<allowedAudienceUris>

Represents a collection of target URIs for which the SamlSecurityToken security token can be targeted for in order to be considered valid by a SamlSecurityTokenAuthenticator instance.

<configuration>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceCredentials>
            <issuedTokenAuthentication>
              <allowedAudienceUris>

Syntax

<allowedAudienceUris>
  <add allowedAudienceUri="String" />
</allowedAudienceUris>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements

Attributes

None.

Child Elements

Element Description
<add> Adds a target Uri for which the SamlSecurityToken security token can be targeted for in order to be considered valid by a SamlSecurityTokenAuthenticator instance.

Parent Elements

Element Description
<issuedTokenAuthentication> Specifies a token issued as a service credential.

Remarks

You should use this collection in a federated application that utilizes a security token service (STS) that issues SamlSecurityToken security tokens. When the STS issues the security token, it can specify the URI of the Web services for which the security token is intended by adding a SamlAudienceRestrictionCondition to the security token. That allows the SamlSecurityTokenAuthenticator for the recipient Web service to verify that the issued security token is intended for this Web service by specifying that this check should happen by doing the following:

  • Set the audienceUriMode attribute of <issuedTokenAuthentication> to Always or BearerKeyOnly.

  • Specify the set of valid URIs, by adding the URIs to this collection.

For more information, see SamlSecurityTokenAuthenticator.

For more information on using this configuration element, see How to: Configure Credentials on a Federation Service.

See also