# Table of contents:
- Introduction
- Client/Request
- wst:RequestSecurityToken
- Server/Response
- wst:RequestSecurityTokenResponse
- RST.srf
# Introduction
The Passport Request Security Token (RST) service, or "Passport 3.0" as it's sometimes called, is a HTTP-based authentication system that was introduced with MSNP12.
The endpoint is called RST.srf, residing on either the login.passport.net or the login.live.com domain.
For MSNP8 to MSNP11, read the Passport 1.4 article.
For MSNP18 and above, read the Request Security Token service, version 2 article. (TODO: Write this, and did I get this right?)
# Client/Request
The following sub-headers are XML elements for the client's request.
# soap:Envelope
This element has eight attributes:
xmlns:soap: Is always set tohttp://schemas.xmlsoap.org/soap/envelope/.xmlns:wsse: Is always set tohttp://schemas.xmlsoap.org/ws/2003/06/secext.xmlns:saml: Is always set tourn:oasis:names:tc:SAML:1.0:assertion.xmlns:wsp: Is always set tohttp://schemas.xmlsoap.org/ws/2002/12/policy.xmlns:wsu: Is always set tohttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd.xmlns:wsa: Is always set tohttp://schemas.xmlsoap.org/ws/2004/03/addressing.xmlns:wssc: Is always set tohttp://schemas.xmlsoap.org/ws/2004/04/sc.xmlns:wst: Is always seto tohttp://schemas.xmlsoap.org/ws/2004/04/trust.
# soap:Header
This element only contains both the <ps:AuthInfo> and <wsse:Security> children.
# ps:AuthInfo
This element has two attributes:
xmlns:ps: Is always set tohttp://schemas.microsoft.com/Passport/SoapServices/PPCRL.Id: Is always set toPPAuthInfo.
This element has five children:
<ps:HostingApp>: The GUID (with braces) of the client that is authenticating.<ps:BinaryVersion>: A number, usually4, but can be higher, or lowered to3.<ps:UIVersion>: Is always set to1.<ps:Cookies>: This element is always empty.<ps:RequestParams>: A base64-encoded binary structure that seems to be in the format of a 32-bit little endian integer of the amount of parameters, then an 32-bit little endian integer length and character data for the side of the pair, with there being a key side of the pair, and a value side of the pair.
# wsse:Security
This element only contains the <wsse:UsernameToken> element.
# wsse:UsernameToken
This element has only one attribute:
Id: Is always set touser.
This element has two children:
<wsse:Username>: The XML-encoded user handle of the user authenticating.<wsse:Password>: The XML-encoded password of the user authenticating.
# soap:Body
This element only contains the <ps:RequestMultipleSecurityTokens> element.
If there is only one <wst:RequestSecurityToken> element,
it may replace the <ps:RequestMultipleSecurityTokens> element.
# ps:RequestMultipleSecurityTokens
This element has two attributes:
xmlns:ps: Is always set tohttp://schemas.microsoft.com/Passport/SoapServices/PPCRL.Id: Is always set toRSTS.
This element contains one or multiple
<wst:RequestSecurityToken> elements.
# wst:RequestSecurityToken
This element has only one attribute:
Id: Is set toRST#, with#incrementing every use of this element, starting from0.
# wst:RequestType
This element always contains the value http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue.
# wsp:AppliesTo
This element only contains the <wsa:EndpointReference> element.
# wsa:EndpointReference
This element only contains one of two mutually exclusive elements:
<wsa:Address>: By URL or domain name<wsa:ServiceName>: By service name
# wsa:Address
This element contains the target domain for this security token:
http://Passport.NET/tb: Legacy authentication, One of these is always required (usually asRST0). Does not set a<wsse:PolicyReference>.messengerclear.live.com: The domain used for solvingMBI_KEY_OLDchallenges. Uses a policy defined by the MSNP server, which is usuallyMBI_KEY_OLD.messenger.msn.com: The usual domain for authenticating to the Messenger Service. Uses passport unique parameters (?...) defined by the MSNP server, or?id=507if usingmessengerclear.live.comto authenticate.contacts.msn.com: Used for the Address Book Service. Uses passport unique parameters (?...) orMBI(since MSNP15). Required since MSNP13.messengersecure.live.com: A secure version ofmessenger.msn.com, with unknown use. UsesMBI_SSL.spaces.msn.com: The blog service. UsesMBI.spaces.live.com: The blog service. UsesMBI.livecontacts.live.com: The Live Contacts ABI, apparently a simplified version of the Address Book Service.storage.msn.com: The user storage service. UsesMBI_SSL. Required for MSNP15's roaming user content support.
# wsa:ServiceName
This element contains the target service name for this security token:
p2pslc.messenger.msn.com: The peer-to-peer "slc" service. UsesMBI_X509_CID.
# wst:Supporting
This optional element only exists if the <wsse:PolicyReference> requires it.
# wsse:BinarySecurityToken
This element has two attributes:
ValueType: Usually only seen set tohttp://schemas.microsoft.com/Passport/SoapServices/PPCRL#PKCS10.EncodingType: Usually only seen set towsse:Base64Binary.
This element's value is the binary token, which has only been observed to be a PKCS#10 certificate request
in SHA1-RSA format (1024 bits), with the Common Name (CN) set to MSIDCRL.
# wsse:PolicyReference
This optional element has only one attribute:
URI: The security policy of this security token:MBI_KEY_OLD: Calculate a challenge with the server's<wst:BinarySecret>.MBI_KEY: Unknown, but probably not unlikeMBI_KEY_OLD?MBI: No special parameters.MBI_SSL: No special parameters and encrypted transport only.MBI_X509_CID: Unknown, but based on user certificates. Only used withp2pslc.messenger.msn.com.- (any policy starting with
?): Authenticate using special parameters, akin to Passport 1.4.
# Server/Response
The following sub-headers are XML elements for the server's response.
# soap:Envelope
This element has only one attribute:
xmlns:soap: Is always set tohttp://schemas.xmlsoap.org/soap/envelope/.
# soap:Header
This element only contains the <psf:pp> element.
# psf:pp
This element has only one attribute:
xmlns:psf: Is always set tohttp://schemas.microsoft.com/Passport/SoapServices/SOAPFault.
This element has nine children:
<psf:serverVersion>: Only observed to be1.<psf:PUID>: The user's Passport Unique ID, expressed as a 16-bit capitalized hexadecimal stream.<psf:configVersion>: The configuration version expressed as a quadruplet.<psf:uiVersion>: The user interface version expressed as a quadruplet.<psf:authstate>: This is always0x48803(PPCRL_AUTHSTATE_S_AUTHENTICATED_PASSWORD) for successful authentications.<psf:regstatus>: This is always0x0for successful authentications.<psf:serverInfo>: This element has the server's identification string and the following four attributes:Path: Always set toLive1.RollingUpgradeState: Always set toExclusiveNew.LocVersion: Always set to0.ServerTime: A ISO 8601 timestamp that specifies the time this response was generated.
<psf:cookies>: This element is always empty.<psf:response>: This element is always empty.
# soap:Body
This element only contains the <wst:RequestSecurityTokenResponseCollection> element.
# wst:RequestSecurityTokenResponseCollection
This element has six attributes:
xmlns:wst: Is always set tohttp://schemas.xmlsoap.org/ws/2004/04/trust.xmlns:wsse: Is always set tohttp://schemas.xmlsoap.org/ws/2003/06/secext.xmlns:wsu: Is always set tohttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd.xmlns:saml: Is always set tourn:oasis:names:tc:SAML:1.0:assertion.xmlns:wsp: Is always set tohttp://schemas.xmlsoap.org/ws/2002/12/policy.xmlns:psf: Is always set tohttp://schemas.microsoft.com/Passport/SoapServices/SOAPFault.
This element contains one or multiple
<wst:RequestSecurityTokenResponse> elements.
# wst:RequestSecurityTokenResponse
This element has four required children and one optional child:
<wst:TokenType>: The type of security token this<wst:RequestSecurityTokenResponse>is.<wsp:AppliesTo>: Defines what can use this security token.<wst:RequestedSecurityToken>: The security token itself.<wst:RequestedTokenReference>: The reference location of where the security token is stored.<wst:RequestedProofToken>(Optional): The proof token used forurn:passport:legacytokens orMBI_KEY_OLDpolicies.
# wst:TokenType
This element only contains either the value urn:passport:legacy or urn:passport:compact.
# wsp:AppliesTo
This element has only one attribute:
xmlns:wsa: Is always set tohttp://schemas.xmlsoap.org/ws/2004/03/addressing.
This element only contains the <wsa:EndpointReference> element.
# wsa:EndpointReference
This element only contains the <wsa:Address> element.
# wsa:Address
This element contains the target domain for this security token:
http://Passport.NET/tb: Legacy authentication, One of these is always required (usually asRST0). Does not set a<wsse:PolicyReference>.messengerclear.live.com: The domain used for solvingMBI_KEY_OLDchallenges. Uses a policy defined by the MSNP server, which is usuallyMBI_KEY_OLD.messenger.msn.com: The usual domain for authenticating to the Messenger Service. Uses passport unique parameters (?...) defined by the MSNP server, or?id=507if usingmessengerclear.live.comto authenticate.contacts.msn.com: Used for the Address Book Service. Uses passport unique parameters (?...) orMBI(since MSNP15). Required since MSNP13.messengersecure.live.com: A secure version ofmessenger.msn.com, with unknown use. UsesMBI_SSL.spaces.msn.com: The blog service. UsesMBI.spaces.live.com: The blog service. UsesMBI.livecontacts.live.com: The Live Contacts ABI, apparently a simplified version of the Address Book Service.storage.msn.com: The user storage service. UsesMBI_SSL. Required for MSNP15's roaming user content support.
# wst:LifeTime
This element has two children:
<wsu:Created>: The ISO 8601 timestamp of when this security token was generated.<wsu:Expires>: The ISO 8601 timestamp of when this security token expires.
# wst:RequestedSecurityToken
This element has different children based on the value of the
<wst:TokenType> element.
# [urn:passport:legacy children]
These elements are only included in <wst:RequestedSecurityToken> if the value of
<wst:TokenType> element is set to urn:passport:legacy.
# EncryptedData
This element has three attributes:
xmlns: This is alwayshttp://www.w3.org/2001/04/xmlenc#.Id: This is always set toBinaryDAToken#, with the#being incremented every use of the<wst:RequestSecurityTokenResponse>element starting from0.Type: This is always set tohttp://www.w3.org/2001/04/xmlenc#Element.
# EncryptionMethod
This empty element has only one attribute:
Algorithm: This is always set tohttp://www.w3.org/2001/04/xmlenc#tripledes-cbc.
# ds:KeyInfo
This element has only one attribute:
xmlns:ds: This is always set tohttp://www.w3.org/2000/09/xmldsig#.
This element only has one child:
<ds:KeyName>: Only observed to behttp://Passport.NET/STS
# CipherData
This element has only one child:
<CipherValue>: Likely to be a Passport Token of some kind, just 3DES encrypted. (If you know how this is used, please contact me!)
# [urn:passport:compact children]
These elements are only included in <wst:RequestedSecurityToken> if the value of
<wst:TokenType> element is set to urn:passport:compact.
# wsse:BinarySecurityToken
This element has only one attribute:
Id: This is always set toCompact#, with the#being incremented every use of the<wst:RequestSecurityTokenResponse>element starting from0.
This element contains the Passport token and profile parameters as a XML-encoded value.
(t=token&p=profile)
# wst:RequestedTokenReference
This element has two children:
<wsse:KeyIdentifier>: This empty element has only one attribute:ValueType: This is eitherurn:passportorurn:passport:compact.
<wsse:Reference>: This empty element has only one attribute:URI: The URI that has the contents of the security token. Usually refers to the first child of the<wst:RequestedSecurityToken>element via it'sIdattribute, using the#prefix followed by the value of theIdattribute.
# wst:RequestedProofToken
This optional element only has one child:
<wst:BinarySecret>: The binary secret for this token
# RST.srf
# Basic Request
Only in MSNP12.
# Client/Request
POST /RST.srf HTTP/1.1
Cache-Control: no-cache
Content-Type: text/xml; charset=utf-8
Content-Length: {data-length}
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wssc="http://schemas.xmlsoap.org/ws/2004/04/sc"
xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust"
>
<soap:Header>
<ps:AuthInfo
xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL"
Id="PPAuthInfo"
>
<ps:HostingApp>{7108E71A-9926-4FCB-BCC9-9A9D3F32E423}</ps:HostingApp>
<ps:BinaryVersion>4</ps:BinaryVersion>
<ps:UIVersion>1</ps:UIVersion>
<ps:Cookies></ps:Cookies>
<ps:RequestParams>AQAAAAIAAABsYwQAAAAyMDU3</ps:RequestParams>
</ps:AuthInfo>
<wsse:Security>
<wsse:UsernameToken
Id="user"
>
<wsse:Username>{user-handle}</wsse:Username>
<wsse:Password>{password}</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<ps:RequestMultipleSecurityTokens
xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL"
Id="RSTS"
>
<wst:RequestSecurityToken
Id="RST0"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://Passport.NET/tb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityToken>
<wst:RequestSecurityToken
Id="RST1"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>messenger.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsse:PolicyReference
URI="?{server-args}"
/>
</wst:RequestSecurityToken>
</ps:RequestMultipleSecurityTokens>
</soap:Body>
</soap:Envelope>
Where data-length is the total size of the XML document with the placeholders changed to their correct values.
Where user-handle is the XML-encoded user handle of the user to authenticate.
Where password is the XML-encoded password of the user to authenticate.
Where server-args is the parameter given to the server's response to the initial USR.
# Server/Response
NOTE: The legacy Passport token has been removed to prevent issues with scrolling.
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: 3557
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
>
<soap:Header>
<psf:pp
xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"
>
<psf:serverVersion>1</psf:serverVersion>
<psf:PUID>0000000100000002</psf:PUID>
<psf:configVersion>3.0.869.0</psf:configVersion>
<psf:uiVersion>3.0.869.0</psf:uiVersion>
<psf:authstate>0x48803</psf:authstate>
<psf:reqstatus>0x0</psf:reqstatus>
<psf:serverInfo
Path="Live1"
RollingUpgradeState="ExclusiveNew"
LocVersion="0"
ServerTime="2024-11-22T14:45:20Z"
>yellows111 2024.11.22.14.45.20</psf:serverInfo>
<psf:cookies/>
<psf:response/>
</psf:pp>
</soap:Header>
<soap:Body>
<wst:RequestSecurityTokenResponseCollection
xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy"
xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"
>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:legacy</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>http://Passport.NET/tb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<EncryptedData
xmlns="http://www.w3.org/2001/04/xmlenc#"
Id="BinaryDAToken0"
Type="http://www.w3.org/2001/04/xmlenc#Element"
>
<EncryptionMethod
algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>
<ds:KeyName>http://Passport.NET/STS</ds:KeyName>
</ds:KeyInfo>
<CipherData>
<CipherValue>[[removed intentionally]]</CipherValue>
</CipherData>
</EncryptedData>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport"
/>
<wsse:Reference
URI="#BinaryDAToken0"
/>
</wst:RequestedTokenReference>
<wst:RequestedProofToken>
<wst:BinarySecret>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</wst:BinarySecret>
</wst:RequestedProofToken>
</wst:RequestSecurityTokenResponse>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:compact</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>messenger.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<wsse:BinarySecurityToken
Id="Compact1"
>t=token&p=profile</wsse:BinarySecurityToken>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport:compact"
/>
<wsse:Reference
URI="#Compact1"
/>
</wst:RequestedTokenReference>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</soap:Body>
</soap:Envelope>
# With contacts.msn.com
# Client/Request
POST /RST.srf HTTP/1.1
Cache-Control: no-cache
Content-Type: text/xml; charset=utf-8
Content-Length: {data-length}
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
>
<soap:Header>
</soap:Header>
<soap:Body>
<ps:RequestMultipleSecurityTokens
xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL"
Id="RSTS"
>
<wst:RequestSecurityToken
Id="RST0"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://Passport.NET/tb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityToken>
<wst:RequestSecurityToken
Id="RST1"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>messenger.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsse:PolicyReference
URI="?{server-args}"
/>
</wst:RequestSecurityToken>
<wst:RequestSecurityToken
Id="RST2"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>contacts.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsse:PolicyReference
URI="MBI"
/>
</wst:RequestSecurityToken>
</ps:RequestMultipleSecurityTokens>
</soap:Body>
</soap:Envelope>
Where data-length is the total size of the XML document with the placeholders changed to their correct values.
Where user-handle is the XML-encoded user handle of the user to authenticate.
Where password is the XML-encoded password of the user to authenticate.
Where server-args is the parameter given to the server's response to the initial USR.
# Server/Response
NOTE: The legacy Passport token has been removed to prevent issues with scrolling.
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: 4382
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
>
<soap:Header>
<psf:pp
xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"
>
<psf:serverVersion>1</psf:serverVersion>
<psf:PUID>0000000100000002</psf:PUID>
<psf:configVersion>3.0.869.0</psf:configVersion>
<psf:uiVersion>3.0.869.0</psf:uiVersion>
<psf:authstate>0x48803</psf:authstate>
<psf:reqstatus>0x0</psf:reqstatus>
<psf:serverInfo
Path="Live1"
RollingUpgradeState="ExclusiveNew"
LocVersion="0"
ServerTime="2024-11-22T14:45:20Z"
>yellows111 2024.11.22.14.45.20</psf:serverInfo>
<psf:cookies/>
<psf:response/>
</psf:pp>
</soap:Header>
<soap:Body>
<wst:RequestSecurityTokenResponseCollection
xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy"
xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"
>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:legacy</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>http://Passport.NET/tb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<EncryptedData
xmlns="http://www.w3.org/2001/04/xmlenc#"
Id="BinaryDAToken0"
Type="http://www.w3.org/2001/04/xmlenc#Element"
>
<EncryptionMethod
algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>
<ds:KeyName>http://Passport.NET/STS</ds:KeyName>
</ds:KeyInfo>
<CipherData>
<CipherValue>[[removed intentionally]]</CipherValue>
</CipherData>
</EncryptedData>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport"
/>
<wsse:Reference
URI="#BinaryDAToken0"
/>
</wst:RequestedTokenReference>
<wst:RequestedProofToken>
<wst:BinarySecret>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</wst:BinarySecret>
</wst:RequestedProofToken>
</wst:RequestSecurityTokenResponse>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:compact</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>messenger.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<wsse:BinarySecurityToken
Id="Compact1"
>t=token&p=profile</wsse:BinarySecurityToken>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport:compact"
/>
<wsse:Reference
URI="#Compact1"
/>
</wst:RequestedTokenReference>
</wst:RequestSecurityTokenResponse>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:compact</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>contacts.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<wsse:BinarySecurityToken
Id="Compact2"
>t=token&p=profile</wsse:BinarySecurityToken>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport:compact"
/>
<wsse:Reference
URI="#Compact2"
/>
</wst:RequestedTokenReference>
</wst:RequestSecurityTokenResponseCollection>
</soap:Body>
</soap:Envelope>
# With MBI_OLD_KEY
Since MSNP15.
# Client/Request
POST /RST.srf HTTP/1.1
Cache-Control: no-cache
Content-Type: text/xml; charset=utf-8
Content-Length: {data-length}
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
>
<soap:Header>
</soap:Header>
<soap:Body>
<ps:RequestMultipleSecurityTokens
xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL"
Id="RSTS"
>
<wst:RequestSecurityToken
Id="RST0"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://Passport.NET/tb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityToken>
<wst:RequestSecuirtyToken
Id="RST1"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>messengerclear.live.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsse:PolicyReference
URI="MBI_KEY_OLD"
/>
</wst:RequestSecurityToken>
<wst:RequestSecurityToken
Id="RST2"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>messenger.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsse:PolicyReference
URI="?id=507"
/>
</wst:RequestSecurityToken>
<wst:RequestSecurityToken
Id="RST3"
>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>contacts.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsse:PolicyReference
URI="MBI"
/>
</wst:RequestSecurityToken>
</ps:RequestMultipleSecurityTokens>
</soap:Body>
</soap:Envelope>
Where data-length is the total size of the XML document with the placeholders changed to their correct values.
Where user-handle is the XML-encoded user handle of the user to authenticate.
Where password is the XML-encoded password of the user to authenticate.
NOTE: Technically MBI_KEY_OLD is just defined by the server's response to the initial USR.
# Server/Response
NOTE: The legacy Passport token has been removed to prevent issues with scrolling.
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: 5427
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
>
<soap:Header>
<psf:pp
xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"
>
<psf:serverVersion>1</psf:serverVersion>
<psf:PUID>0000000100000002</psf:PUID>
<psf:configVersion>3.0.869.0</psf:configVersion>
<psf:uiVersion>3.0.869.0</psf:uiVersion>
<psf:authstate>0x48803</psf:authstate>
<psf:reqstatus>0x0</psf:reqstatus>
<psf:serverInfo
Path="Live1"
RollingUpgradeState="ExclusiveNew"
LocVersion="0"
ServerTime="2024-11-22T14:45:20Z"
>yellows111 2024.11.22.14.45.20</psf:serverInfo>
<psf:cookies/>
<psf:response/>
</psf:pp>
</soap:Header>
<soap:Body>
<wst:RequestSecurityTokenResponseCollection
xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy"
xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"
>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:legacy</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>http://Passport.NET/tb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<EncryptedData
xmlns="http://www.w3.org/2001/04/xmlenc#"
Id="BinaryDAToken0"
Type="http://www.w3.org/2001/04/xmlenc#Element"
>
<EncryptionMethod
algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>
<ds:KeyName>http://Passport.NET/STS</ds:KeyName>
</ds:KeyInfo>
<CipherData>
<CipherValue>[[removed intentionally]]</CipherValue>
</CipherData>
</EncryptedData>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport"
/>
<wsse:Reference
URI="#BinaryDAToken0"
/>
</wst:RequestedTokenReference>
<wst:RequestedProofToken>
<wst:BinarySecret>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</wst:BinarySecret>
</wst:RequestedProofToken>
</wst:RequestSecurityTokenResponse>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:compact</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>messengerclear.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<wsse:BinarySecurityToken
Id="Compact1"
>t=token&p=profile</wsse:BinarySecurityToken>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport:compact"
/>
<wsse:Reference
URI="#Compact1"
/>
</wst:RequestedTokenReference>
<wst:RequestedProofToken>
<wst:BinarySecret>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</wst:BinarySecret>
</wst:RequestedProofToken>
</wst:RequestSecurityTokenResponse>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:compact</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>messenger.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<wsse:BinarySecurityToken
Id="Compact2"
>t=token&p=profile</wsse:BinarySecurityToken>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport:compact"
/>
<wsse:Reference
URI="#Compact2"
/>
</wst:RequestedTokenReference>
</wst:RequestSecurityTokenResponse>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:compact</wst:TokenType>
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
>
<wsa:EndpointReference>
<wsa:Address>contacts.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2024-11-22T14:45:20Z</wsu:Created>
<wsu:Expires>2024-11-22T14:45:20Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<wsse:BinarySecurityToken
Id="Compact3"
>t=token&p=profile</wsse:BinarySecurityToken>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier
ValueType="urn:passport:compact"
/>
<wsse:Reference
URI="#Compact3"
/>
</wst:RequestedTokenReference>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</soap:Body>
</soap:Envelope>