The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

The <SecurityPolicies> element is a container for one or more uniquely identified <Policy> elements that control low-level security and XML processing performed by the SP.

Custom security policies can be defined at the level of a specific application or protocol endpoint, but in most cases, the default policy is appropriate for all typical exchanges.

<Policy>

Each policy contains a variety of loosely related settings and a configurable set of "rules" that implement particular protections and peer authentication mechanisms.

<Policy id="foo" validate="false">
    <Rule type="MessageFlow" checkReplay="true" expires="60"/>
    <Rule type="ClientCertAuth" errorFatal="true"/>
    <Rule type="XMLSigning" errorFatal="true"/>
    <Rule type="SimpleSigning" errorFatal="true"/>
</Policy>

Attributes

  • id (XML ID)
    • Uniquely names this policy within the XML file.
  • validate (boolean) (defaults to false)
    • Enables or disables schema validation of XML when parsing messages at runtime. Includes all SAML and SOAP messages.

Child Elements

  • <Rule> (one or more)
    • Security policy rules to use.
  • No labels