1 <SecurityPolicies xmlns="urn:mace:shibboleth:2.0:native:sp:config">
\r
3 <!-- Each policy defines a set of rules to use to secure messages. -->
\r
6 The predefined policy enforces replay/freshness, standard
\r
7 condition processing, and permits signing and client TLS.
\r
9 <Policy id="default" validate="false">
\r
10 <PolicyRule type="MessageFlow" checkReplay="true" expires="60"/>
\r
11 <PolicyRule type="Conditions">
\r
12 <PolicyRule type="Audience"/>
\r
13 <!-- Enable Delegation rule to permit delegated access. -->
\r
14 <!-- <PolicyRule type="Delegation"/> -->
\r
16 <PolicyRule type="ClientCertAuth" errorFatal="true"/>
\r
17 <PolicyRule type="XMLSigning" errorFatal="true"/>
\r
18 <PolicyRule type="SimpleSigning" errorFatal="true"/>
\r
22 This policy is a place-holder for use of assertions in metadata
\r
23 as a way of attaching signed information about particular IdPs.
\r
25 <Policy id="entity-attributes">
\r
26 <PolicyRule type="Conditions"/>
\r
27 <PolicyRule type="XMLSigning" errorFatal="true"/>
\r
30 <!-- Disables known weak algorithms. -->
\r
31 <AlgorithmBlacklist>
\r
32 http://www.w3.org/2001/04/xmldsig-more#md5
\r
33 http://www.w3.org/2001/04/xmldsig-more#rsa-md5
\r
34 </AlgorithmBlacklist>
\r