Share via

<add> element for <knownCertificates>

  • Article

Adds an X.509 certificate to the collection of known certificates.

<system.serviceModel>

  <behaviors>

    <serviceBehaviors>

      <behavior> of <serviceBehaviors>

        <serviceCredentials> Element

          <issuedTokenAuthentication> of <serviceCredentials>

                                    
                                    <add findValue="String" x509Type="FindByThumbprint/FindBySubjectName/FindBySubjectDistinguishedName/FindByIssuerName/FindByIssuerDistinguishedName/FindBySerialNumber/FindByTimeValid/FindByTimeNotYetValid/FindBySerialNumber/FindByTimeExpired/FindByTemplateName/FindByApplicationPolicy/FindByCertificatePolicy/FindByExtension/FindByKeyUsage/FindBySubjectKeyIdentifier" 
                                
                                    
                                    storeLocation="CurrentUser/LocalMachine"
                                
                                    
                                    storeName=" CurrentUser/LocalMachine"
                                
                                    
                                    />

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description

findValue

String. The value to search for.

x509FindType

Enumeration. One of the certificate fields to search.

storeLocation

Enumeration. One of the two store locations to search.

storeName

Enumeration. One of the system stores to search.

findValue Attribute

Value Description

String

The value depends on the field (specified by the X509FindType attribute) being searched. For example, if searching for a thumbprint, the value must be a string of hexadecimal numbers.

x509FindType Attribute

Value Description

Enumeration

Values include: FindByThumbprint, FindBySubjectName, FindBySubjectDistinguishedName, FindByIssuerName, FindByIssuerDistinguishedName, FindBySerialNumber, FindByTimeValid, FindByTimeNotYetValid, FindBySerialNumber, FindByTimeExpired, FindByTemplateName, FindByApplicationPolicy, FindByCertificatePolicy, FindByExtension, FindByKeyUsage, FindBySubjectKeyIdentifier.

storeLocation Attribute

Value Description

Enumeration

CurrentUser or LocalMachine.

storeName Attribute

Value Description

Enumeration

Values include: AddressBook, AuthRoot, CertificateAuthority, Disallowed, My, Root, TrustedPeople, and TrustedPublisher.

Child Elements

None.

Parent Elements

Element Description

<knownCertificates> Element

Represents a collection of X.509 certificates that are provided by a Security Token Service (STS) for validation of security tokens.

Text Value

Insert content here.

Remarks

Insert content here.

Example

This is the description for a Code Example.

<serviceBehaviors>
 <behavior name="myServiceBehavior">
  <serviceCredentials>
   <issuedTokenAuthentication>
    <knownCertificates>
     <add findValue="www.contoso.com" storeLocation="LocalMachine" 
           storeName="CertificateAuthority"
           x509FindType="FindByIssuerName" />
     </knownCertificates>
    </issuedTokenAuthentication>
   </serviceCredentials>
  </behavior>
 </serviceBehaviors>

When creating a federated service that uses a Security Token Service (STS) to supply security tokens, the certificate used by the STS must be supplied in advance (an out-of-band negotiation). The certificate is stored in this collection, and is used to validate tokens supplied by clients. For more information, see Federation and SAML.

See Also

Other Resources

Working with Certificates
Federation and SAML

Footer image

Send comments about this topic to Microsoft.
© Microsoft Corporation. All rights reserved.