<issuedToken>

  • Article

Specifies a custom token used to authenticate a client to a service.

Schema Hierarchy

<system.serviceModel>
  <behaviors>
    <endpointBehaviors>
      <behavior> of <endpointBehaviors>
        <clientCredentials>
          <issuedToken>

Syntax

<issuedToken 
   cacheIssuedTokens="Boolean"
   defaultKeyEntropyMode="ClientEntropy/ServerEntropy/CombinedEntropy"
   issuedTokenRenewalThresholdPercentage = "0 to 100"
   issuerChannelBehaviors="String"
      localIssuerChannelBehaviors="String"
   maxIssuedTokenCachingTime="TimeSpan"
</issuedToken>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description

cacheIssuedTokens

Optional Boolean attribute that specifies whether tokens are cached. The default is true.

defaultKeyEntropyMode

Optional string attribute that specifies which random values (entropies) are used for handshake operations. Values include ClientEntropy, ServerEntropy, and CombinedEntropy, The default is CombinedEntropy. This attribute is of type SecurityKeyEntropyMode.

issuedTokenRenewalThresholdPercentage

Optional integer attribute that specifies the percentage of a valid time frame (supplied by the token issuer) that can pass before a token is renewed. Values are from 0 to 100. The default is 60, which specifies 60% of the time passes before a renewal is attempted.

issuerChannelBehaviors

Optional attribute that specifies the channel behaviors to use when communicating with the issuer.

localIssuerChannelBehaviors

Optional attribute that specifies the channel behaviors to use when communicating with the local issuer.

maxIssuedTokenCachingTime

Optional Timespan attribute that specifies the duration that issued tokens are cached when the token issuer (an STS) does not specify a time. The default is “10675199.02:48:05.4775807.”

Child Elements

Element Description

<localIssuer>

Specifies the address of the local issuer of the token and the binding used to communicate with the endpoint.

<issuerChannelBehaviors> Element

Specifies the endpoint behaviors to use when contacting a local issuer.

Parent Elements

Element Description

<clientCredentials>

Specifies the credentials used to authenticate a client to a service.

Remarks

An issued token is a custom credential type used, for example, when authenticating with a Secure Token Service (STS) in a federated scenario. By default, the token is a SAML token. For more information, see Federation and SAML. and Federation and Issued Tokens.

This section contains the elements used to configure a local issuer of tokens, or behaviors used with an security token service. For instructions on configuring a client to use a local issuer, see How to: Configure a Local Issuer.

See Also

Reference

IssuedTokenClientElement
ClientCredentialsElement
ClientCredentials
IssuedToken
IssuedToken
IssuedTokenClientCredential

Other Resources

Security Behaviors in WCF
Securing Services and Clients
Federation and SAML
Securing Clients
How To: Create a Federated Client
How To: Configure a Local Issuer
Federation and Issued Tokens


© 2007 Microsoft Corporation. All rights reserved.
Last Published: 2010-01-05