Share via

<renewalWindowInSeconds> Element

  • Article

For KerberosToken and SecurityContextToken security tokens, specifies the period of time immediately prior to expiration, in which the security token should be renewed.

<microsoft.web.services3> Element
  <security> Element
    <binarySecurityTokenManager> Element
      <add> Element for <binarySecurityTokenManager>
        <microsoft.web.services3> Element
          <security> Element
            <securityTokenManager> Element
              <add> Element for <securityTokenManager>

<renewalWindowInSeconds value= "Number of seconds." />

Attributes and Elements

Attributes

Attribute Description

value

Specifies the period of time immediately prior to expiration, in which the security token should be renewed. The value can be any integer greater than 0. The default value is 60.

Child Elements

None.

Parent Elements

Element Description

<add> Element for <binarySecurityTokenManager>

Adds a user-supplied custom binary security manager.

<add> Element for <securityTokenManager>

Adds a user-supplied custom security manager.

Remarks

When WSE receives a KerberosToken or SecurityContextToken security token that was requested from a security token service and is within the renewal window, the security token is rejected and a SOAP fault is thrown back to the sender. The renewal window is the period of time immediately preceding expiration, as specified in the <renewalWindowInSeconds> configuration element.

When policy is configured for outgoing SOAP messages, WSE automatically requests a new SecurityContextToken security token when it requires renewal, which is indicated by the RequiresRenewal property.

Example

The following code example specifies that KerberosToken security tokens can be renewed within 2 minutes of the Kerberos ticket expiring.

<configuration>
  <microsoft.web.services3>
   <security>
      <binarySecurityTokenManager>
        <add 
        valueType="https://schemas.xmlsoap.org/ws/2003/12/kerberos/Kerberosv5ST"
        type="Microsoft.Web.Services3.Security.Tokens.KerberosTokenManager, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" priority="1" group="0" 
        xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
          <renewalWindowInSeconds value="120" />
        </add>
      </binarySecurityTokenManager>
    </security>
  </microsoft.web.services3>
</configuration>

See Also

Reference

<binarySecurityTokenManager> Element