<IssuerToken> Element
Specifies the security token that a SOAP message sender must use to encrypt its entropy value when requesting a security token.
<policyDocument> Element
<policies> Element
<Policy> Element (WSE for Microsoft .NET) (1)
<Confidentiality> Element
<KeyInfo> Element (WSE for Microsoft .NET) (1)
<SecurityToken> Element
<Claims> Element
<policyDocument> Element
<policies> Element
<Policy> Element (WSE for Microsoft .NET) (1)
<Integrity> Element
<TokenInfo> Element
<SecurityToken> Element
<Claims> Element
<wse:IssuerToken>
<wssp:SecurityToken
xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext">
</wssp:SecurityToken>
</wse:IssuerToken>
Attributes and Elements
Attributes
None
Child Elements
Element | Description |
---|---|
The security token that a SOAP message sender must use to encrypt its entropy value when requesting a security token from a security token service. |
Parent Elements
Element | Description |
---|---|
Specifies requirements that are specific to a security token type. |
Remarks
Use the <IssuerToken> element when SOAP messages are sent to or received by Web services that issue security tokens using entropy values. By default, the SecurityContextTokenService security token service uses entropy values to issue security tokens. For more information about obtaining security tokens from a SecurityContextTokenService security token service, see Issuing Security Context Tokens.
Example
The following code example is a policy file for a SOAP message sender that sends SOAP requests to a target Web service that issues SecurityContextToken security tokens. The policy requires that security token requests sent to the http://www.cohowinery.com/DerivedKeyTokenService.asmx
endpoint include an entropy value that is encrypted using the X509 security token with a subject name of CN=WSE2QuickStartServer
.
Note
This code example is designed to demonstrate WSE features and is not intended for production use.
<?xml version="1.0" encoding="utf-8"?>
<policyDocument xmlns="https://schemas.microsoft.com/wse/2003/06/Policy">
<mappings>
<endpoint uri="http://www.cohowinery.com/DerivedKeyTokenService.asmx">
<operation
requestAction="https://www.contoso.com/StockQuoteRequest">
<request policy="#Target-Service-Policy" />
<response policy="" />
<fault policy="" />
</operation>
</endpoint>
</mappings>
<policies
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wse="https://schemas.microsoft.com/wse/2003/06/Policy">
<wsp:Policy wsu:Id="Target-Service-Policy"
xmlns:wsp="https://schemas.xmlsoap.org/ws/2002/12/policy"
xmlns:wsa="https://schemas.xmlsoap.org/ws/2004/03/addressing">
<!--
Integrity is used to require the headers to be signed.
Note that only an authenticated derived key token is
required. Many Web services will also use the token
for authorization, such as by using the <wse:Role>
claim.
-->
<wssp:Integrity wsp:Usage="wsp:Required"
xmlns:wssp="https://schemas.xmlsoap.org/ws/2002/12/secext">
<wssp:TokenInfo>
<SecurityToken xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext">
<wssp:TokenType>https://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</wssp:TokenType>
<Claims>
<wse:Parent>
<SecurityToken
xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext">
<wssp:TokenType>https://schemas.xmlsoap.org/ws/2004/04/security/sc/sct</wssp:TokenType>
<wssp:Claims>
<wse:IssuerToken> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType> <wssp:Claims> <wssp:SubjectName>CN=WSE2QuickStartServer</wssp:SubjectName> </wssp:Claims> </wssp:SecurityToken> </wse:IssuerToken>
<wse:BaseToken>
<SecurityToken xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext">
<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType>
<wssp:Claims>
<!-- By specifying the SubjectName claim here,
Policy can look for a certificate with
this subject name in the certificate
store indicated in the application's
configuration. The X.509 Certificate Tool
is useful for finding the correct values
for this field.
-->
<wssp:SubjectName>CN=WSE2QuickStartClient</wssp:SubjectName>
</wssp:Claims>
</SecurityToken>
</wse:BaseToken>
</wssp:Claims>
</SecurityToken>
</wse:Parent>
</Claims>
</SecurityToken>
</wssp:TokenInfo>
<wssp:MessageParts
Dialect="https://schemas.xmlsoap.org/2002/12/wsse#part">
wsp:Body() wse:Timestamp() wse:Addressing()
</wssp:MessageParts>
</wssp:Integrity>
<!--
The Confidentiality assertion is used to require that
the SOAP Body is encrypted.
-->
<wssp:Confidentiality wsp:Usage="wsp:Required"
xmlns:wssp="https://schemas.xmlsoap.org/ws/2002/12/secext">
<wssp:KeyInfo>
<SecurityToken
xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext">
<wssp:TokenType>https://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</wssp:TokenType>
<Claims>
<wse:Parent>
<SecurityToken
xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext">
<wssp:TokenType>https://schemas.xmlsoap.org/ws/2004/04/security/sc/sct</wssp:TokenType>
<wssp:Claims>
<wse:IssuerToken> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType> <wssp:Claims> <wssp:SubjectName>CN=WSE2QuickStartServer</wssp:SubjectName> </wssp:Claims> </wssp:SecurityToken> </wse:IssuerToken>
<wse:BaseToken>
<SecurityToken xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext">
<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType>
<wssp:Claims>
<!-- By specifying the SubjectName claim here,
Policy can look for a certificate with
this subject name in the certificate
store indicated in the application's
configuration. The WSE X.509 Certificate
Tool is useful for finding the correct
values for this field.
-->
<wssp:SubjectName>CN=WSE2QuickStartClient</wssp:SubjectName>
</wssp:Claims>
</SecurityToken>
</wse:BaseToken>
</wssp:Claims>
</SecurityToken>
</wse:Parent>
</Claims>
</SecurityToken>
</wssp:KeyInfo>
<wssp:MessageParts
Dialect="https://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wssp:MessageParts>
</wssp:Confidentiality>
</wsp:Policy>
</policies>
</policyDocument>
See Also
Reference
<TokenType> Element
DerivedKeyToken
SecurityContextToken