Compartir a través de


<samlSecurityTokenRequirement>

Provides configuration for the SamlSecurityTokenHandler class, the Saml2SecurityTokenHandler class, or a derived class of either of these classes. Represented by the SamlSecurityTokenRequirement class.

<configuration>
  <system.identityModel>
    <identityConfiguration>
      <securityTokenHandlers>
        <add>
          <samlSecurityTokenRequirement>

Syntax

<system.identityModel>  
  <identityConfiguration>  
    <securityTokenHandlers>  
      <add>  
        <samlSecurityTokenRequirement
            issuerCertificateValidationMode="None||ChainTrust||PeerTrust||PeerOrChainTrust||Custom"  
            issuerCertificateRevocationMode="NoCheck||Offline||Online"  
            issuerCertificateTrustedStoreLocation="CurrentLocation||LocalMachine"  
            issuerCertificateValidator="Namespace.Class Assembly"  
            mapToWindows=xs:boolean  
          <nameClaimType value=xs:string />  
          <roleClaimType value=xs:string />  
        </samlSecurityTokenRequirement>  
      </add>  
    </securityTokenHandlers>  
  </identityConfiguration>  
</system.identityModel>  

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description
mapToWindows Specifies whether the token handler should map the validating token to a Windows account by using the incoming UPN claim. The default is "false".
issuerCertificateRevocationMode An X509RevocationMode value that specifies the revocation mode to use for the X.509 certificate. The default value is "Online".
issuerCertificateValidationMode An X509CertificateValidationMode value that specifies the validation mode to use for the X.509 certificate. The default value is "PeerOrChainTrust".
issuerCertificateTrustedStoreLocation A StoreLocation value that specifies the X.509 certificate store. The default value is "LocalMachine".
issuerCertificateValidator A custom type that derives from X509CertificateValidator. If the issuerCertificateValidationMode attribute is "Custom", an instance of this type is used for issuer certificate validation.

Child Elements

Element Description
<nameClaimType> Sets the claim type that specifies the Name property.
<roleClaimType> Specifies the claim type that defines the role type claims in the collection of ClaimsIdentity objects returned by the ValidateToken method of the token handler.

Parent Elements

Element Description
<add> Adds the specified security token handler to the token handler collection.

Remarks

The <samlSecurityTokenRequirement> element is represented by the SamlSecurityTokenRequirement class in the object model and is used to configure the SamlSecurityTokenRequirement property on a SamlSecurityTokenHandler or a Saml2SecurityTokenHandler.

Example

<add type="System.IdentityModel.Tokens.SamlSecurityTokenHandler, System.IdentityModel">  
    <samlSecurityTokenRequirement issuerCertificateValidationMode="PeerOrChainTrust"  
                                  issuerCertificateRevocationMode="Online"  
                                  issuerCertificateTrustedStoreLocation="LocalMachine"  
                                  mapToWindows="false">  
  
        <nameClaimType value="https://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" />  
        <roleClaimType value="schemas.microsoft.com/ws/2006/04/identity/claims/role" />  
    </samlSecurityTokenRequirement>  
</add>