Windows Identity Foundation Configuration Schema
The topics in this section provide information about the Windows Identity Foundation (WIF) configuration schema. You can also configure an application to use WIF through classes exposed by the framework. These classes are noted in the sections that treat relevant elements in the schema. The following shows the basic XML tag structure exposed by the WIF configuration schema. Attributes are omitted. Highlighted comments indicate major components of the schema.
<configuration>
<system.identityModel>
<!-- Service Configuration -->
<identityConfiguration>
<caches>
<sessionSecurityTokenCache />
<tokenReplayCache />
</caches>
<certificateValidation>
<certificateValidator />
</certificateValidation>
<claimsAuthenticationManager />
<claimsAuthorizationManager>
<optionalConfigurationElement>
</claimsAuthorizationManager>
<claimTypeRequired>
<claimType />
</claimTypeRequired>
<tokenReplayDetection />
<!-- Security Token Handler Collection Configuration -->
<securityTokenHandlers>
<add>
<!-- Can take an optional configuration element which can be one of
the following or a custom element -->
<samlSecurityTokenHandlerRequirement>
<nameClaimType>
<roleClaimType>
</samlSecurityTokenHandlerRequirement>
<sessionSecurityTokenHandlerRequirement />
<x509SecurityTokenHandlerRequirement />
<userNameSecurityTokenHandlerRequirement />
</add>
<clear />
<remove />
<securityTokenHandlerConfiguration>
<audienceUris>
<add>
<clear>
<remove>
</audienceUris>
<caches>
<sessionSecurityTokenCache />
<tokenReplayCache />
</caches>
<certificateValidation>
<certificateValidator>
</certificateValidation>
<issuerNameRegistry>
<!-- Can take an optional configuration element which can be
the <trustedIssuers> element to configure a configuration-based
issuer name registry or can be a custom element -->
<trustedIssuers>
<add>
<clear>
<remove>
</trustedIssuers>
</issuerNameRegistry>
<issuerTokenResolver />
<serviceTokenResolver />
<tokenReplayDetection />
</securityTokenHandlerConfiguration>
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<!-- Federation Authentication Configuration -->
<federatedAuthentication>
<cookieHandler>
<chunkedCookieHandler />
<customCookieHandler />
</cookieHandler>
<serviceCertificate>
<certificateReference>
</serviceCertificate>
<wsFederation />
</federatedAuthentication>
</system.identityModel.services>
</configuration>
In This Section
<system.identityModel> Provides configuration for enabling WIF options in applications.
<system.identityModel.services> Provides configuration for passive federation using WIF. Configures the Session Authentication Module (SAM) and the Federated Authentication Module (WSFAM).