Windows Identity Foundation Configuration Schema

.NET Framework 4.5

The topics in this section provide information about the Windows Identity Foundation (WIF) configuration schema. You can also configure an application to use WIF through classes exposed by the framework,. These classes are noted in the sections that treat relevant elements in the schema. The following shows the basic XML tag structure exposed by the WIF configuration schema. Attributes are omitted. Highlighted comments indicate major components of the schema.

<system.identityModel>
    <!-- Service Configuration -->
    <identityConfiguration>
        <caches>
            <sessionSecurityTokenCache />
            <tokenReplayCache />
        </caches>
         
        <certificateValidation>
            <certificateValidator /> 
        </certificateValidation>
        
        <claimsAuthenticationManager />
        
        <claimsAuthorizationManager>
            <optionalConfigurationElement>
        </claimsAuthorizationManager>
        
        <claimTypeRequired>
            <claimType /> 
        </claimTypeRequired>
         
        <tokenReplayDetection />
       
        <!-- Security Token Handler Collection Configuration -->
        <securityTokenHandlers>
            <add>
                <!-- Can take an optional configuration element which can be one of
                     the following or a custom element -->
                <samlSecurityTokenHandlerRequirement>
                    <nameClaimType>
                    <roleClaimType> 
                </samlSecurityTokenHandlerRequirement>
                
                <sessionSecurityTokenHandlerRequirement />
                <x509SecurityTokenHandlerRequirement />
                <userNameSecurityTokenHandlerRequirement />
            </add>
            <clear />
            <remove />
            <securityTokenHandlerConfiguration>
                <audienceUris>
                    <add>
                    <clear>
                    <remove>
                </audienceUris>
                
                <caches>
                    <sessionSecurityTokenCache />
                    <tokenReplayCache />
                </caches>
                
                <certificateValidation>
                    <certificateValidator> 
                </certificateValidation>
                
                <issuerNameRegistry>
                    <!-- Can take an optional configuration element which can be 
                         the <trustedIssuers> element to configure a configuration-based
                         issuer name registry or can be a custom element -->
                    <trustedIssuers>
                        <add>
                        <clear>
                        <remove>
                    </trustedIssuers>
                </issuerNameRegistry>
                
                <issuerTokenResolver />
                <serviceTokenResolver />
                <tokenReplayDetection />
            </securityTokenHandlerConfiguration>
        </securityTokenHandlers>
    </identityConfiguration>
</system.identityModel>
        
<system.identityModel.services>
    <!-- Federation Authentication Configuration -->
    <federatedAuthentication>
        <cookieHandler>
            <chunkedCookieHandler />
            <customCookieHandler />
        </cookieHandler>
        
        <serviceCertificate>
            <certificateReference>
        </serviceCertificate>
        
        <wsFederation />
    </federatedAuthentication>
</system.identityModel.services>

<system.identityModel> Provides configuration for enabling WIF options in applications.

<system.identityModel.services> Provides configuration for passive federation using WIF. Configures the Session Authentication Module (SAM) and the Federated Authentication Module (WSFAM).

Configuration, Administration, And Management Describes how to configure and manage WIF applications and services.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft