Share via


<add> of <allowedAudienceUris>

Adds a target Uri for which the SamlSecurityToken security token can be targeted for in order to be considered valid by a SamlSecurityTokenAuthenticator instance.

Schema Hierarchy

<system.serviceModel>
  <behaviors>
    <serviceBehaviors>
      <behavior> of <serviceBehaviors>
        <serviceCredentials>
          <issuedTokenAuthentication> of <serviceCredentials>
            <allowedAudienceUris>
              <add> of <allowedAudienceUris>

Syntax

<allowedAudienceUris> 
   <add allowedAudienceUri="String"/>
</allowedAudienceUris>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description

allowedAudienceUri

A string that contains a target Uri for which the SamlSecurityToken security token can be targeted for in order to be considered valid by a SamlSecurityTokenAuthenticator instance.

Child Elements

None.

Parent Elements

Element Description

<allowedAudienceUris>

Represents a collection of target URIs for which the SamlSecurityToken security token can be targeted for in order to be considered valid by a SamlSecurityTokenAuthenticator instance.

Remarks

You should use this collection in a federated application that utilizes a security token service (STS) that issues SamlSecurityToken security tokens. When the STS issues the security token, it can specify the URI of the Web services for which the security token is intended by adding a SamlAudienceRestrictionCondition to the security token. That allows the SamlSecurityTokenAuthenticator for the recipient Web service to verify that the issued security token is intended for this Web service by specifying that this check should happen by doing the following:

  • Set the audienceUriMode attribute of <issuedTokenAuthentication> to Always or BearerKeyOnly.

  • Specify the set of valid URIs, by adding the URIs to this collection.

For more information, see SamlSecurityTokenAuthenticator.

For more information on using this configuration element, see How To: Configure Credentials on a Federation Service.

See Also

Reference

<allowedAudienceUris>
<issuedTokenAuthentication> of <serviceCredentials>
SamlSecurityTokenAuthenticator
AllowedAudienceUris
AudienceUriMode
AllowedAudienceUris
AllowedAudienceUriElementCollection
AllowedAudienceUriElement
AllowedAudienceUris

Other Resources

Security Behaviors in Windows Communication Foundation
Securing Services and Clients
How To: Configure Credentials on a Federation Service


© 2007 Microsoft Corporation. All rights reserved.
Last Published: 2010-01-05