Hi Daniel, IIRC, the spec doesn't say that 'ONLY ONE' of them should be specified, so I think we can safely have both the token type and AppliesTo in the request. :) I'll revisit the request handler code to make sure that AppliesTo is parsed even when the token type is specified. Right now I think that AppliesTo is only parsed if the token type is absent, which is not good since we end up losing important information. Regarding adding a new method, I don't have anything against it. As a matter of fact, this can be a good thing. Although the very same check is performed in the STS, a client-side validation can prevent us from spending time to create, marshall, and dispatch a request that will fail anyway. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4257374#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...