<message> element of <ws2007FederationHttpBinding>
Defines settings for the message-level security for the <ws2007FederationHttpBinding> element.
<configuration>
<system.serviceModel>
<bindings>
<ws2007FederationHttpBinding>
<binding>
<security>
<message>
Syntax
<ws2007FederationBinding>
<binding>
<security>
<message algorithmSuite="Basic128/Basic192/Basic256/Basic128Rsa15/Basic256Rsa15/TripleDes/TripleDesRsa15/Basic128Sha256/Basic192Sha256/TripleDesSha256/Basic128Sha256Rsa15/Basic192Sha256Rsa15/Basic256Sha256Rsa15/TripleDesSha256Rsa15"
issuedTokenType="string"
issuedKeyType="SymmetricKey/PublicKey"
negotiateServiceCredential="Boolean">
<claimTypeRequirements>
<add claimType="URI"
isOptional="Boolean" />
</claimTypeRequirements>
<issuer address="Uri">
<headers>
<add name="String"
namespace="String" />
</headers>
<identity>
<certificate encodedValue="String" />
<certificateReference findValue="String"
isChainIncluded="Boolean"
storeName="AddressBook/AuthRoot/CertificateAuthority/Disallowed/My/Root/TrustedPeople/TrustedPublisher"
storeLocation="LocalMachine/CurrentUser"
x509FindType="System.Security.Cryptography.X509certificates.X509findtype" />
<dns value="String" />
<rsa value="String" />
<servicePrincipalName value="String" />
<usePrincipalName value="String" />
</identity>
</issuer>
<issuerMetadata address="String">
<headers>
<add name="String"
namespace="String" />
</headers>
<identity>
<certificate encodedValue="String" />
<certificateReference findValue="String"
isChainIncluded="Boolean"
storeName="AddressBook/AuthRoot/CertificateAuthority/Disallowed/My/Root/TrustedPeople/TrustedPublisher"
storeLocation="LocalMachine/CurrentUser"
X509FindType="System.Security.Cryptography.X509certificates.X509findtype" />
<dns value="String" />
<rsa value="String" />
<servicePrincipalName value="String" />
<usePrincipalName value="String" />
</identity>
</issuerMetadata>
<tokenRequestParameters>
<xmlElement>
</xmlElement>
</tokenRequestParameters>
</message>
</security>
</binding>
</ws2007FederationBinding>
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
| Attribute | Description |
|---|---|
algorithmSuite |
Optional. Sets the message encryption, signature, and key-wrap algorithms. The algorithms and the key sizes are determined by the SecurityAlgorithmSuite class. These algorithms map to those specified in the Security Policy Language (WS-SecurityPolicy) specification. See the following table for possible values. The default value is Basic256. |
issuedKeyType |
Specifies the type of key to be issued. Valid values include the following: - SymmetricKey - PublicKey - BearerKey The default is SymmetricKey. This attribute is of type SecurityKeyType. |
issuedTokenType |
A URI that specifies the type of token to be issued. The default is null. |
negotiateServiceCredential |
A value that specifies whether the service credential should be exchanged as part of negotiation or is available out of band. The default is true, which means that the service credential is negotiated. |
algorithmSuite Attribute
| Value | Description |
|---|---|
| Basic128 | Use Aes128 encryption, Sha1 for message digest, and Rsa-oaep-mgf1p for key wrap. |
| Basic192 | Use Aes192 encryption, Sha1 for message digest, Rsa-oaep-mgf1p for key wrap. |
| Basic256 | Use Aes256 encryption, Sha1 for message digest, Rsa-oaep-mgf1p for key wrap. |
| Basic256Rsa15 | Use Aes256 for message encryption, Sha1 for message digest and Rsa15 for key wrap. |
| Basic192Rsa15 | Use Aes192 for message encryption, Sha1 for message digest and Rsa15 for key wrap. |
| TripleDes | Use TripleDes encryption, Sha1 for message digest, Rsa-oaep-mgf1p for key wrap. |
| Basic128Rsa15 | Use Aes128 for message encryption, Sha1 for message digest and Rsa15 for key wrap. |
| TripleDesRsa15 | Use TripleDes encryption, Sha1 for message digest and Rsa15 for key wrap. |
| Basic128Sha256 | Use Aes256 for message encryption, Sha256 for message digest and Rsa-oaep-mgf1p for key wrap. |
| Basic192Sha256 | Use Aes192 for message encryption, Sha256 for message digest and Rsa-oaep-mgf1p for key wrap. |
| Basic256Sha256 | Use Aes256 for message encryption, Sha256 for message digest and Rsa-oaep-mgf1p for key wrap. |
| TripleDesSha256 | Use TripleDes for message encryption, Sha256 for message digest and Rsa-oaep-mgf1p for key wrap. |
| Basic128Sha256Rsa15 | Use Aes128 for message encryption, Sha256 for message digest and Rsa15 for key wrap. |
| Basic192Sha256Rsa15 | Use Aes192 for message encryption, Sha256 for message digest and Rsa15 for key wrap. |
| Basic256Sha256Rsa15 | Use Aes256 for message encryption, Sha256 for message digest and Rsa15 for key wrap. |
| TripleDesSha256Rsa15 | Use TripleDes for message encryption, Sha256 for message digest and Rsa15 for key wrap. |
Child Elements
| Element | Description |
|---|---|
| <claimTypeRequirements> | Specifies a collection of claim types for this binding. Each element is of type ClaimTypeElement. |
| <issuer> | Specifies an endpoint that issues a security token. This element is of type IssuedTokenParametersEndpointAddressElement. |
| <issuerMetadata> | Specifies the endpoint address of the issuer. |
| <tokenRequestParameters> | A collection of token request parameters. Each parameter is an XML element. |
Parent Elements
| Element | Description |
|---|---|
| <security> | Defines the security settings for a binding. |
See also
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for