diff --git a/x-pack/plugin/core/src/main/plugin-metadata/plugin-security.policy b/x-pack/plugin/core/src/main/plugin-metadata/plugin-security.policy
index a0cd3bc741b29..e65200e7239e6 100644
--- a/x-pack/plugin/core/src/main/plugin-metadata/plugin-security.policy
+++ b/x-pack/plugin/core/src/main/plugin-metadata/plugin-security.policy
@@ -8,6 +8,9 @@ grant {
 
   // needed for multiple server implementations used in tests
   permission java.net.SocketPermission "*", "accept,connect";
+
+  // needed because of problems in unbound LDAP library
+  permission java.util.PropertyPermission "*", "read,write";
 };
 
 grant codeBase "${codebase.netty-common}" {
diff --git a/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy b/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy
index 3756275fb2e1c..7c845af7404da 100644
--- a/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy
+++ b/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy
@@ -1,8 +1,8 @@
 grant {
   permission java.lang.RuntimePermission "setFactory";
 
-  // needed because of problems in unbound LDAP library
-  permission java.util.PropertyPermission "*", "read,write";
+  // needed for SAML
+  permission java.util.PropertyPermission "org.apache.xml.security.ignoreLineBreaks", "read,write";
 
   // needed during initialization of OpenSAML library where xml security algorithms are registered
   // see https://github.com/apache/santuario-java/blob/e79f1fe4192de73a975bc7246aee58ed0703343d/src/main/java/org/apache/xml/security/utils/JavaUtils.java#L205-L220