For one of our client certificates, we are facing the following error:
<164>Jun 2 15:03xxxxxxxx SSG[645]: WARNING com.l7tech.external.assertions.xmlsec.server.ServerNonSoapVerifyElementAssertion: request_id=00000194f91ce281-4fd9af4: Api=XXXXXXXXXXXXXX.com [/samlsp*]: 4: Unable to verify elements(s): Certificate key usage or extended key usage disallowed by key usage enforcement policy for activity: verifyXml.  Exception caught! 

The error should be resolved by customizing the Cluster Wide Property pkix.keyUsagePolicy. But doing so, there should be no changes to the other clients or other gateway policy behaviors.

What are the details of the default enforcement policy delivered with the Gateway?

There's a desire to add the following rule to the default enforcement policy delivered with the Gateway:
<permit action="verifyXml"><req>1.3.6.1.5.5.7.3.2</req></permit>

This should permit our client certificate that contains a "critical" extendedKeyUsage value of "1.3.6.1.5.5.7.3.2" for verifyXml action.