The <SecurityPolicies>
element is a container for one or more uniquely identified <Policy>
elements that control low-level security and XML processing performed by the SP.
Custom security policies can be defined at the level of a specific application or protocol endpoint, but in most cases, the default policy is appropriate for all typical exchanges.
<Policy>
Each policy contains a variety of loosely related settings and a configurable set of "rules" that implement particular protections and peer authentication mechanisms.
<Policy id="foo" validate="false"> <Rule type="MessageFlow" checkReplay="true" expires="60"/> <Rule type="ClientCertAuth" errorFatal="true"/> <Rule type="XMLSigning" errorFatal="true"/> <Rule type="SimpleSigning" errorFatal="true"/> </Policy>
Attributes
id
(XML ID)- Uniquely names this policy within the XML file.
validate
(boolean) (defaults to false)- Enables or disables schema validation of XML when parsing messages at runtime. Includes all SAML and SOAP messages.
Child Elements
<TransportOption>
(zero or more)- A "hole" in the transport independence of the system allowing implementation-specific options to be passed into the actual SOAP client transport. Only for experts.
<Rule>
(one or more)- Security policy rules to use.