Export (0) Print
Expand All

<SubjectName> Element

Specifies the subject name for a security token.

<policyDocument> Element
  <policies> Element
    <Policy> Element (WSE for Microsoft .NET) (1)
      <Confidentiality> Element
        <KeyInfo> Element (WSE for Microsoft .NET) (1)
          <SecurityToken> Element
            <Claims> Element
              <policyDocument> Element
                <policies> Element
                  <Policy> Element (WSE for Microsoft .NET) (1)
                    <Integrity> Element
                      <TokenInfo> Element
                        <SecurityToken> Element
                          <Claims> Element

<SubjectName MatchType>TheSecurityTokenSubjectName</SubjectName>


Attribute Description


Optional attribute. Specifies the algorithm used to match the value of the <SubjectName> Element element and the user name portion of a UsernameToken. The default value is wsse:Prefix.

Child Elements


Parent Elements

Element Description

<Claims> Element

Specifies requirements that are specific to a security token type.

A text value is required. The text value is the subject name for a security token.

The <SubjectName> element can be used to specify the subject name when the value of the <TokenType> Element element represents a UsernameToken, X509SecurityToken, or KerberosToken.

When the <SubjectName> element is used to specify the subject name for an X.509 certificate, the value of the element is formatted differently than what appears in the Microsoft Management Console (MMC). The value that must be placed in the <SubjectName> element maps to the Subject field that appears on the Details tab of the Certificates Snap-in within MMC. If you copy the value of the Subject field from the MMC, the value has to be reversed prior to placement in the <SubjectName> element. For example, if the value of the Subject field is CN=WSE2QuickStartServer, O=Coho Winery, L=Woodinville, S=WA, C=US, then the value that must be added to the <SubjectName> element is: C=US, S=WA, L=Woodinville, O=Contoso, CN=Coho Winery.

The following code example defines the policy-5218e068-d399-4ad3-a014-9461df97209c policy assertion that requires that the <Body> element, timestamp header, and all addressing headers must be signed by using a KerberosSecurityToken that has the subject name EXAMPLE\someone.

<?xml version="1.0" encoding="utf-8"?>
<policyDocument xmlns="http://schemas.microsoft.com/wse/2003/06/Policy">
  <mappings xmlns:wse="http://schemas.microsoft.com/wse/2002/12/Policy">
        <request policy="#policy-5218e068-d399-4ad3-a014-9461df97209c" />
        <response policy="" />
        <fault policy="" />
  <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy"
      <wssp:Integrity wsp:Usage="wsp:Required" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wssp:TokenType xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">http://schemas.xmlsoap.org/ws/2003/12/kerberos/Kerberosv5ST</wssp:TokenType>
        <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wse:Timestamp() wse:Addressing()</wssp:MessageParts>
© 2014 Microsoft