The <SecurityPolicies> element is a container for one or more uniquely identified <Policy> elements that control low-level security and XML profile processing performed by the SP.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<Policy id="foo" validate="false">
<Rule<PolicyRule type="MessageFlow" checkReplay="true" expires="60"/>
<Rule<PolicyRule type="ClientCertAuth" errorFatal="true"/>
<Rule<PolicyRule type="XMLSigning" errorFatal="true"/>
<Rule<PolicyRule type="SimpleSigning" errorFatal="true"/>
<PolicyRule type="Conditions"/>
</Policy>
|
Attributes
id(XML ID)- Uniquely names this policy within the XML file.
validate(boolean) (defaults to false)- Enables or disables schema validation of XML when parsing messages at runtime. Includes all SAML and SOAP messages.
Child Elements
<TransportOption><Rule>(zero one or more)- A "hole" in the transport independence of the system allowing implementation-specific options to be passed into the actual SOAP client transport. Only for experts.
<Rule>- Legacy syntax for security policy rules to use. Versions of the SP prior to 2.2 used this element, which accidentally conflicted with the same named element used in the access control syntax. It remains supported, but is deprecated.
Version 2.2 and Above
<PolicyRule>(one or more)- Security policy rules to use.