Once the TokenIssuerOperation has processed the client request, it iterates through the list of defined TokenProvider implementations to see if each "can handle" the desired token type in the configured realm (if any). If no TokenProvider is defined, or if no TokenProvider can handle the desired token type, then an exception is thrown. Otherwise, a token is created, and a response object is constructed containing the following items:
- The context attribute (if any was specified).
- The Token Type.
- The requested token (possibly encrypted, depending on configuration).
- A number of references to that token (can be disabled by configuration).
- The received AppliesTo address (if any).
- The RequestedProofToken (if a Computed Key Algorithm was used).
- The Entropy generated by the STS (if any, can be encrypted).
- The lifetime of the generated token.
- The KeySize that was used (if any).