<add> of <claimTypeRequirements>

 

Specifies the types of required and optional claims expected to appear in the federated credential. For example, services state the requirements on incoming credentials, which must possess a certain set of claim types.

<system.serviceModel>
<bindings>
<customBinding>
<binding>
<security>
<issuedTokenParameters>
<claimTypeRequirements>


<claimTypeRequirements>
      <add claimType="URI"
           isOptional="Boolean" />
</claimTypeRequirements>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute

Description

claimType

A URI that defines the type of a claim. For example, to purchase a product from a Web site, the user must present a valid credit card with sufficient credit limit. The claim type would be the credit card URI.

isOptional

A Boolean value that specifies if this is for an optional claim. Set this attribute to false if this is a required claim.

You can use this attribute when the service asks for some information but does not require it. For example, if you require the user to enter his/her first name, last name and address, but decide that phone number is optional.

Child Elements

None.

Parent Elements

Element

Description

<claimTypeRequirements> element

Specifies a collection of required claim types.

In a federated scenario, services state the requirements on incoming credentials. For example, the incoming credentials must possess a certain set of claim types. Each element in this collection specifies the types of required and optional claims expected to appear in a federated credential.

In a federated scenario, services state the requirements on incoming credentials. For example, the incoming credentials must possess a certain set of claim types. This requirement is manifested in a security policy. When a client requests credentials from a federated service (for example, CardSpace), it puts the requirements into a token request (RequestSecurityToken) so that the federated service can issue the credentials that satisfy the requirements accordingly.

Example

The following configuration adds two claim type requirements to a security binding.

<bindings>
    <wsFederationHttpBinding>
      <binding name="myFederatedBinding">
        <security mode="Message">
          <message issuedTokenType="urn:oasis:names:tc:SAML:1.0:assertion">
            <claimTypeRequirements>
              <add claimType=
"http://schemas.microsoft.com/ws/2005/05/identity/claims/EmailAddress"/>
              <add claimType=
"http://schemas.microsoft.com/ws/2005/05/identity/claims/UserName"  
optional="true" />
            </claims>
          </message>
        </security>
      </binding>
    </wsFederationHttpBinding>
</bindings>
Show: