Export (0) Print
Expand All

LogonServerConfigurationHandler Class

Reads configuration data for the Logon Server component of AD FS, which runs on the Federation Service and Federation Service Proxy and is responsible for handling protocol requests to the endpoint URL.


Namespace: System.Web.Security.SingleSignOn
Assembly: System.Web.Security.SingleSignOn (in system.web.security.singlesignon.dll)

The web.config in the application root of Federation Service or Federation Service Proxy should register a system.web section called “logonserver” to be handled by this class. Such a registration looks like this:

<configuration>
    <configSections>
        <sectionGroup name="system.web">
            <section name="logonserver" type="System.Web.Security.SingleSignOn.LogonServerConfigurationHandler, System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35, Custom=null" />
        </sectionGroup>
    </configSections>
</configuration>

XPath

Element value description

logonserver/forms/discovery

The name of the aspx form which should be invoked for the DiscoverClientRealm action. The default is “discoverclientrealm.aspx”.

logonserver/forms/logon

The name of the aspx form which should be invoked for the CollectionInitialCredentials and CollectAdditionalCredentials actions. The default is “clientlogon.aspx”.

logonserver/forms/signout

The name of the aspx form which should be invoked for the CleanupTopLevel and CleanupNested actions. The default is “signout.aspx”.

logonserver/forms/policy

The name of the aspx form which should be invoked for the PolicyEnforcement action. The default is null, which avoid the PolicyEnforcement action.

logonserver/posttimeout

The number of seconds to pause before posting a token to a resource partner or application. The default is 0.

logonserver/policyinterval

On the Federation Service Proxy, this indicates the frequency with which an otherwise idle proxy will consider calling GetProxyTrustInformation to refresh trust policy information from the Federation Service. The default is 30 minutes.

logonserver/policythreshhold

On the Federation Service Proxy, this indicates how old the trust policy information must be to warrant a call to GetProxyTrustInformation. Every policyinterval minutes, if the proxy has not made any call to the Federation Server in policythreshhold minutes or more, it forces a call to GetProxyTrustInformation to update the policy.

logonserver/soap/fsuri

On the Federation Service Proxy, this specifies the URL of the Federation Service. Generally, this is of the form “https://fs.example.com/adfs/fs/federationserverservice.asmx”.

logonserver/soap/certhash

On the Federation Service Proxy, this specifies the thumbprint of the certificate from the Local Machine “My” store which should be used to perform client authentication to the Federation Service. This certificate hash must also be configured on the Federation Service in the TrustPolicy.LSClientCertificates collection.

logonserver/auditlevel

On the Federation Service Proxy, this specifies the value of SingleSignOnEventLogLevel to be used for event logging and auditing. The default is SingleSignOnEventLogLevel.Everything.

<system.web>
  <logonserver>
    <forms>
      <discovery>discoverclientrealm.aspx</discovery>
      <logon>clientlogon.aspx</logon>
      <signout>signout.aspx</signout>
    </forms>
  </logonserver>
</system.web>

System.Object
  System.Web.Security.SingleSignOn.LogonServerConfigurationHandler

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Development Platforms

Target Platforms

Windows Server 2008, Windows Server 2003, Windows Vista, Windows Server 2003 R2, Windows XP
Footer image

Send comments about this topic to Microsoft.

Community Additions

ADD
Show:
© 2014 Microsoft