Key Type Enum
Specifies the type of key that is associated with a security token.
public enum class SecurityKeyType
public enum SecurityKeyType
type SecurityKeyType =
Public Enum SecurityKeyType
Specifies that the key is an asymmetric key.
Specifies that the security token does not contain a proof-of-possession key.
Specifies that the key is a symmetric key.
BearerKey field is used with the KeyType property.
BearerKey Requires Wsu:Id or Transport Security with Message Credentials
In federation scenarios, an issued token is generally configured as an endorsing supporting token for message security between a client and the relying parties. However, when a Security Token Service (STS) issues a token with no key (BearerKey), WCF configures it as a SecurityTokenAttachmentMode.SignedEncrypted supporting token (WCF cannot endorse without a key). This requires the issued token to be referenced in the signature. WCF currently uses the following:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd:Id as a reference mechanism (Wsu:Id).
If an issued token does not have such an attribute, on a client, a MessageSecurityException is thrown with the text "Element to sign must have id". This happens when a SAML 1.1 token is used as an issued token (the Wsu:Id is not defined in the SAML 1.1 specification).
To work around this situation, either use transport security with message credentials (for example, AuthenticationMode.IssuedTokenOverTransport), or an STS must add the
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd:Id (Wsu:Id) to the issued token.
Note that if the Wsu:Id is added to a SAML 1.1 token, the resulting XML does not comply to the SAML 1.1 specification. The alternative is to add a Wsu:Id to the
EncryptedData which is a result of encrypting the issued token. This procedure complies with the SAML 1.1 specification, because the
EncryptedData element supports the Wsu:Id attribute.
So to be compliant with the specification, the bearer token must be encrypted by the STS.