<samlSecurityTokenRequirement>
Provides configuration for the SamlSecurityTokenHandler class, the Saml2SecurityTokenHandler class, or a derived class of either of these classes. Represented by the SamlSecurityTokenRequirement class.
<configuration>
<system.identityModel>
<identityConfiguration>
<securityTokenHandlers>
<add>
<samlSecurityTokenRequirement>
Syntax
<system.identityModel>
<identityConfiguration>
<securityTokenHandlers>
<add>
<samlSecurityTokenRequirement
issuerCertificateValidationMode="None||ChainTrust||PeerTrust||PeerOrChainTrust||Custom"
issuerCertificateRevocationMode="NoCheck||Offline||Online"
issuerCertificateTrustedStoreLocation="CurrentLocation||LocalMachine"
issuerCertificateValidator="Namespace.Class Assembly"
mapToWindows=xs:boolean
<nameClaimType value=xs:string />
<roleClaimType value=xs:string />
</samlSecurityTokenRequirement>
</add>
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
| Attribute | Description |
|---|---|
| mapToWindows | Specifies whether the token handler should map the validating token to a Windows account by using the incoming UPN claim. The default is "false". |
| issuerCertificateRevocationMode | An X509RevocationMode value that specifies the revocation mode to use for the X.509 certificate. The default value is "Online". |
| issuerCertificateValidationMode | An X509CertificateValidationMode value that specifies the validation mode to use for the X.509 certificate. The default value is "PeerOrChainTrust". |
| issuerCertificateTrustedStoreLocation | A StoreLocation value that specifies the X.509 certificate store. The default value is "LocalMachine". |
| issuerCertificateValidator | A custom type that derives from X509CertificateValidator. If the issuerCertificateValidationMode attribute is "Custom", an instance of this type is used for issuer certificate validation. |
Child Elements
| Element | Description |
|---|---|
| <nameClaimType> | Sets the claim type that specifies the Name property. |
| <roleClaimType> | Specifies the claim type that defines the role type claims in the collection of ClaimsIdentity objects returned by the ValidateToken method of the token handler. |
Parent Elements
| Element | Description |
|---|---|
| <add> | Adds the specified security token handler to the token handler collection. |
Remarks
The <samlSecurityTokenRequirement> element is represented by the SamlSecurityTokenRequirement class in the object model and is used to configure the SamlSecurityTokenRequirement property on a SamlSecurityTokenHandler or a Saml2SecurityTokenHandler.
Example
<add type="System.IdentityModel.Tokens.SamlSecurityTokenHandler, System.IdentityModel">
<samlSecurityTokenRequirement issuerCertificateValidationMode="PeerOrChainTrust"
issuerCertificateRevocationMode="Online"
issuerCertificateTrustedStoreLocation="LocalMachine"
mapToWindows="false">
<nameClaimType value="https://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" />
<roleClaimType value="schemas.microsoft.com/ws/2006/04/identity/claims/role" />
</samlSecurityTokenRequirement>
</add>