The <SecurityPolicies> element is a container for one or more uniquely identified <Policy> elements that control low-level security and profile processing performed by the SP. It also containes mechanisms to black list and white list security Alogithms
Child Elements
Name | Cardinality | Description |
|---|---|---|
<Policy> | 1 or more | Security policy rules. These elements must be the first child elements. |
<AlgorithmWhitelist> | 0 or 1 | Algorithms to white-list |
<AlgorithmBlacklist> | 0 or 1 | Algorithms to black-list |
Custom security policies can be defined at the level of a specific application or protocol endpoint, but in most cases, the default policy is appropriate for all typical exchanges.
<Policy> Element
Each policy contains a variety of loosely related settings and a configurable set of "rules" that implement particular protections and peer authentication mechanisms.
Attributes
Name | Type | Default | Description |
|---|---|---|---|
id | XML ID | Uniquely names this policy within the XML file. | |
validate | boolean | false | Enables or disables schema validation of XML when parsing messages at runtime. Includes all SAML and SOAP messages. |
Child Elements
Name | Cardinality | Description |
|---|---|---|
<PolicyRule> | 1 or more | Security policy rules to use. |
Example
<SecurityPolicies xmlns="urn:mace:shibboleth:2.0:native:sp:config">
<Policy id="entity-attributes">
<PolicyRule type="Conditions"/>
<PolicyRule type="XMLSigning" errorFatal="true"/>
</Policy>
<!-- Disables known weak algorithms. -->
<AlgorithmBlacklist includeDefaultBlacklist="true"/>
</SecurityPolicies>