shibboleth-sp2-common 2.6.1+dfsg1-2 / etc / shibboleth / security-policy.xml

This file is indexed.

/etc/shibboleth/security-policy.xml is in shibboleth-sp2-common 2.6.1+dfsg1-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
<SecurityPolicies xmlns="urn:mace:shibboleth:2.0:native:sp:config">

    <!-- Each policy defines a set of rules to use to secure messages. -->

    <!--
    The predefined policy enforces replay/freshness, standard
    condition processing, and permits signing and client TLS.
    -->
    <Policy id="default" validate="false">
        <PolicyRule type="MessageFlow" checkReplay="true" expires="60"/>
        <PolicyRule type="Conditions">
            <PolicyRule type="Audience"/>
            <!-- Enable Delegation rule to permit delegated access. -->
            <!-- <PolicyRule type="Delegation"/> -->
        </PolicyRule>
        <PolicyRule type="ClientCertAuth" errorFatal="true"/>
        <PolicyRule type="XMLSigning" errorFatal="true"/>
        <PolicyRule type="SimpleSigning" errorFatal="true"/>
    </Policy>

    <!--
    This policy is a place-holder for use of assertions in metadata
    as a way of attaching signed information about particular IdPs.
    -->
    <Policy id="entity-attributes">
        <PolicyRule type="Conditions"/>
        <PolicyRule type="XMLSigning" errorFatal="true"/>
    </Policy>
    
    <!-- Disables known weak algorithms. -->
    <AlgorithmBlacklist includeDefaultBlacklist="true"/>

</SecurityPolicies>

APT Browse - Built by Thomas Orozco.