3.3.4.1.1.1.3 GetPolicies using On-Premise Authentication
The GetPolicies request message is sent from the client to the server to retrieve the certificate policies for enrollment.
-
<wsdl:message name="IPolicy_GetPolicies_InputMessage"> <wsdl:part name="request" element="xcep:GetPolicies"/> </wsdl:message>
xcep:GetPolicies: An instance of a <GetPolicies> element as specified in [MS-XCEP] section 3.1.4.1.2.1. MDE2 modifies the GetPolicies message specified in [MS-XCEP] section 3.1.4.1.1.1.
Authentication MUST be implemented for this message as specified in section 3.3. In summary, the following elements and attributes are specified in the SOAP header:
wsse:Security: The <wsse:Security> element MUST be a child of <s:Header>.
wsse:UsernameToken: The <wsse: UsernameToken> element MUST be a child of <wsse:Security> in <s:Header> for on-premise authentication.
wsse:Username: The <wsse: Username> element MUST be a child of <wsse:UsernameToken> in <s:Header> and the value specifies the user name.
wsse:UsernameToken/attributes/u:Id: The type MUST be
"uuid-cc1ccc1f-2fba-4bcf-b063-ffc0cac77917-4" for on-premise
authentication.
wsse:Password: The <wsse: Password> element MUST be a child of <wsse: UsernameToken> in <s:Header> and the value specifies the user password.
wsse: Password/attributes/Type: The type MUST be
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
for on-premise authentication.
The following elements with their specified values MUST be included in the SOAP body of the request message.
xcep:requestfilter: MDE2 modifies the <GetPolicies> element by setting the <requestFilter> element xsi:nil attribute to TRUE (see [MS-XCEP] section 3.1.4.1.2.1).
xcep:lastUpdate: MDE2 modifies the <GetPolicies> xcep:client attribute by setting the <Client> <lastUpdate> element xsi:nil attribute to TRUE (see [MS-XCEP] section 3.1.4.1.3.9).
xcep:preferredLanguage: MDE2 modifies the <GetPolicies> xcep:client attribute by setting the <Client> <preferredLanguage> element xsi:nil attribute to TRUE (see [MS-XCEP] section 3.1.4.1.3.9).