# <issuedToken>

Specifies a custom token used to authenticate a client to a service.

## Syntax

<issuedToken cacheIssuedTokens="Boolean"
defaultKeyEntropyMode="ClientEntropy/ServerEntropy/CombinedEntropy"
issuedTokenRenewalThresholdPercentage = "0 to 100"
issuerChannelBehaviors="String"
localIssuerChannelBehaviors="String"
maxIssuedTokenCachingTime="TimeSpan">
</issuedToken>


## Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

### Attributes

Attribute Description
cacheIssuedTokens Optional Boolean attribute that specifies whether tokens are cached. The default is true.
defaultKeyEntropyMode Optional string attribute that specifies which random values (entropies) are used for handshake operations. Values include ClientEntropy, ServerEntropy, and CombinedEntropy, The default is CombinedEntropy. This attribute is of type SecurityKeyEntropyMode.
issuedTokenRenewalThresholdPercentage Optional integer attribute that specifies the percentage of a valid time frame (supplied by the token issuer) that can pass before a token is renewed. Values are from 0 to 100. The default is 60, which specifies 60% of the time passes before a renewal is attempted.
issuerChannelBehaviors Optional attribute that specifies the channel behaviors to use when communicating with the issuer.
localIssuerChannelBehaviors Optional attribute that specifies the channel behaviors to use when communicating with the local issuer.
maxIssuedTokenCachingTime Optional Timespan attribute that specifies the duration that issued tokens are cached when the token issuer (an STS) does not specify a time. The default is "10675199.02:48:05.4775807."

### Child Elements

Element Description
<localIssuer> Specifies the address of the local issuer of the token and the binding used to communicate with the endpoint.
<issuerChannelBehaviors> Specifies the endpoint behaviors to use when contacting a local issuer.

### Parent Elements

Element Description
<clientCredentials> Specifies the credentials used to authenticate a client to a service.

## Remarks

An issued token is a custom credential type used, for example, when authenticating with a Secure Token Service (STS) in a federated scenario. By default, the token is a SAML token. For more information, see Federation and Issued Tokens, and Federation and Issued Tokens.

This section contains the elements used to configure a local issuer of tokens, or behaviors used with an security token service. For instructions on configuring a client to use a local issuer, see How to: Configure a Local Issuer.