# Table of contents:
- Introduction
- Client/Request
- Server/Response
- RST.srf
# Introduction
The Passport SOAP (RST) service, or "Passport 3.0" as it's sometimes called, is a HTTP-based authentication system that was introduced with Client Version 7.5.0160.
The protocol itself is based on WS-Trust, however it adds proprietary extensions (the ps and psf namespaces).
It is unclear what the official name of this extended protocol is, but "Passport SOAP" seems likely.
The endpoint is called RST.srf, residing on either the login.passport.net or the login.live.com domain.
Messenger versions from 5.0.0124 until 7.5.0160 use the Passport SSI 1.4 service.
For MSNP18 and above, read the Request Security Token service, version 2 article. (TODO: Write this, and did I get this right?)
# Client/Request
The following sub-headers are XML elements for the client's request.
# soap:EnvelopeThis element has eight attributes:
xmlns:soap: Is always set tohttp://schemas.xmlsoap.org/soap/envelope/.xmlns:wsse: Is always set tohttp://schemas.xmlsoap.org/ws/2003/06/secext.xmlns:saml: Is always set tourn:oasis:names:tc:SAML:1.0:assertion.xmlns:wsp: Is always set tohttp://schemas.xmlsoap.org/ws/2002/12/policy.xmlns:wsu: Is always set tohttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd.xmlns:wsa: Is always set tohttp://schemas.xmlsoap.org/ws/2004/03/addressing.xmlns:wssc: Is always set tohttp://schemas.xmlsoap.org/ws/2004/04/sc.xmlns:wst: Is always seto tohttp://schemas.xmlsoap.org/ws/2004/04/trust.
This element only contains both the <ps:AuthInfo> and <wsse:Security> children.
This element has two attributes:
xmlns:ps: Is always set tohttp://schemas.microsoft.com/Passport/SoapServices/PPCRL.Id: Is always set toPPAuthInfo.
This element has five children:
<ps:HostingApp>: The GUID (with braces) of the client that is authenticating.<ps:BinaryVersion>: A number, usually4, but can be higher, or lowered to3.<ps:UIVersion>: Is always set to1.<ps:Cookies>: This element is always empty.<ps:RequestParams>: A base64-encoded binary structure that seems to be in the format of a 32-bit little endian integer of the amount of parameters, then an 32-bit little endian integer length and character data for the side of the pair, with there being a key side of the pair, and a value side of the pair.
This element only contains the <wsse:UsernameToken> element.
This element has only one attribute:
Id: Is always set touser.
This element has two children:
<wsse:Username>: The XML-encoded user handle of the user authenticating.<wsse:Password>: The XML-encoded password of the user authenticating.
This element only contains the <ps:RequestMultipleSecurityTokens> element.
If there is only one <wst:RequestSecurityToken> element,
it may replace the <ps:RequestMultipleSecurityTokens> element.
This element has two attributes:
xmlns:ps: Is always set tohttp://schemas.microsoft.com/Passport/SoapServices/PPCRL.Id: Is always set toRSTS.
This element contains one or multiple
<wst:RequestSecurityToken> elements.
This element has only one attribute:
Id: Is set toRST#, with#incrementing every use of this element, starting from0.
This element always contains the value http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue.
This element only contains the <wsa:EndpointReference> element.
This element only contains one of two mutually exclusive elements:
<wsa:Address>: By URL or domain name<wsa:ServiceName>: By service name
This element contains the target domain for this security token:
http://Passport.NET/tb: Legacy authentication, One of these is always required (usually asRST0). Does not set a<wsse:PolicyReference>.messengerclear.live.com: The domain used for authenticating to the Messenger Service using the SSO scheme.
Uses a policy challenge defined by the Notification Server (NS), which is usuallyMBI_KEY_OLD.messenger.msn.com: The domain used for authenticating to the Messenger Service using the TWN scheme.
Uses an authentication ticket (?...) defined by the Notification Server (NS), or?id=507if using the SSO scheme to authenticate.contacts.msn.com: Used for the Address Book Service.
Uses an authentication ticket (?...) orMBI(since MSNP15). Required since MSNP13.messengersecure.live.com: A secure version ofmessenger.msn.com, with unknown use. UsesMBI_SSL.spaces.msn.com: The blog service. UsesMBI.spaces.live.com: The blog service. UsesMBI.livecontacts.live.com: The Live Contacts ABI, apparently a simplified version of the Address Book Service.storage.msn.com: The user storage service. UsesMBI_SSL. Required for MSNP15's roaming user content support.
This element contains the target service name for this security token:
p2pslc.messenger.msn.com: The peer-to-peer "slc" service. UsesMBI_X509_CID.
This optional element only exists if the <wsse:PolicyReference> requires it.
This element has two attributes:
ValueType: Usually only seen set tohttp://schemas.microsoft.com/Passport/SoapServices/PPCRL#PKCS10.EncodingType: Usually only seen set towsse:Base64Binary.
This element's value is the binary token, which has only been observed to be a PKCS#10 certificate request
in SHA1-RSA format (1024 bits), with the Common Name (CN) set to MSIDCRL.
This optional element has only one attribute:
URI: The security policy of this security token:MBI_KEY_OLD: Calculate a challenge with the server's<wst:BinarySecret>.MBI_KEY: Unknown, but probably not unlikeMBI_KEY_OLD?MBI: No special parameters.MBI_SSL: No special parameters and encrypted transport only.MBI_X509_CID: Unknown, but based on user certificates. Only used withp2pslc.messenger.msn.com.- (any policy starting with
?): Authenticate using an authentication ticket. Used for the TWN authentication scheme.
# Server/Response
The following sub-headers are XML elements for the server's response.
# soap:EnvelopeThis element has only one attribute:
xmlns:soap: Is always set tohttp://schemas.xmlsoap.org/soap/envelope/.
This element only contains the <psf:pp> element.
This element has only one attribute:
xmlns:psf: Is always set tohttp://schemas.microsoft.com/Passport/SoapServices/SOAPFault.
This element has nine children:
<psf:serverVersion>: Only observed to be1.<psf:PUID>: The user's Passport Unique ID, expressed as a 16-bit capitalized hexadecimal stream.<psf:configVersion>: The configuration version expressed as a quadruplet.<psf:uiVersion>: The user interface version expressed as a quadruplet.<psf:authstate>: This is always0x48803(PPCRL_AUTHSTATE_S_AUTHENTICATED_PASSWORD) for successful authentications.<psf:regstatus>: This is always0x0for successful authentications.<psf:serverInfo>: This element has the server's identification string and the following four attributes:Path: Always set toLive1.RollingUpgradeState: Always set toExclusiveNew.LocVersion: Always set to0.ServerTime: A ISO 8601 timestamp that specifies the time this response was generated.
<psf:cookies>: This element is always empty.<psf:response>: This element is always empty.
This element only contains the <wst:RequestSecurityTokenResponseCollection> element.
This element has six attributes:
xmlns:wst: Is always set tohttp://schemas.xmlsoap.org/ws/2004/04/trust.xmlns:wsse: Is always set tohttp://schemas.xmlsoap.org/ws/2003/06/secext.xmlns:wsu: Is always set tohttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd.xmlns:saml: Is always set tourn:oasis:names:tc:SAML:1.0:assertion.xmlns:wsp: Is always set tohttp://schemas.xmlsoap.org/ws/2002/12/policy.xmlns:psf: Is always set tohttp://schemas.microsoft.com/Passport/SoapServices/SOAPFault.
This element contains one or multiple
<wst:RequestSecurityTokenResponse> elements.
This element has four required children and one optional child:
<wst:TokenType>: The type of security token this<wst:RequestSecurityTokenResponse>is.<wsp:AppliesTo>: Defines what can use this security token.<wst:RequestedSecurityToken>: The security token itself.<wst:RequestedTokenReference>: The reference location of where the security token is stored.<wst:RequestedProofToken>(Optional): The proof token used forurn:passport:legacytokens orMBI_KEY_OLDpolicies.
This element only contains either the value urn:passport:legacy or urn:passport:compact.
This element has only one attribute:
xmlns:wsa: Is always set tohttp://schemas.xmlsoap.org/ws/2004/03/addressing.
This element only contains the <wsa:EndpointReference> element.
This element only contains the <wsa:Address> element.
This element contains the target domain for this security token:
http://Passport.NET/tb: Legacy authentication, One of these is always required (usually asRST0). Does not set a<wsse:PolicyReference>.messengerclear.live.com: The domain used for authenticating to the Messenger Service using the SSO scheme.
Uses a policy challenge defined by the Notification Server (NS), which is usuallyMBI_KEY_OLD.messenger.msn.com: The domain used for authenticating to the Messenger Service using the TWN scheme. Uses an authentication ticket (?...) defined by the Notification Server (NS), or?id=507if using the SSO scheme to authenticate.contacts.msn.com: Used for the Address Book Service.
Uses an authentication ticket (?...) orMBI(since MSNP15). Required since MSNP13.messengersecure.live.com: A secure version ofmessenger.msn.com, with unknown use. UsesMBI_SSL.spaces.msn.com: The blog service. UsesMBI.spaces.live.com: The blog service. UsesMBI.livecontacts.live.com: The Live Contacts ABI, apparently a simplified version of the Address Book Service.storage.msn.com: The user storage service. UsesMBI_SSL. Required for MSNP15's roaming user content support.
This element has two children:
<wsu:Created>: The ISO 8601 timestamp of when this security token was generated.<wsu:Expires>: The ISO 8601 timestamp of when this security token expires.
This element has different children based on the value of the
<wst:TokenType> element.
These elements are only included in <wst:RequestedSecurityToken> if the value of
<wst:TokenType> element is set to urn:passport:legacy.
This element has three attributes:
xmlns: This is alwayshttp://www.w3.org/2001/04/xmlenc#.Id: This is always set toBinaryDAToken#, with the#being incremented every use of the<wst:RequestSecurityTokenResponse>element starting from0.Type: This is always set tohttp://www.w3.org/2001/04/xmlenc#Element.
This empty element has only one attribute:
Algorithm: This is always set tohttp://www.w3.org/2001/04/xmlenc#tripledes-cbc.
This element has only one attribute:
xmlns:ds: This is always set tohttp://www.w3.org/2000/09/xmldsig#.
This element only has one child:
<ds:KeyName>: Only observed to behttp://Passport.NET/STS
This element has only one child:
<CipherValue>: A XML element (with unknown properties and children, likely has a Passport Token somewhere), just 3DES encrypted. (If you know how to decrypt this element, please contact me!)
These elements are only included in <wst:RequestedSecurityToken> if the value of
<wst:TokenType> element is set to urn:passport:compact.
This element has only one attribute:
Id: This is always set toCompact#, with the#being incremented every use of the<wst:RequestSecurityTokenResponse>element starting from0.
This element contains the Passport Compact Token, which consists of an authentication token and profile parameters as a XML-encoded value.
(t=token&p=profile)
This element has two children:
<wsse:KeyIdentifier>: This empty element has only one attribute:ValueType: This is eitherurn:passportorurn:passport:compact.
<wsse:Reference>: This empty element has only one attribute:URI: The URI that has the contents of the security token. Usually refers to the first child of the<wst:RequestedSecurityToken>element via it'sIdattribute, using the#prefix followed by the value of theIdattribute.
This optional element only has one child:
<wst:BinarySecret>: The binary secret for this token
# RST.srf
# Basic Request
Only in MSNP12.
# Client/Request
POST /RST.srf HTTP/1.1
Cache-Control: no-cache
Content-Type: text/xml; charset=utf-8
Content-Length: {data-length}
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wssc="http://schemas.xmlsoap.org/ws/2004/04/sc"
xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust"
>
<soap:Header>
<ps:AuthInfo
xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL"
Id="PPAuthInfo"
>
<ps:HostingApp>{7108E71A-9926-4FCB-BCC9-9A9D3F32E423}</ps:HostingApp>
<ps:BinaryVersion>4</ps:BinaryVersion>
<ps:UIVersion>1</ps:UIVersion>
<ps:Cookies></ps:Cookies>
<ps:RequestParams>AQAAAAIAAABsYwQAAAAyMDU3</ps:RequestParams>
</ps:AuthInfo>
<wsse:Security>
<wsse:UsernameToken
Id="user"
>
<wsse:Username>{user-handle}</wsse:Username>
<wsse:Password>{password}</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<ps:RequestMultipleSecurityTokens
xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL"
Id="RSTS"
>
<wst:RequestSecurityToken
Id="RST0"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://Passport.NET/tb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityToken>
<wst:RequestSecurityToken
Id="RST1"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>messenger.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsse:PolicyReference
URI="?{server-args}"
/>
</wst:RequestSecurityToken>
</ps:RequestMultipleSecurityTokens>
</soap:Body>
</soap:Envelope>
Where data-length is the total size of the XML document with the placeholders changed to their correct values.
Where user-handle is the XML-encoded user handle of the user to authenticate.
Where password is the XML-encoded password of the user to authenticate.
Where server-args is the parameter given to the server's response to the initial USR.
# Server/Response
NOTE: The legacy Passport token has been removed to prevent issues with scrolling.
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: 3557
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
>
<soap:Header>
<psf:pp
xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"
>
<psf:serverVersion>1</psf:serverVersion>
<psf:PUID>0000000100000002</psf:PUID>
<psf:configVersion>3.0.869.0</psf:configVersion>
<psf:uiVersion>3.0.869.0</psf:uiVersion>
<psf:authstate>0x48803</psf:authstate>
<psf:reqstatus>0x0</psf:reqstatus>
<psf:serverInfo
Path="Live1"
RollingUpgradeState="ExclusiveNew"
LocVersion="0"
ServerTime="2024-11-22T14:45:20Z"
>yellows111 2024.11.22.14.45.20</psf:serverInfo>
<psf:cookies/>
<psf:response/>
</psf:pp>
</soap:Header>
<soap:Body>
<wst:RequestSecurityTokenResponseCollection
xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy"
xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"
>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:legacy</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>http://Passport.NET/tb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<EncryptedData
xmlns="http://www.w3.org/2001/04/xmlenc#"
Id="BinaryDAToken0"
Type="http://www.w3.org/2001/04/xmlenc#Element"
>
<EncryptionMethod
algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>
<ds:KeyName>http://Passport.NET/STS</ds:KeyName>
</ds:KeyInfo>
<CipherData>
<CipherValue>[[removed intentionally]]</CipherValue>
</CipherData>
</EncryptedData>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport"
/>
<wsse:Reference
URI="#BinaryDAToken0"
/>
</wst:RequestedTokenReference>
<wst:RequestedProofToken>
<wst:BinarySecret>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</wst:BinarySecret>
</wst:RequestedProofToken>
</wst:RequestSecurityTokenResponse>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:compact</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>messenger.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<wsse:BinarySecurityToken
Id="Compact1"
>t=token&p=profile</wsse:BinarySecurityToken>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport:compact"
/>
<wsse:Reference
URI="#Compact1"
/>
</wst:RequestedTokenReference>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</soap:Body>
</soap:Envelope>
# With contacts.msn.com
# Client/Request
POST /RST.srf HTTP/1.1
Cache-Control: no-cache
Content-Type: text/xml; charset=utf-8
Content-Length: {data-length}
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
>
<soap:Header>
</soap:Header>
<soap:Body>
<ps:RequestMultipleSecurityTokens
xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL"
Id="RSTS"
>
<wst:RequestSecurityToken
Id="RST0"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://Passport.NET/tb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityToken>
<wst:RequestSecurityToken
Id="RST1"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>messenger.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsse:PolicyReference
URI="?{server-args}"
/>
</wst:RequestSecurityToken>
<wst:RequestSecurityToken
Id="RST2"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>contacts.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsse:PolicyReference
URI="MBI"
/>
</wst:RequestSecurityToken>
</ps:RequestMultipleSecurityTokens>
</soap:Body>
</soap:Envelope>
Where data-length is the total size of the XML document with the placeholders changed to their correct values.
Where user-handle is the XML-encoded user handle of the user to authenticate.
Where password is the XML-encoded password of the user to authenticate.
Where server-args is the parameter given to the server's response to the initial USR.
# Server/Response
NOTE: The legacy Passport token has been removed to prevent issues with scrolling.
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: 4382
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
>
<soap:Header>
<psf:pp
xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"
>
<psf:serverVersion>1</psf:serverVersion>
<psf:PUID>0000000100000002</psf:PUID>
<psf:configVersion>3.0.869.0</psf:configVersion>
<psf:uiVersion>3.0.869.0</psf:uiVersion>
<psf:authstate>0x48803</psf:authstate>
<psf:reqstatus>0x0</psf:reqstatus>
<psf:serverInfo
Path="Live1"
RollingUpgradeState="ExclusiveNew"
LocVersion="0"
ServerTime="2024-11-22T14:45:20Z"
>yellows111 2024.11.22.14.45.20</psf:serverInfo>
<psf:cookies/>
<psf:response/>
</psf:pp>
</soap:Header>
<soap:Body>
<wst:RequestSecurityTokenResponseCollection
xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy"
xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"
>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:legacy</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>http://Passport.NET/tb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<EncryptedData
xmlns="http://www.w3.org/2001/04/xmlenc#"
Id="BinaryDAToken0"
Type="http://www.w3.org/2001/04/xmlenc#Element"
>
<EncryptionMethod
algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>
<ds:KeyName>http://Passport.NET/STS</ds:KeyName>
</ds:KeyInfo>
<CipherData>
<CipherValue>[[removed intentionally]]</CipherValue>
</CipherData>
</EncryptedData>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport"
/>
<wsse:Reference
URI="#BinaryDAToken0"
/>
</wst:RequestedTokenReference>
<wst:RequestedProofToken>
<wst:BinarySecret>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</wst:BinarySecret>
</wst:RequestedProofToken>
</wst:RequestSecurityTokenResponse>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:compact</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>messenger.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<wsse:BinarySecurityToken
Id="Compact1"
>t=token&p=profile</wsse:BinarySecurityToken>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport:compact"
/>
<wsse:Reference
URI="#Compact1"
/>
</wst:RequestedTokenReference>
</wst:RequestSecurityTokenResponse>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:compact</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>contacts.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<wsse:BinarySecurityToken
Id="Compact2"
>t=token&p=profile</wsse:BinarySecurityToken>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport:compact"
/>
<wsse:Reference
URI="#Compact2"
/>
</wst:RequestedTokenReference>
</wst:RequestSecurityTokenResponseCollection>
</soap:Body>
</soap:Envelope>
# With MBI_OLD_KEY
Since MSNP15.
# Client/Request
POST /RST.srf HTTP/1.1
Cache-Control: no-cache
Content-Type: text/xml; charset=utf-8
Content-Length: {data-length}
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
>
<soap:Header>
</soap:Header>
<soap:Body>
<ps:RequestMultipleSecurityTokens
xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL"
Id="RSTS"
>
<wst:RequestSecurityToken
Id="RST0"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://Passport.NET/tb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityToken>
<wst:RequestSecuirtyToken
Id="RST1"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>messengerclear.live.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsse:PolicyReference
URI="MBI_KEY_OLD"
/>
</wst:RequestSecurityToken>
<wst:RequestSecurityToken
Id="RST2"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>messenger.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsse:PolicyReference
URI="?id=507"
/>
</wst:RequestSecurityToken>
<wst:RequestSecurityToken
Id="RST3"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>contacts.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsse:PolicyReference
URI="MBI"
/>
</wst:RequestSecurityToken>
</ps:RequestMultipleSecurityTokens>
</soap:Body>
</soap:Envelope>
Where data-length is the total size of the XML document with the placeholders changed to their correct values.
Where user-handle is the XML-encoded user handle of the user to authenticate.
Where password is the XML-encoded password of the user to authenticate.
NOTE: Technically MBI_KEY_OLD is just defined by the server's response to the initial USR.
# Server/Response
NOTE: The legacy Passport token has been removed to prevent issues with scrolling.
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: 5420
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
>
<soap:Header>
<psf:pp
xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"
>
<psf:serverVersion>1</psf:serverVersion>
<psf:PUID>0000000100000002</psf:PUID>
<psf:configVersion>3.0.869.0</psf:configVersion>
<psf:uiVersion>3.0.869.0</psf:uiVersion>
<psf:authstate>0x48803</psf:authstate>
<psf:reqstatus>0x0</psf:reqstatus>
<psf:serverInfo
Path="Live1"
RollingUpgradeState="ExclusiveNew"
LocVersion="0"
ServerTime="2024-11-22T14:45:20Z"
>yellows111 2024.11.22.14.45.20</psf:serverInfo>
<psf:cookies/>
<psf:response/>
</psf:pp>
</soap:Header>
<soap:Body>
<wst:RequestSecurityTokenResponseCollection
xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy"
xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"
>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:legacy</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>http://Passport.NET/tb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<EncryptedData
xmlns="http://www.w3.org/2001/04/xmlenc#"
Id="BinaryDAToken0"
Type="http://www.w3.org/2001/04/xmlenc#Element"
>
<EncryptionMethod
algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>
<ds:KeyName>http://Passport.NET/STS</ds:KeyName>
</ds:KeyInfo>
<CipherData>
<CipherValue>[[removed intentionally]]</CipherValue>
</CipherData>
</EncryptedData>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport"
/>
<wsse:Reference
URI="#BinaryDAToken0"
/>
</wst:RequestedTokenReference>
<wst:RequestedProofToken>
<wst:BinarySecret>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</wst:BinarySecret>
</wst:RequestedProofToken>
</wst:RequestSecurityTokenResponse>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:compact</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>messengerclear.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<wsse:BinarySecurityToken
Id="Compact1"
>t=token&p=</wsse:BinarySecurityToken>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport:compact"
/>
<wsse:Reference
URI="#Compact1"
/>
</wst:RequestedTokenReference>
<wst:RequestedProofToken>
<wst:BinarySecret>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</wst:BinarySecret>
</wst:RequestedProofToken>
</wst:RequestSecurityTokenResponse>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:compact</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>messenger.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<wsse:BinarySecurityToken
Id="Compact2"
>t=token&p=profile</wsse:BinarySecurityToken>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport:compact"
/>
<wsse:Reference
URI="#Compact2"
/>
</wst:RequestedTokenReference>
</wst:RequestSecurityTokenResponse>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:compact</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>contacts.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<wsse:BinarySecurityToken
Id="Compact3"
>t=token&p=profile</wsse:BinarySecurityToken>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport:compact"
/>
<wsse:Reference
URI="#Compact3"
/>
</wst:RequestedTokenReference>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</soap:Body>
</soap:Envelope>
# Server Redirection
If the server you are authenticating to does not support your account type, but knows a server that does, this is used instead.
If you are redirected, you have to send the POST request again to the new server specified in the <psf:redirectUrl> element.
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: 794
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"
>
<soap:Header>
<psf:pp>
<psf:serverVersion>1</psf:serverVersion>
<psf:authstate>0x80048800</psf:authstate>
<psf:reqstatus>0x80048852</psf:reqstatus>
<psf:serverInfo
Path="Live1"
RollingUpgradeState="Unknown"
LocVersion="0"
ServerTime="2024-11-22T14:45:20Z"
>yellows111 2025.04.23.13.13.50</psf:serverInfo>
<psf:cookies/>
<psf:response/>
</psf:pp>
</soap:Header>
<soap:Fault>
<faultcode>psf:Redirect</faultcode>
<psf:redirectUrl>https://example.com/passport/RST.srf</psf:redirectUrl>
<faultstring>Go Somewhere Else</faultstring>
</soap:Fault>
</soap:Envelope>