This configuration file allows explicit registration of relying parties. This might be neccessary when the general security policy allows know relying parties only. But this is also useful when you want to specify encryption certificates or reply to addresses manually. Configuration values in the relying party configuration always take precedence over request parameters like the endpoint identity or replyTo values.
Here's an example of relyingParty.config that demonstrates various features:
<relyingParties>
<!-- registers a realm (and all unspecified sub-realms)
-->
<add
name="Local StarterRP"
realm="http://roadie/StarterRP/">
<certificate
findValue="586A267558EA22012A68A9774426EB3FF9995AC2"
x509FindType="FindByThumbprint"
storeLocation="LocalMachine"
storeName="My" />
</add>
<!-- registers a specific sub-realm (and all unspecified
sub-realms) -->
<add
name="Local StarterRP (known subrealm for testing)"
realm="http://roadie/StarterRP/knownsubrealm">
<certificate
findValue="586A267558EA22012A68A9774426EB3FF9995AC2"
x509FindType="FindByThumbprint"
storeLocation="LocalMachine"
storeName="My" />
</add>
<!-- registers a realm with no encryption (needs
requireEncryption = false) -->
<add
name="Local StarterRP (no encryption for testing)"
realm="http://roadie/noencryption" />
<!-- registers a realm with a specific replyTo value and a
file based encryption certificate -->
<add
name="ADFS2 VM Instance"
realm=http://dc.leastprivilege.vm/adfs/services/trust
replyTo="https://dc.leastprivilege.vm/adfs/ls/">
<certificate
filename="dc.leastprivilege.vm.cer"
/>
</add>
</relyingParties>