Table of Contents |
---|
Overview
The <SecurityPolicyProvider>
element confugures the component that guides the low-level security and XML processing performed during the runtime operation of the SP. Many different protocols and profiles can be handled by a Shibboleth SP. The various security checks that are performed can vary across and within these profiles but can generally be implemented by a common set of rules. There are also policy controls that allow certain algorithms to be turned on and off in response to vulnerabilities.
...
It's configuration is implemented as a reloadable XML resource, which means that the XML content can be supplied inline, in a local file, or a remote file, and can be monitored for changes and reloaded on the fly. The root of the XML in any of those cases MUST be a <
SecurityPolicies
>
element, either as a child element in an existing file or the root of a different file
...
It supports all of the attributes common to all reloadable configuration resources:
Include Page | ||||
---|---|---|---|---|
|
Child Elements
The following child element must be provided, either inline, or as the root element of a local or remote XML resource to load from, which would be specified via the attribute(s) above.
Name | Cardinality | Description |
---|---|---|
1 | Root element of configuration |
When a non-inline configuration is used, it supports the following child elements common to all reloadable configuration resources.
Include Page | ||||
---|---|---|---|---|
|
Example
Code Block | ||
---|---|---|
| ||
<!-- Policies that determine how to process and authenticate runtime messages. --> <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/> |
...