SAMLv2 XACML PDP Customization

XACML PDP contains the following attributes for customization:

• Protocol Support Enumeration

• Signing Key Alias

• Encryption Key Alias

• Basic Authorization

• Authorization Decision Query Signed

• Authorization Service

Protocol Support Enumeration

Displays the XACML PDP release that is supported by this provider.

urn:liberty:iff:2003-08 refers to Liberty Identity Federation Framework Version 1.2.

urn:liberty:iff:2002-12 refers to Liberty Identity Federation Framework Version 1.1.

Signing Key Alias

Defines the key alias that is used to sign requests and responses.

Encryption Key Alias

Defines the key alias to XACML encryption.

Basic Authorization

Basic authorization can be enabled to protect SOAP endpoints. Any provider accessing these endpoints must have the user and password defined in the following two properties: User Name and Password.

Authorization Decision Query Signed

When enabled, this attribute enforces that all queries be signed for the XACML authorization decision.

Authorization Service

This attribute defines the type (binding) of the authorization request, and the URL endpoint for receiving the request. By default, the binding type is SOAP.