The <SecurityPolicies>
element is a container for one or more uniquely identified <Policy>
elements that control low-level security and profile processing performed by the SP. It also containes mechanisms to black list and white list security Alogithms
Child Elements
Name | Cardinality | Description |
---|---|---|
<Policy> | 1 or more | Security policy rules. These elements must be the first child elements. |
<AlgorithmWhitelist> | 0 or 1 | Algorithms to white-list |
<AlgorithmBlacklist> | 0 or 1 | Algorithms to black-list |
Custom security policies can be defined at the level of a specific application or protocol endpoint, but in most cases, the default policy is appropriate for all typical exchanges.
<Policy> Element
Each policy contains a variety of loosely related settings and a configurable set of "rules" that implement particular protections and peer authentication mechanisms.
Attributes
Name | Type | Default | Description |
---|---|---|---|
id | XML ID | Uniquely names this policy within the XML file. | |
validate | boolean | false | Enables or disables schema validation of XML when parsing messages at runtime. Includes all SAML and SOAP messages. |
Child Elements
Name | Cardinality | Description |
---|---|---|
<PolicyRule> | 1 or more | Security policy rules to use. |
Example
<SecurityPolicies xmlns="urn:mace:shibboleth:2.0:native:sp:config"> <Policy id="entity-attributes"> <PolicyRule type="Conditions"/> <PolicyRule type="XMLSigning" errorFatal="true"/> </Policy> <!-- Disables known weak algorithms. --> <AlgorithmBlacklist includeDefaultBlacklist="true"/> </SecurityPolicies>