3.3.4.1.1.1.3 GetPolicies using On-Premise Authentication

The GetPolicies request message is sent from the client to the server to retrieve the certificate policies for enrollment.

   <wsdl:message name="IPolicy_GetPolicies_InputMessage">
     <wsdl:part name="request" element="xcep:GetPolicies"/>
   </wsdl:message>

xcep:GetPolicies: An instance of a <GetPolicies> element as specified in [MS-XCEP] section 3.1.4.1.2.1. MDE2 modifies the GetPolicies message specified in [MS-XCEP] section 3.1.4.1.1.1.

Authentication MUST be implemented for this message as specified in section 3.3. In summary, the following elements and attributes are specified in the SOAP header:

wsse:Security: The <wsse:Security> element MUST be a child of <s:Header>.

wsse:UsernameToken: The <wsse: UsernameToken> element MUST be a child of <wsse:Security> in <s:Header> for on-premise authentication.

wsse:Username: The <wsse: Username> element MUST be a child of <wsse:UsernameToken> in <s:Header> and the value specifies the user name.

wsse:UsernameToken/attributes/u:Id: The type MUST be "uuid-cc1ccc1f-2fba-4bcf-b063-ffc0cac77917-4" for on-premise authentication.

wsse:Password: The <wsse: Password> element MUST be a child of <wsse: UsernameToken> in <s:Header> and the value specifies the user password.

wsse: Password/attributes/Type: The type MUST be "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" for on-premise authentication.

The following elements with their specified values MUST be included in the SOAP body of the request message.

xcep:requestfilter: MDE2 modifies the <GetPolicies> element by setting the <requestFilter> element xsi:nil attribute to TRUE (see [MS-XCEP] section 3.1.4.1.2.1).

xcep:lastUpdate: MDE2 modifies the <GetPolicies> xcep:client attribute by setting the <Client> <lastUpdate> element xsi:nil attribute to TRUE (see [MS-XCEP] section 3.1.4.1.3.9).

xcep:preferredLanguage: MDE2 modifies the <GetPolicies> xcep:client attribute by setting the <Client> <preferredLanguage> element xsi:nil attribute to TRUE (see [MS-XCEP] section 3.1.4.1.3.9).