkVdsb1egk78rzQdpeqfiq9Ax6W6wRLCIFUiicymITQw/mn646OvwR2mTMc2M+BfW9a35MwfZfyMG/PdZc7nl2Alvuiw1Wk6M3C2xcS8Hpu9unnacXujRr/FbgnaKwnAgMBAAGjdTBzMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATBSBgNVHQEESzBJgBBsOlmxcrgqKZ1x+s8zuEDRoSMwITEfMB0GA1UEAxMWbXNmdC5zdHMubWljcm9zb2Z0LmNvbYIQYvo/wNRpcL5JZi8e/Z4hBzANBgkqhkiG9w0BAQsFAAOCAgEAQbiCZJWFH9zaGaPlT77Jq9bWoH6fqZRrNIDuVXM7h+g7E8Xj5Demi16WrRSTR8Ff1uNV0n5tdbLu4C9rEU4RrZjFOJXGGsQZD85y8Jq3tcZ6RZSU6ie3tzvpl5Yhe0o1xfuUvI43VxJWFzW7LHzHyzoDeFNhSuplWfGkQfdjs9yGLTYflIDVCigXv94Wv949HckiG1+PST9ai9jST6NCkeqElm5zoZHxo+haYIRMma4lL7/AO3uYhey5bKYyIHyWTAZcJBKqO2RrWuOtZWthK/gL0yTeGrGXFQvHbfUwEA/lBdUka/x8m59hzSCS2c0f/GZbrBGq6mOrl4NSrJSck4KJnQDbdYzyP2kIVWwjlYMNbFWXE0e2lxm6T28Znhh0wtqrBDyQIxDFpt/bdw9I5OsXmXvjRYlVXP1gmHebuhL9wA3A9BKUaTNf2BTfvWdYnBwbRq98vB4RSAwWRLjv9bizB9JkmMUSmPS9Z5juPMmkbTpcmn8RUUPLGDpuFYMB0dXpGtG+oJ40wHeYZCvfBU1tuXuB+RTxkPsXzF4WEf6sei0VCgs+ir0mULF9L++Bc0INn9VpZoOpDE9pX7jMn9jkutClaxVOirysvYcOAy092MHo3uR6opH9U9vzWJrQULxPOdT+GVwLJ2ZgSmYC14tsr37vbC8WAD5E1zyfGPU=
+                  </X509Certificate>
+                </X509Data>
+              </KeyInfo>
+            </ds:Signature>
+          </saml:Assertion>
+        </trust:RequestedSecurityToken>
+        <trust:RequestedSecurityToken>
+          <saml:Assertion MajorVersion="1" MinorVersion="1"
+            AssertionID="_3ad77714-87a7-4ec5-b3e8-dfd2ef68a49e" Issuer="urn:federation:MSFT"
+            IssueInstant="2014-10-11T01:57:52.927Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+            <saml:Conditions NotBefore="2014-10-11T01:57:52.802Z"
+              NotOnOrAfter="2014-10-11T02:57:52.802Z">
+              <saml:AudienceRestrictionCondition>
+                <saml:Audience>urn:federation:MicrosoftOnline</saml:Audience>
+              </saml:AudienceRestrictionCondition>
+            </saml:Conditions>
+            <saml:AttributeStatement>
+              <saml:Subject>
+                <saml:NameIdentifier
+                  Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">11111</saml:NameIdentifier>
+                <saml:SubjectConfirmation>
+                  <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer
+                  </saml:ConfirmationMethod>
+                </saml:SubjectConfirmation>
+              </saml:Subject>
+              <saml:Attribute AttributeName="UPN"
+                AttributeNamespace="http://schemas.xmlsoap.org/claims">
+                <saml:AttributeValue>sdfb4@vsfdbs.com</saml:AttributeValue>
+              </saml:Attribute>
+              <saml:Attribute AttributeName="objectGUID"
+                AttributeNamespace="http://tempuri.com">
+                <saml:AttributeValue>sefgbw4w4tbwrtb==
+                </saml:AttributeValue>
+              </saml:Attribute>
+              <saml:Attribute AttributeName="PersonnelNumber"
+                AttributeNamespace="http://schemas.xmlsoap.org/claims">
+                <saml:AttributeValue>11111</saml:AttributeValue>
+              </saml:Attribute>
+              <saml:Attribute AttributeName="ImmutableID"
+                AttributeNamespace="http://schemas.microsoft.com/LiveID/Federation/2008/05">
+                <saml:AttributeValue>11111</saml:AttributeValue>
+              </saml:Attribute>
+              <saml:Attribute AttributeName="insidecorporatenetwork"
+                AttributeNamespace="http://schemas.microsoft.com/ws/2012/01">
+                <saml:AttributeValue>true</saml:AttributeValue>
+              </saml:Attribute>
+              <saml:Attribute AttributeName="psso"
+                AttributeNamespace="http://schemas.microsoft.com/2014/03">
+                <saml:AttributeValue>true</saml:AttributeValue>
+              </saml:Attribute>
+            </saml:AttributeStatement>
+            <saml:AuthenticationStatement
+              AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"
+              AuthenticationInstant="2014-10-11T01:57:52.786Z">
+              <saml:Subject>
+                <saml:NameIdentifier
+                  Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">11111</saml:NameIdentifier>
+                <saml:SubjectConfirmation>
+                  <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer
+                  </saml:ConfirmationMethod>
+                </saml:SubjectConfirmation>
+              </saml:Subject>
+            </saml:AuthenticationStatement>
+            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+              <ds:SignedInfo>
+                <ds:CanonicalizationMethod
+                  Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+                <ds:Reference URI="#_3ad77714-87a7-4ec5-b3e8-dfd2ef68a49e">
+                  <ds:Transforms>
+                    <ds:Transform
+                      Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+                  </ds:Transforms>
+                  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+                  <ds:DigestValue>11112412434fgvwefb24rb=</ds:DigestValue>
+                </ds:Reference>
+              </ds:SignedInfo>
+              <ds:SignatureValue>yc2hltEY1z/0zgEdUKdIo9K8BAauLYCvEM21Jrasdnvkadsjv9834759384utfhwrgEDSDGSDFG34543fFFwdffeeeeCfnoRal7Q1PXtxwsDqg/maesA7/1eYG75Q6/MyB5s+GZqUDK5Sif1XXseTe3hbocz/dMfVIeHKZ/BJ9iKdjI+WhDJspJ282sCu9e31h0CKEEgHwwe3U+0iwtwXrBxJKi9wNrrShez7CW+18jz2bQ+hFxsLYpuXSskOgeB6wza5BR9QjLHjjntqchVZOgZNQzmnULQBXIbPHGvrcKZZ1+05y27505B8T1jOopN6ncdic2b3tt712n/lDbtQCBKOUp5A0ZIP8nupkUE4lvIE0qFiETrWFKbRKgNLzPSS8Fb0ITuq5FPQRNDZkYebVqBvQavd7T8qx9RnhXwJNYBABxZ2NgicCT1QnAhPwyU4vvMaSeCbguAsbO0z6IM9Y6pzLe6eehvzh2/WfIckEExeHvPTEZZWMiA16msBSWLX+NkVMLfVBj8GA2sK7Qj4wnvK6ip+8x5PBl5z3Ra8p7MXsDVnunZcl5LnjBM7Z0puX9vT79xVuJ7+q3jD6GRjiH0XZr4yZXCJk2Ipfq9P4S+8fT50=
+              </ds:SignatureValue>
+              <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+                <X509Data>
+                  <X509Certificate>vwbeiurkjbhvnsfbMMWEFGVWERBwbdfefwbbFowITEfMB0GA1UEAxMWbXNmdC5zdHMubWljcm9zb2Z0LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMsKK87jKV6UdjZWE5gu2lUecEJeBH35aEG89U9fAXqRIbsmkAgnZAqtmD3dw4W0edvOMW0YxLejvHpxrrei4Hc3KOYczFaiJGOxeir6Fymk5cOJ0x3ioJGSCn/X0J0vka6sUijwUlFzaqOyTO5YP23AzSu2a39SUxBCVNqgkGrbjMp4xl1LP6rYrNc1QG/aBGvT0od0oXF4Hy5uiCxqq49Wb+QjCyJ76+1kzkWHTK18r8vOG9GxfWfNeshT9W9XoT9ChgRcxIHt/Y2ZUrOT86ldpakld58gTq1E0l5jho3CZPAnZjnwBhYv9bUgsgwHUU29Ceig/iqdjUDzS50F4pn2pcncoWGmrQP3hOEvJRCs0BWz6+VW/ATV5TGknsLDfq89c5b69haZ3fiDQmU+RZQBIsLEcrRs3Vyld++rmM7OdfZ4CAbo8l3F4ONpHczWfNKhGnor4GH0vC6G5gR3otWCdM6bcrNCYjm4PEVaF0I5+94PvJ2SkaGL4k86u+Ns4OpFLGawC5D3bq0SPMgsUWbXzq4VXq946fewWLV4Jh4mvRkVdsb1egk78rzQdpeqfiq9Ax6W6wRLCIFUiicymITQw/mn646OvwR2mTMc2M+BfW9a35MwfZfyMG/PdZc7nl2Alvuiw1Wk6M3C2xcS8Hpu9unnacXujRr/FbgnaKwnAgMBAAGjdTBzMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATBSBgNVHQEESzBJgBBsOlmxcrgqKZ1x+s8zuEDRoSMwITEfMB0GA1UEAxMWbXNmdC5zdHMubWljcm9zb2Z0LmNvbYIQYvo/wNRpcL5JZi8e/Z4hBzANBgkqhkiG9w0BAQsFAAOCAgEAQbiCZJWFH9zaGaPlT77Jq9bWoH6fqZRrNIDuVXM7h+g7E8Xj5Demi16WrRSTR8Ff1uNV0n5tdbLu4C9rEU4RrZjFOJXGGsQZD85y8Jq3tcZ6RZSU6ie3tzvpl5Yhe0o1xfuUvI43VxJWFzW7LHzHyzoDeFNhSuplWfGkQfdjs9yGLTYflIDVCigXv94Wv949HckiG1+PST9ai9jST6NCkeqElm5zoZHxo+haYIRMma4lL7/AO3uYhey5bKYyIHyWTAZcJBKqO2RrWuOtZWthK/gL0yTeGrGXFQvHbfUwEA/lBdUka/x8m59hzSCS2c0f/GZbrBGq6mOrl4NSrJSck4KJnQDbdYzyP2kIVWwjlYMNbFWXE0e2lxm6T28Znhh0wtqrBDyQIxDFpt/bdw9I5OsXmXvjRYlVXP1gmHebuhL9wA3A9BKUaTNf2BTfvWdYnBwbRq98vB4RSAwWRLjv9bizB9JkmMUSmPS9Z5juPMmkbTpcmn8RUUPLGDpuFYMB0dXpGtG+oJ40wHeYZCvfBU1tuXuB+RTxkPsXzF4WEf6sei0VCgs+ir0mULF9L++Bc0INn9VpZoOpDE9pX7jMn9jkutClaxVOirysvYcOAy092MHo3uR6opH9U9vzWJrQULxPOdT+GVwLJ2ZgSmYC14tsr37vbC8WAD5E1zyfGPU=
+                  </X509Certificate>
+                </X509Data>
+              </KeyInfo>
+            </ds:Signature>
+          </saml:Assertion>
+        </trust:RequestedSecurityToken>
+        <trust:RequestedAttachedReference>
+          <o:SecurityTokenReference
+            k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
+            xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+            xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
+            <o:KeyIdentifier
+              ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_3ad77714-87a7-4ec5-b3e8-dfd2ef68a49e</o:KeyIdentifier>
+          </o:SecurityTokenReference>
+        </trust:RequestedAttachedReference>
+        <trust:RequestedUnattachedReference>
+          <o:SecurityTokenReference
+            k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
+            xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+            xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
+            <o:KeyIdentifier
+              ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_3ad77714-87a7-4ec5-b3e8-dfd2ef68a49e</o:KeyIdentifier>
+          </o:SecurityTokenReference>
+        </trust:RequestedUnattachedReference>
+        <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
+        <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
+        <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
+      </trust:RequestSecurityTokenResponse>
+    </trust:RequestSecurityTokenResponseCollection>
+  </s:Body>
+</s:Envelope>

data/spec/fixtures/wstrust/unrecognized_token_type.xml

@@ -0,0 +1,136 @@
+<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
+  xmlns:a="http://www.w3.org/2005/08/addressing"
+  xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+  <s:Header>
+    <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal</a:Action>
+    <o:Security s:mustUnderstand="1"
+      xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+      <u:Timestamp u:Id="_0">
+        <u:Created>2014-10-11T01:57:52.927Z</u:Created>
+        <u:Expires>2014-10-11T02:02:52.927Z</u:Expires>
+      </u:Timestamp>
+    </o:Security>
+  </s:Header>
+  <s:Body>
+    <trust:RequestSecurityTokenResponseCollection
+      xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+      <trust:RequestSecurityTokenResponse>
+        <trust:Lifetime>
+          <wsu:Created
+            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-10-11T01:57:52.802Z</wsu:Created>
+          <wsu:Expires
+            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-10-11T02:57:52.802Z</wsu:Expires>
+        </trust:Lifetime>
+        <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+          <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
+            <wsa:Address>urn:federation:MicrosoftOnline</wsa:Address>
+          </wsa:EndpointReference>
+        </wsp:AppliesTo>
+        <trust:RequestedSecurityToken>
+          <saml:Assertion MajorVersion="1" MinorVersion="1"
+            AssertionID="_3ad77714-87a7-4ec5-b3e8-dfd2ef68a49e" Issuer="urn:federation:MSFT"
+            IssueInstant="2014-10-11T01:57:52.927Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+            <saml:Conditions NotBefore="2014-10-11T01:57:52.802Z"
+              NotOnOrAfter="2014-10-11T02:57:52.802Z">
+              <saml:AudienceRestrictionCondition>
+                <saml:Audience>urn:federation:MicrosoftOnline</saml:Audience>
+              </saml:AudienceRestrictionCondition>
+            </saml:Conditions>
+            <saml:AttributeStatement>
+              <saml:Subject>
+                <saml:NameIdentifier
+                  Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">11111</saml:NameIdentifier>
+                <saml:SubjectConfirmation>
+                  <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer
+                  </saml:ConfirmationMethod>
+                </saml:SubjectConfirmation>
+              </saml:Subject>
+              <saml:Attribute AttributeName="UPN"
+                AttributeNamespace="http://schemas.xmlsoap.org/claims">
+                <saml:AttributeValue>sdfb4@vsfdbs.com</saml:AttributeValue>
+              </saml:Attribute>
+              <saml:Attribute AttributeName="objectGUID"
+                AttributeNamespace="http://tempuri.com">
+                <saml:AttributeValue>sefgbw4w4tbwrtb==
+                </saml:AttributeValue>
+              </saml:Attribute>
+              <saml:Attribute AttributeName="PersonnelNumber"
+                AttributeNamespace="http://schemas.xmlsoap.org/claims">
+                <saml:AttributeValue>11111</saml:AttributeValue>
+              </saml:Attribute>
+              <saml:Attribute AttributeName="ImmutableID"
+                AttributeNamespace="http://schemas.microsoft.com/LiveID/Federation/2008/05">
+                <saml:AttributeValue>11111</saml:AttributeValue>
+              </saml:Attribute>
+              <saml:Attribute AttributeName="insidecorporatenetwork"
+                AttributeNamespace="http://schemas.microsoft.com/ws/2012/01">
+                <saml:AttributeValue>true</saml:AttributeValue>
+              </saml:Attribute>
+              <saml:Attribute AttributeName="psso"
+                AttributeNamespace="http://schemas.microsoft.com/2014/03">
+                <saml:AttributeValue>true</saml:AttributeValue>
+              </saml:Attribute>
+            </saml:AttributeStatement>
+            <saml:AuthenticationStatement
+              AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"
+              AuthenticationInstant="2014-10-11T01:57:52.786Z">
+              <saml:Subject>
+                <saml:NameIdentifier
+                  Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">11111</saml:NameIdentifier>
+                <saml:SubjectConfirmation>
+                  <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer
+                  </saml:ConfirmationMethod>
+                </saml:SubjectConfirmation>
+              </saml:Subject>
+            </saml:AuthenticationStatement>
+            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+              <ds:SignedInfo>
+                <ds:CanonicalizationMethod
+                  Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+                <ds:Reference URI="#_3ad77714-87a7-4ec5-b3e8-dfd2ef68a49e">
+                  <ds:Transforms>
+                    <ds:Transform
+                      Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+                  </ds:Transforms>
+                  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+                  <ds:DigestValue>11112412434fgvwefb24rb=</ds:DigestValue>
+                </ds:Reference>
+              </ds:SignedInfo>
+              <ds:SignatureValue>yc2hltEY1z/0zgEdUKdIo9K8BAauLYCvEM21Jrasdnvkadsjv9834759384utfhwrgEDSDGSDFG34543fFFwdffeeeeCfnoRal7Q1PXtxwsDqg/maesA7/1eYG75Q6/MyB5s+GZqUDK5Sif1XXseTe3hbocz/dMfVIeHKZ/BJ9iKdjI+WhDJspJ282sCu9e31h0CKEEgHwwe3U+0iwtwXrBxJKi9wNrrShez7CW+18jz2bQ+hFxsLYpuXSskOgeB6wza5BR9QjLHjjntqchVZOgZNQzmnULQBXIbPHGvrcKZZ1+05y27505B8T1jOopN6ncdic2b3tt712n/lDbtQCBKOUp5A0ZIP8nupkUE4lvIE0qFiETrWFKbRKgNLzPSS8Fb0ITuq5FPQRNDZkYebVqBvQavd7T8qx9RnhXwJNYBABxZ2NgicCT1QnAhPwyU4vvMaSeCbguAsbO0z6IM9Y6pzLe6eehvzh2/WfIckEExeHvPTEZZWMiA16msBSWLX+NkVMLfVBj8GA2sK7Qj4wnvK6ip+8x5PBl5z3Ra8p7MXsDVnunZcl5LnjBM7Z0puX9vT79xVuJ7+q3jD6GRjiH0XZr4yZXCJk2Ipfq9P4S+8fT50=
+              </ds:SignatureValue>
+              <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+                <X509Data>
+                  <X509Certificate>vwbeiurkjbhvnsfbMMWEFGVWERBwbdfefwbbFowITEfMB0GA1UEAxMWbXNmdC5zdHMubWljcm9zb2Z0LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMsKK87jKV6UdjZWE5gu2lUecEJeBH35aEG89U9fAXqRIbsmkAgnZAqtmD3dw4W0edvOMW0YxLejvHpxrrei4Hc3KOYczFaiJGOxeir6Fymk5cOJ0x3ioJGSCn/X0J0vka6sUijwUlFzaqOyTO5YP23AzSu2a39SUxBCVNqgkGrbjMp4xl1LP6rYrNc1QG/aBGvT0od0oXF4Hy5uiCxqq49Wb+QjCyJ76+1kzkWHTK18r8vOG9GxfWfNeshT9W9XoT9ChgRcxIHt/Y2ZUrOT86ldpakld58gTq1E0l5jho3CZPAnZjnwBhYv9bUgsgwHUU29Ceig/iqdjUDzS50F4pn2pcncoWGmrQP3hOEvJRCs0BWz6+VW/ATV5TGknsLDfq89c5b69haZ3fiDQmU+RZQBIsLEcrRs3Vyld++rmM7OdfZ4CAbo8l3F4ONpHczWfNKhGnor4GH0vC6G5gR3otWCdM6bcrNCYjm4PEVaF0I5+94PvJ2SkaGL4k86u+Ns4OpFLGawC5D3bq0SPMgsUWbXzq4VXq946fewWLV4Jh4mvRkVdsb1egk78rzQdpeqfiq9Ax6W6wRLCIFUiicymITQw/mn646OvwR2mTMc2M+BfW9a35MwfZfyMG/PdZc7nl2Alvuiw1Wk6M3C2xcS8Hpu9unnacXujRr/FbgnaKwnAgMBAAGjdTBzMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATBSBgNVHQEESzBJgBBsOlmxcrgqKZ1x+s8zuEDRoSMwITEfMB0GA1UEAxMWbXNmdC5zdHMubWljcm9zb2Z0LmNvbYIQYvo/wNRpcL5JZi8e/Z4hBzANBgkqhkiG9w0BAQsFAAOCAgEAQbiCZJWFH9zaGaPlT77Jq9bWoH6fqZRrNIDuVXM7h+g7E8Xj5Demi16WrRSTR8Ff1uNV0n5tdbLu4C9rEU4RrZjFOJXGGsQZD85y8Jq3tcZ6RZSU6ie3tzvpl5Yhe0o1xfuUvI43VxJWFzW7LHzHyzoDeFNhSuplWfGkQfdjs9yGLTYflIDVCigXv94Wv949HckiG1+PST9ai9jST6NCkeqElm5zoZHxo+haYIRMma4lL7/AO3uYhey5bKYyIHyWTAZcJBKqO2RrWuOtZWthK/gL0yTeGrGXFQvHbfUwEA/lBdUka/x8m59hzSCS2c0f/GZbrBGq6mOrl4NSrJSck4KJnQDbdYzyP2kIVWwjlYMNbFWXE0e2lxm6T28Znhh0wtqrBDyQIxDFpt/bdw9I5OsXmXvjRYlVXP1gmHebuhL9wA3A9BKUaTNf2BTfvWdYnBwbRq98vB4RSAwWRLjv9bizB9JkmMUSmPS9Z5juPMmkbTpcmn8RUUPLGDpuFYMB0dXpGtG+oJ40wHeYZCvfBU1tuXuB+RTxkPsXzF4WEf6sei0VCgs+ir0mULF9L++Bc0INn9VpZoOpDE9pX7jMn9jkutClaxVOirysvYcOAy092MHo3uR6opH9U9vzWJrQULxPOdT+GVwLJ2ZgSmYC14tsr37vbC8WAD5E1zyfGPU=
+                  </X509Certificate>
+                </X509Data>
+              </KeyInfo>
+            </ds:Signature>
+          </saml:Assertion>
+        </trust:RequestedSecurityToken>
+        <trust:RequestedAttachedReference>
+          <o:SecurityTokenReference
+            k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
+            xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+            xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
+            <o:KeyIdentifier
+              ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_3ad77714-87a7-4ec5-b3e8-dfd2ef68a49e</o:KeyIdentifier>
+          </o:SecurityTokenReference>
+        </trust:RequestedAttachedReference>
+        <trust:RequestedUnattachedReference>
+          <o:SecurityTokenReference
+            k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
+            xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+            xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
+            <o:KeyIdentifier
+              ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_3ad77714-87a7-4ec5-b3e8-dfd2ef68a49e</o:KeyIdentifier>
+          </o:SecurityTokenReference>
+        </trust:RequestedUnattachedReference>
+        <trust:TokenType>urn:oasis:names:tc:SAML:3.0:assertion</trust:TokenType>
+        <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
+        <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
+      </trust:RequestSecurityTokenResponse>
+    </trust:RequestSecurityTokenResponseCollection>
+  </s:Body>
+</s:Envelope>

data/spec/fixtures/wstrust/wstrust.13.xml

@@ -0,0 +1 @@
+<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal</a:Action><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><u:Timestamp u:Id="_0"><u:Created>2015-07-31T18:52:50.806Z</u:Created><u:Expires>2015-07-31T18:57:50.806Z</u:Expires></u:Timestamp></o:Security></s:Header><s:Body><trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><trust:RequestSecurityTokenResponse><trust:Lifetime><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2015-07-31T18:52:50.806Z</wsu:Created><wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2015-07-31T19:52:50.806Z</wsu:Expires></trust:Lifetime><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>urn:federation:MicrosoftOnline</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><trust:RequestedSecurityToken><saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_57806901-e325-431f-827b-28dc3f81f007" Issuer="http://fs.ajmichael.net/adfs/services/trust" IssueInstant="2015-07-31T18:52:50.806Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2015-07-31T18:52:50.806Z" NotOnOrAfter="2015-07-31T19:52:50.806Z"><saml:AudienceRestrictionCondition><saml:Audience>urn:federation:MicrosoftOnline</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AttributeStatement><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">vtgQONppjEaJq77vvbpJWA==</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:Attribute AttributeName="UPN" AttributeNamespace="http://schemas.xmlsoap.org/claims"><saml:AttributeValue>aaron@ajmichael.net</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="ImmutableID" AttributeNamespace="http://schemas.microsoft.com/LiveID/Federation/2008/05"><saml:AttributeValue>vtgQONppjEaJq77vvbpJWA==</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" AuthenticationInstant="2015-07-31T18:52:50.806Z"><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">vtgQONppjEaJq77vvbpJWA==</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_57806901-e325-431f-827b-28dc3f81f007"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>oF5D0U4UJToa/rNQgaddWjBzEJ0=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>PpNWCDILvv9BX5yAkJDCwIEr6AHh9ltAPyp8nvHuiIaanyAgLi755MNylLBWm2PbW7FlJ4O4izHmMhSELcsh4yGni1FQrqJLuZ7SIcxm/7D8Nh7L+XmhAh9zS2AVStbV8ZOC083ItmnDcOfagcvYBQa69aW37RBNJj67o4sHS0GDb9EAGqP9d/GyYcpCmo3X8AQ8DK9f7KIKQSRXseUQFkAUP9zJ+XS/QGb/ByiXbQCBIGB50R6smdJW9IDG73frUfWkD6kO2v8oLMsXddmMu54Y/CUKzxyVb2Sg4xPWEqExBb4Z/WlV1kDU6lfx6jtPTxNorSEXnFKeLYDuWmgDdQ==</ds:SignatureValue><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIC3DCCAcSgAwIBAgIQZK0UpOPhlpxBNKzZ8XOwRzANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBmcy5ham1pY2hhZWwubmV0MB4XDTE1MDcwMjIxMzYyOVoXDTE2MDcwMTIxMzYyOVowKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gZnMuYWptaWNoYWVsLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyCCmkytGlVsg8H2zUo3zZ8p/2tuq/f1QOw9h9rh3EKaJrX4+Hk60rzjNiwmSfnpqcYDS7MPKTX2UdngV6HZsnEQD5S2vaNTncGIkyvAi6jAUo9fYfuSIZxQyoP6wFqTMYHrHJhjZEuExPNAKEFmR0oozSzCFOZH0oJCr1b1jwb5Fi7M1uN98DPbRQg0CbTdV2EJzj2cnMX7v1aohwUg8rUo3yvexLuvcJSXy4kRWCNRTtVOo57NeE2pECdlCZQOMCnpps7AfaEUkLQL8Jbi8lJyNZ65I19+wKYSb1mx60c2rotgkQIN6v5/WgnXdA3Dok9gbjlqoK9Ew3rzAmr4q8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEACsiXJk+V+rBOJJkaVss8qDqysT2H6PcV6vjWs+fk84edYqhpNz9wimLOa/afQSVgcfMAbs6/CG3STmGRvQ+wDhYsVBzX3hzur741IYQclz9eEJtSrPNG04/zqq2/9LP81reIEksfKhgPho33PYop3cSorO8ogbxm10/bFgi99Lz1tTJkxpGhjxOdrMrZ5gU2r9NfyeL6Z9hmiixHQXruQdQSTeUsOVnx97mLO9fjKbeeeGrI5x8xsVWYDqRlhfXamwaglXu8ptf7frY/+FLoVKSAlGSV+GMw2Q53s4h91o4hPsNxanZD474n2soP3MKqeIyqVtafboooZ85PGh2kvg==</X509Certificate></X509Data></KeyInfo></ds:Signature></saml:Assertion></trust:RequestedSecurityToken><trust:RequestedAttachedReference><o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_57806901-e325-431f-827b-28dc3f81f007</o:KeyIdentifier></o:SecurityTokenReference></trust:RequestedAttachedReference><trust:RequestedUnattachedReference><o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_57806901-e325-431f-827b-28dc3f81f007</o:KeyIdentifier></o:SecurityTokenReference></trust:RequestedUnattachedReference><trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType><trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType><trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType></trust:RequestSecurityTokenResponse></trust:RequestSecurityTokenResponseCollection></s:Body></s:Envelope>

data/spec/fixtures/wstrust/wstrust.2005.xml

@@ -0,0 +1,89 @@
+<?xml version="1.0"?>
+<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+  <s:Header>
+    <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</a:Action>
+    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
+      <u:Timestamp u:Id="_0">
+        <u:Created>2015-07-30T21:08:29.919Z</u:Created>
+        <u:Expires>2015-07-30T21:13:29.919Z</u:Expires>
+      </u:Timestamp>
+    </o:Security>
+  </s:Header>
+  <s:Body>
+    <t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
+      <t:Lifetime>
+        <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2015-07-30T21:08:29.919Z</wsu:Created>
+        <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2015-07-30T22:08:29.919Z</wsu:Expires>
+      </t:Lifetime>
+      <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+        <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
+          <wsa:Address>urn:federation:MicrosoftOnline</wsa:Address>
+        </wsa:EndpointReference>
+      </wsp:AppliesTo>
+      <t:RequestedSecurityToken>
+        <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="1" AssertionID="_ba16587e-5f6c-4c2f-bad6-20767143844f" Issuer="http://fs.ajmichael.net/adfs/services/trust" IssueInstant="2015-07-30T21:08:29.919Z">
+          <saml:Conditions NotBefore="2015-07-30T21:08:29.919Z" NotOnOrAfter="2015-07-30T22:08:29.919Z">
+            <saml:AudienceRestrictionCondition>
+              <saml:Audience>urn:federation:MicrosoftOnline</saml:Audience>
+            </saml:AudienceRestrictionCondition>
+          </saml:Conditions>
+          <saml:AttributeStatement>
+            <saml:Subject>
+              <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">vtgQONppjEaJq77vvbpJWA==</saml:NameIdentifier>
+              <saml:SubjectConfirmation>
+                <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
+              </saml:SubjectConfirmation>
+            </saml:Subject>
+            <saml:Attribute AttributeName="UPN" AttributeNamespace="http://schemas.xmlsoap.org/claims">
+              <saml:AttributeValue>aaron@ajmichael.net</saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute AttributeName="ImmutableID" AttributeNamespace="http://schemas.microsoft.com/LiveID/Federation/2008/05">
+              <saml:AttributeValue>vtgQONppjEaJq77vvbpJWA==</saml:AttributeValue>
+            </saml:Attribute>
+          </saml:AttributeStatement>
+          <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" AuthenticationInstant="2015-07-30T21:08:29.919Z">
+            <saml:Subject>
+              <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">vtgQONppjEaJq77vvbpJWA==</saml:NameIdentifier>
+              <saml:SubjectConfirmation>
+                <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
+              </saml:SubjectConfirmation>
+            </saml:Subject>
+          </saml:AuthenticationStatement>
+          <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:SignedInfo>
+              <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+              <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+              <ds:Reference URI="#_ba16587e-5f6c-4c2f-bad6-20767143844f">
+                <ds:Transforms>
+                  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+                </ds:Transforms>
+                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+                <ds:DigestValue>r4VorpYHSk5ZElNt9BzrIwuwwV4=</ds:DigestValue>
+              </ds:Reference>
+            </ds:SignedInfo>
+            <ds:SignatureValue>cNSoYTNmp7N2vtTNb9VNkhTgvF/aF0hNWzGkw1+7oy5CIxWYu4sDauY1S42TNRZjsd/m7DL5IDG02YdLe2PfUMNiA6k1nxMcP7C2ql2Wrp2cwTRFTmDEHO9TcSaKbX8owvQGmn492qOQ9ziwUgBleomM2aKsp+jtO+AHi4VObOmuxBcahAB5Krw0DLsWxfM1pAYZygaQfnf+QM6k1BwIIIRutPLIRvn0XeBjLynB5JAHc6W7j8ii2rOCKgOVp5b4pnKsm4Y9gcv0jQQILwSVYWxN6p+LkhKCxmXBhiug+VfoH9BsilItfXSoEial4cBP7EC5J9Nxn1twj2HeKohSig==</ds:SignatureValue>
+            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+              <X509Data>
+                <X509Certificate>MIIC3DCCAcSgAwIBAgIQZK0UpOPhlpxBNKzZ8XOwRzANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBmcy5ham1pY2hhZWwubmV0MB4XDTE1MDcwMjIxMzYyOVoXDTE2MDcwMTIxMzYyOVowKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gZnMuYWptaWNoYWVsLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyCCmkytGlVsg8H2zUo3zZ8p/2tuq/f1QOw9h9rh3EKaJrX4+Hk60rzjNiwmSfnpqcYDS7MPKTX2UdngV6HZsnEQD5S2vaNTncGIkyvAi6jAUo9fYfuSIZxQyoP6wFqTMYHrHJhjZEuExPNAKEFmR0oozSzCFOZH0oJCr1b1jwb5Fi7M1uN98DPbRQg0CbTdV2EJzj2cnMX7v1aohwUg8rUo3yvexLuvcJSXy4kRWCNRTtVOo57NeE2pECdlCZQOMCnpps7AfaEUkLQL8Jbi8lJyNZ65I19+wKYSb1mx60c2rotgkQIN6v5/WgnXdA3Dok9gbjlqoK9Ew3rzAmr4q8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEACsiXJk+V+rBOJJkaVss8qDqysT2H6PcV6vjWs+fk84edYqhpNz9wimLOa/afQSVgcfMAbs6/CG3STmGRvQ+wDhYsVBzX3hzur741IYQclz9eEJtSrPNG04/zqq2/9LP81reIEksfKhgPho33PYop3cSorO8ogbxm10/bFgi99Lz1tTJkxpGhjxOdrMrZ5gU2r9NfyeL6Z9hmiixHQXruQdQSTeUsOVnx97mLO9fjKbeeeGrI5x8xsVWYDqRlhfXamwaglXu8ptf7frY/+FLoVKSAlGSV+GMw2Q53s4h91o4hPsNxanZD474n2soP3MKqeIyqVtafboooZ85PGh2kvg==</X509Certificate>
+              </X509Data>
+            </KeyInfo>
+          </ds:Signature>
+        </saml:Assertion>
+      </t:RequestedSecurityToken>
+      <t:RequestedAttachedReference>
+        <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1">
+          <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_ba16587e-5f6c-4c2f-bad6-20767143844f</o:KeyIdentifier>
+        </o:SecurityTokenReference>
+      </t:RequestedAttachedReference>
+      <t:RequestedUnattachedReference>
+        <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1">
+          <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_ba16587e-5f6c-4c2f-bad6-20767143844f</o:KeyIdentifier>
+        </o:SecurityTokenReference>
+      </t:RequestedUnattachedReference>
+      <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
+      <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
+      <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
+    </t:RequestSecurityTokenResponse>
+  </s:Body>
+</s:Envelope>

data/spec/spec_helper.rb

@@ -0,0 +1,53 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require_relative './support/fake_token_endpoint'
+
+require 'simplecov'
+require 'webmock/rspec'
+
+# The coverage tool only considers code after this line.
+SimpleCov.start do
+  add_filter 'spec' # ignore spec files
+end
+
+require 'adal'
+
+# Don't print any logs from ADAL::Logger.
+ADAL::Logging.log_output = File.open(File::NULL, 'w')
+
+# Unit tests do not need network access. Any attempts to access the network
+# will throw exceptions.
+WebMock.disable_net_connect!(allow_localhost: true)
+
+RSpec.configure do |config|
+  config.before(:each) do
+    # Any network requests matching these RegExps will be redirected to the mock
+    # Sinatra servers in $DIR/spec/support. Any network requests that don't
+    # match will attempt to access the network and raise exceptions.
+    stub_request(:post, %r{oauth2/token}).to_rack(FakeTokenEndpoint)
+  end
+
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end

data/spec/support/fake_data.rb

@@ -0,0 +1,40 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+# All of the data that the fake token and authority endpoints support. It is
+# separated into its own module so that it can be used as a mix-in in test
+# classes.
+module FakeData
+  AUTH_CODE = 'auth_code_1'
+  AUTHORITY = 'login.windows.net'
+  ASSERTION = 'header.payload.crypto'
+  CLIENT_ID = 'client_id_1'
+  CLIENT_SECRET = 'client_secret_1'
+  PASSWORD = 'password1'
+  REDIRECT_URI = 'http://redirect1.com'
+  REFRESH_TOKEN = 'refresh_token_1'
+  RETURNED_TOKEN = 'a new token'
+  RESOURCE = 'resource'
+  TENANT = 'TENANT1'
+  USERNAME = 'user1@TENANT1'
+  USER_ASSERTION = 'user_assertion_1'
+end