How it works

It is basically a carefully crafted SOAP envelope with the RequestSecurityToken against an HTTPS endpoint that supports basic auth.

var rst = "<s:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:a=\"http://www.w3.org/2005/08/addressing\">" +
	"<s:Header>" +
    "<a:Action s:mustUnderstand=\"1\">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>" +
    "<a:To s:mustUnderstand=\"1\">{0}</a:To>" +
    "</s:Header>" +
    "<s:Body>" +
        "<trust:RequestSecurityToken xmlns:trust=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">" +
            "<wsp:AppliesTo xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">" +
                "<a:EndpointReference>" +
                    "<a:Address>{1}</a:Address>" +
                "</a:EndpointReference>" +
        "</wsp:AppliesTo>" +
        "<trust:KeyType>" + keyType + "</trust:KeyType>" +
        "<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>" +
        "</trust:RequestSecurityToken>" +
    "</s:Body>" +
   "</s:Envelope>";


$.ajax({
		url: this.stsUrl,
		data: body,
		type: 'POST',
        beforeSend: function(xhr) {
			xhr.setRequestHeader("Authorization", "Basic " + Base64.encode(username + ":" + pass));
			xhr.setRequestHeader("Content-Type", "application/soap+xml; charset=utf-8");
		},
		timeout: 5000,
		dataType: 'xml',
		success: function(data, status){
			callback.success(data);
		},
		error: function(qXHR, textStatus, errorThrown){
		   callback.error(qXHR)
		}
	});

This was tested from PhoneGap / XCode against ADFS with the usernamebasictransport endpoint turned on.

IMPORTANT: in order to make external http requests you will have to edit the PhoneGap.plist and include the host name of your STS in the ExternalHosts list.

screenshot