<ServiceName> Element
Specifies the services principal name for Kerberos security tokens.
<policyDocument> Element
<policies> Element
<Policy> Element (WSE for Microsoft .NET) (1)
<Confidentiality> Element
<KeyInfo> Element (WSE for Microsoft .NET) (1)
<SecurityToken> Element
<Claims> Element
<policyDocument> Element
<policies> Element
<Policy> Element (WSE for Microsoft .NET) (1)
<Integrity> Element
<TokenInfo> Element
<SecurityToken> Element
<Claims> Element
<ServiceName>principal name</ServiceName>
Attributes and Elements
Attributes
None
Child Elements
None
Parent Elements
Element | Description |
---|---|
Specifies requirements that are specific to a security token type. |
Text Value
A text value is required. The text value must be the service principal name.
Remarks
During policy verification of incoming SOAP messages, WSE does not verify that a KerberosToken security token matches the specified service principal name. However, the service principal name is enforced for outgoing SOAP messages during policy enforcement using a case-insensitive comparison.
Example
The following code example defines the policy-5218e068-d399-4ad3-a014-9461df97209c
policy assertion that requires that the <Body> element, timestamp header, and all addressing headers must be signed using a KerberosToken.
Note
This code example is designed to demonstrate WSE features and is not intended for production use.
<?xml version="1.0" encoding="utf-8"?>
<policyDocument xmlns="https://schemas.microsoft.com/wse/2003/06/Policy">
<mappings xmlns:wse="https://schemas.microsoft.com/wse/2002/12/Policy">
<defaultEndpoint>
<defaultOperation>
<request policy="#policy-5218e068-d399-4ad3-a014-9461df97209c" />
<response policy="" />
<fault policy="" />
</defaultOperation>
</defaultEndpoint>
</mappings>
<policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wse="https://schemas.microsoft.com/wse/2003/06/Policy"
xmlns:wsa="https://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wssp="https://schemas.xmlsoap.org/ws/2002/12/secext"
xmlns:wsp="https://schemas.xmlsoap.org/ws/2002/12/policy"
xmlns:wssc="https://schemas.xmlsoap.org/ws/2004/04/sc"
xmlns:rp="https://schemas.xmlsoap.org/rp">
<wsp:Policy xmlns:wsp="https://schemas.xmlsoap.org/ws/2002/12/policy"
wsu:Id="policy-5218e068-d399-4ad3-a014-9461df97209c">
<wssp:Integrity wsp:Usage="wsp:Required" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wssp:TokenInfo>
<wssp:SecurityToken>
<wssp:TokenType xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">https://schemas.xmlsoap.org/ws/2003/12/kerberos/Kerberosv5ST</wssp:TokenType>
<wssp:Claims>
<wssp:ServiceName>host/Server@cohowinery.com</wssp:ServiceName>
</wssp:Claims>
</wssp:SecurityToken>
</wssp:TokenInfo>
<wssp:MessageParts Dialect="https://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wse:Timestamp() wse:Addressing()</wssp:MessageParts>
</wssp:Integrity>
</wsp:Policy>
</policies>
</policyDocument>