Export (0) Print
Expand All

2.2.4.3 tns:DomainOwnershipProofHeader Complex Type

The DomainOwnershipProofHeader complex type specifies the credentials that are required to prove ownership of a domain that is participating in a federation management service.

<xs:complexType name="DomainOwnershipProofHeader">
  <xs:sequence>
    <xs:element name="Domain"
      type="s:string"
      maxOccurs="1"
      minOccurs="0"
     />
    <xs:element name="HashAlgorithm"
      type="s:string"
     />
    <xs:element name="Signature"
      type="s:string"
     />
  </xs:sequence>
</xs:complexType>

The following table lists the child elements of the DomainOwnershipProofHeader complex type.

Element name

Type

Description

Domain

s:string ([XMLSCHEMA2])

Specifies the name of the domain that is participating in the federation management service.

HashAlgorithm

s:string

Specifies the hash algorithm that is used to create the signature.

Signature

s:string

Specifies the signature of the domain owner.

Create the Signature element by performing the following algorithm:

  • Sign the Domain element with the private key from the certificate used to authenticate the domain with the STS.

  • Hash the certificate signature with the SHA-512 hash algorithm.

  • Encode the hashed value of the signature with base64 encoding.

The server compares the value of the Signature element with the contents of a TXT record on the Domain Name System (DNS) server for the domain specified in the Domain element to determine whether the application is authorized to make Web service calls for the domain.

Show:
© 2014 Microsoft