Policy
Overview
Each <Policy>
element contains a couple of general settings and a configurable set of "rules" that implement particular protections and peer authentication mechanisms. You don't have to worry too much in general about unsafe behavior because if something disables all of the rules for authenticating a message, the system simply rejects it.
Reference
Attributes
Name | Type | Default | Description |
---|---|---|---|
id | XML ID | Uniquely names this policy within the configuration | |
validate | boolean | false | Enables or disables schema validation of XML when parsing messages at runtime. Includes all SAML and SOAP messages. |
Child Elements
Name | Cardinality | Description |
---|---|---|
<PolicyRule> | 1 or more | Security policy rules to apply |
Example
The default policy for dealing with SAML messages, in English, is:
Don't schema validate.
Check for replay, and reject messages older than 60 seconds in the past.
Honor any SAMLÂ
<Condition>
elements, including timestamps, and make sure the SP sees itself as an audience for any assertions. Reject any other conditions as unrecognized.Allow a message to be authenticated by checking for a TLS client certificate, an XML signature, and a "blob"-type signature, in that order. Anything present that can't be validated is fatal. Validation is based on the configuredÂ
<
TrustEngine
>
(s).
<Policy id="default" validate="false">
<PolicyRule type="MessageFlow" checkReplay="true" expires="60"/>
<PolicyRule type="Conditions">
<PolicyRule type="Audience"/>
<!-- Enable Delegation rule to permit delegated access. -->
<!-- <PolicyRule type="Delegation"/> -->
</PolicyRule>
<PolicyRule type="ClientCertAuth" errorFatal="true"/>
<PolicyRule type="XMLSigning" errorFatal="true"/>
<PolicyRule type="SimpleSigning" errorFatal="true"/>
</Policy>