<SubjectName> Element
Specifies the subject name for a security token.
<policyDocument> Element
<policies> Element
<Policy> Element (WSE for Microsoft .NET) (1)
<Confidentiality> Element
<KeyInfo> Element (WSE for Microsoft .NET) (1)
<SecurityToken> Element
<Claims> Element
<policyDocument> Element
<policies> Element
<Policy> Element (WSE for Microsoft .NET) (1)
<Integrity> Element
<TokenInfo> Element
<SecurityToken> Element
<Claims> Element
<SubjectName MatchType>TheSecurityTokenSubjectName</SubjectName>
Attributes and Elements
Attributes
Attribute | Description |
---|---|
MatchType |
Optional attribute. Specifies the algorithm used to match the value of the <SubjectName> Element element and the user name portion of a UsernameToken. The default value is wsse:Prefix. |
Child Elements
None
Parent Elements
Element | Description |
---|---|
Specifies requirements that are specific to a security token type. |
Text Value
A text value is required. The text value is the subject name for a security token.
Remarks
The <SubjectName> element can be used to specify the subject name when the value of the <TokenType> Element element represents a UsernameToken, X509SecurityToken, or KerberosToken.
Note
When the <SubjectName> element is used to specify the subject name for an X.509 certificate, the value of the element is formatted differently than what appears in the Microsoft Management Console (MMC). The value that must be placed in the <SubjectName> element maps to the Subject field that appears on the Details tab of the Certificates Snap-in within MMC. If you copy the value of the Subject field from the MMC, the value has to be reversed prior to placement in the <SubjectName> element. For example, if the value of the Subject field is CN=WSE2QuickStartServer, O=Coho Winery, L=Woodinville, S=WA, C=US
, then the value that must be added to the <SubjectName> element is: C=US, S=WA, L=Woodinville, O=Contoso, CN=Coho Winery
.
Example
The following code example defines the policy-5218e068-d399-4ad3-a014-9461df97209c
policy assertion that requires that the <Body> element, timestamp header, and all addressing headers must be signed by using a KerberosSecurityToken that has the subject name EXAMPLE\someone
.
<?xml version="1.0" encoding="utf-8"?>
<policyDocument xmlns="https://schemas.microsoft.com/wse/2003/06/Policy">
<mappings xmlns:wse="https://schemas.microsoft.com/wse/2002/12/Policy">
<defaultEndpoint>
</defaultOperation>
<request policy="#policy-5218e068-d399-4ad3-a014-9461df97209c" />
<response policy="" />
<fault policy="" />
</defaultOperation>
</defaultEndpoint>
</mappings>
<policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wse="https://schemas.microsoft.com/wse/2003/06/Policy"
xmlns:wsa="https://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wssp="https://schemas.xmlsoap.org/ws/2002/12/secext"
xmlns:wsp="https://schemas.xmlsoap.org/ws/2002/12/policy"
xmlns:wssc="https://schemas.xmlsoap.org/ws/2004/04/sc"
xmlns:rp="https://schemas.xmlsoap.org/rp">
<wsp:Policy xmlns:wsp="https://schemas.xmlsoap.org/ws/2002/12/policy"
wsu:Id="policy-5218e068-d399-4ad3-a014-9461df97209c">
<wssp:Integrity wsp:Usage="wsp:Required" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wssp:TokenInfo>
<wssp:SecurityToken>
<wssp:TokenType xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">https://schemas.xmlsoap.org/ws/2003/12/kerberos/Kerberosv5ST</wssp:TokenType>
<wssp:Claims>
<wssp:SubjectName>EXAMPLE\someone</wssp:SubjectName>
</wssp:Claims>
</wssp:SecurityToken>
</wssp:TokenInfo>
<wssp:MessageParts Dialect="https://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wse:Timestamp() wse:Addressing()</wssp:MessageParts>
</wssp:Integrity>
</wsp:Policy>
</policies>
</policyDocument>