<issuedToken>

Specifies a custom token used to authenticate a client to a service.

<system.serviceModel>

  <behaviors>

    <endpointBehaviors>

      <behavior> of <endpointBehaviors>

        <clientCredentials>

          <issuedToken>

                                    
                                    <issuedToken 
                                
                                    
                                       cacheIssuedTokens="Boolean"
                                
                                    
                                       defaultKeyEntropyMode="ClientEntropy/ServerEntropy/CombinedEntropy"
                                
                                    
                                       issuedTokenRenewalThresholdPercentage = "0 to 100"
                                
                                    
                                       issuerChannelBehaviors="String"
                                
                                    
                                           
                                    
                                       localIssuerChannelBehaviors="String"
                                
                                    
                                       maxIssuedTokenCachingTime="TimeSpan"
                                
                                    
                                    </issuedToken>
                                

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description

cacheIssuedTokens

Optional Boolean attribute that specifies whether tokens are cached. The default is true.

defaultKeyEntropyMode

Optional string attribute that specifies which random values (entropies) are used for handshake operations. Values include ClientEntropy, ServerEntropy, and CombinedEntropy, The default is CombinedEntropy. This attribute is of type SecurityKeyEntropyMode.

issuedTokenRenewalThresholdPercentage

Optional integer attribute that specifies the percentage of a valid time frame (supplied by the token issuer) that can pass before a token is renewed. Values are from 0 to 100. The default is 60, which specifies 60% of the time passes before a renewal is attempted.

issuerChannelBehaviors

Optional attribute that specifies the channel behaviors to use when communicating with the issuer.

localIssuerChannelBehaviors

Optional attribute that specifies the channel behaviors to use when communicating with the local issuer.

maxIssuedTokenCachingTime

Optional Timespan attribute that specifies the duration that issued tokens are cached when the token issuer (an STS) does not specify a time. The default is “10675199.02:48:05.4775807.”

Child Elements

Element Description

<localIssuer>

Specifies the address of the local issuer of the token and the binding used to communicate with the endpoint.

<issuerChannelBehaviors> Element

Specifies the endpoint behaviors to use when contacting a local issuer.

Parent Elements


Element Description

<clientCredentials>

Specifies the credentials used to authenticate a client to a service.

Remarks

An issued token is a custom credential type used, for example, when authenticating with a Secure Token Service (STS) in a federated scenario. By default, the token is a SAML token. For more information, see Federation and SAML.

See Also

Reference

IssuedTokenClientElement

Other Resources

Securing Services and Clients
Federation and SAML

Footer image

Send comments about this topic to Microsoft.
© Microsoft Corporation. All rights reserved.