1 <SecurityPolicies xmlns="urn:mace:shibboleth:2.0:native:sp:config">
3 <!-- Each policy defines a set of rules to use to secure messages. -->
6 The predefined policy enforces replay/freshness, standard
7 condition processing, and permits signing and client TLS.
9 <Policy id="default" validate="false">
10 <PolicyRule type="MessageFlow" checkReplay="true" expires="60"/>
11 <PolicyRule type="Conditions">
12 <PolicyRule type="Audience"/>
13 <!-- Enable Delegation rule to permit delegated access. -->
14 <!-- <PolicyRule type="Delegation"/> -->
16 <PolicyRule type="ClientCertAuth" errorFatal="true"/>
17 <PolicyRule type="XMLSigning" errorFatal="true"/>
18 <PolicyRule type="SimpleSigning" errorFatal="true"/>
22 This policy is a place-holder for use of assertions in metadata
23 as a way of attaching signed information about particular IdPs.
25 <Policy id="entity-attributes">
26 <PolicyRule type="Conditions"/>
27 <PolicyRule type="XMLSigning" errorFatal="true"/>
30 <!-- Disables known weak algorithms. -->
31 <AlgorithmBlacklist includeDefaultBlacklist="true"/>