Sharepoint Online: Encrypted security token RRS feed

  • Question

  • Hi!

    I am are trying to do a remote connection to a SharePoint Online account from a Java application. For authentication, I'm trying to do the following steps:

    1.        Get security token
    2.        Get access tokens/cookies: FedAuth and rtFA
    3.        Getting request digest

    For step 1 (getting the security token), I sent a POST request to with the username and password in the request body.


    <s:Envelope xmlns:s=""
        <a:Action s:mustUnderstand="1"></a:Action>
        <a:To s:mustUnderstand="1"></a:To>
        <o:Security s:mustUnderstand="1"
        <t:RequestSecurityToken xmlns:t="">
          <wsp:AppliesTo xmlns:wsp="">


    Most of the documentation online expects the response will be in this format:


        <wsse:BinarySecurityToken Id="Compact0">TOKEN_HERE</wsse:BinarySecurityToken>


    However, the response I am getting is an encrypted security token.


    <EncryptedData Id="Assertion0" Type="">
    <EncryptionMethod Algorithm="" />
    <EncryptionMethod Algorithm="" />




    1.        Is the process of authentication correct?
    2.        Do we need to decrypt the token before proceeding with step 2 (getting access tokens/cookies)?
      1.        If yes, what key should we use to decrypt the token?
      2.       If no, what would be the format of the request for step 2 (getting access tokens/cookies)?
    3.        Is there a way to get the unencrypted token (BinarySecuirtyToken string) instead?

    • Edited by BEspiritu Wednesday, November 9, 2016 5:54 PM
    Wednesday, November 9, 2016 5:51 PM


All replies