<TokenIssuer> Element (WSE for Microsoft .NET) (1)
Specifies a trusted security token service.
<policyDocument> Element
<policies> Element
<Policy> Element (WSE for Microsoft .NET) (1)
<Confidentiality> Element
<KeyInfo> Element (WSE for Microsoft .NET) (1)
<SecurityToken> Element
<policyDocument> Element
<policies> Element
<Policy> Element (WSE for Microsoft .NET) (1)
<Integrity> Element
<TokenInfo> Element
<SecurityToken> Element
<TokenIssuer>http://www.cohowinery.com/TokenService.ashx</TokenIssuer>
Attributes and Elements
Attributes
None
Child Elements
None
Parent Elements
Element | Description |
---|---|
Text Value
A text value is required. The text value is the URL for the security token service.
Remarks
Use the <TokenIssuer> element to specify the security token service when using security tokens, such as a SecurityContextToken, that are issued from a security token service. For details about issuing and using security tokens, as outlined in the WS-SecureConversation specification, see Issuing Security Tokens. The value of the <TokenIssuer> element is the URL to the security token service.
Note
When the <TokenIssuer> element is used to specify the Certificate Authority (CA) for an X.509 certificate, the value of the element is formatted differently than what appears in the Microsoft Management Console (MMC). The value that must be placed in the <TokenIssuer> element maps to the Issuer field that appears on the Details tab of the Certificates Snap-in within MMC. If you copy the value of the Issuer field from the MMC, the value has to be reversed prior to placement in the <TokenIssuer> element. For example, if the value of the Issuer field is CN=CertServer DC=corp DC=contoso DC=com
, then the value that must be added to the <TokenIssuer> element is: DC=com DC=contoso DC=corp CN=CertServer
.
Example
The following code example defines a policy assertion named signed-body-sct
that requires the digital signing of the <Body> element, timestamp header, and all addressing headers by a SecurityContextToken issued from the http://www.cohowinery.com/secureConversation.ashx
security token service. SOAP messages sent the http://www.cohowinery.com/Service1.asmx
endpoint must adhere to this policy assertion.
Note
This code example is designed to demonstrate WSE features and is not intended for production use.
<?xml version="1.0" encoding="utf-8"?>
<policyDocument xmlns="https://schemas.microsoft.com/wse/2003/06/Policy">
<mappings>
<endpoint uri="http://www.cohowinery.com/Service1.asmx">
<defaultOperation>
<request policy="#signed-body-sct" />
<response policy="" />
<!-- SOAP faults are signed using the original Security Context Token -->
<fault policy="#signed-body-sct " />
</defaultOperation>
</endpoint>
</mappings>
<policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wse="https://schemas.microsoft.com/wse/2003/06/Policy"
xmlns:wsa="https://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wssp="https://schemas.xmlsoap.org/ws/2002/12/secext"
xmlns:wsp="https://schemas.xmlsoap.org/ws/2002/12/policy"
xmlns:wssc="https://schemas.xmlsoap.org/ws/2004/04/sc"
xmlns:rp="https://schemas.xmlsoap.org/rp">
<!--This policy requires that the body be signed with a
SecurityContextToken.-->
<wsp:Policy wsu:Id="signed-body-sct">
<wssp:Integrity wsp:Usage="wsp:Required">
<wssp:TokenInfo>
<wssp:SecurityToken>
<wssp:TokenType>https://schemas.xmlsoap.org/ws/2004/04/security/sc/sct</wssp:TokenType>
<wssp:TokenIssuer>http://www.cohowinery.com/secureConversation.ashx</wssp:TokenIssuer>
</wssp:SecurityToken>
</wssp:TokenInfo>
<wssp:MessageParts xmlns:rp="https://schemas.xmlsoap.org/rp" Dialect="https://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wse:Timestamp() wse:Addressing()</wssp:MessageParts>
</wssp:Integrity>
</wsp:Policy>
</policies>
</policyDocument>