1 | <?xml version="1.0" encoding="UTF-8"?> |
---|
2 | |
---|
3 | <schema targetNamespace="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns="http://www.w3.org/2001/XMLSchema" |
---|
4 | xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns:afp="urn:mace:shibboleth:2.0:afp" version="2.0"> |
---|
5 | |
---|
6 | <import namespace="urn:mace:shibboleth:2.0:afp" schemaLocation="shibboleth-2.0-afp.xsd" /> |
---|
7 | |
---|
8 | <annotation> |
---|
9 | <documentation> |
---|
10 | A set of SAML specific match functions. These match functions only operate against a SAMLFilterContext. |
---|
11 | </documentation> |
---|
12 | </annotation> |
---|
13 | |
---|
14 | <complexType name="AttributeRequesterInEntityGroup"> |
---|
15 | <annotation> |
---|
16 | <documentation> |
---|
17 | A match function that evaluates to true if the attribute requester is found in metadata and is a member |
---|
18 | of the given entity group. |
---|
19 | </documentation> |
---|
20 | </annotation> |
---|
21 | <complexContent> |
---|
22 | <extension base="saml:EntityGroupMatchType" /> |
---|
23 | </complexContent> |
---|
24 | </complexType> |
---|
25 | |
---|
26 | <complexType name="AttributeIssuerInEntityGroup"> |
---|
27 | <annotation> |
---|
28 | <documentation> |
---|
29 | A match function that evaluates to true if the attribute issuer is found in metadata and is a member |
---|
30 | of the given entity group. |
---|
31 | </documentation> |
---|
32 | </annotation> |
---|
33 | <complexContent> |
---|
34 | <extension base="saml:EntityGroupMatchType" /> |
---|
35 | </complexContent> |
---|
36 | </complexType> |
---|
37 | |
---|
38 | <complexType name="EntityGroupMatchType" abstract="true"> |
---|
39 | <complexContent> |
---|
40 | <extension base="afp:MatchFunctorType"> |
---|
41 | <attribute name="groupID" type="string" use="required"> |
---|
42 | <annotation> |
---|
43 | <documentation>The entity group ID that an entity must be in.</documentation> |
---|
44 | </annotation> |
---|
45 | </attribute> |
---|
46 | </extension> |
---|
47 | </complexContent> |
---|
48 | </complexType> |
---|
49 | |
---|
50 | <complexType name="AttributeScopeMatchesShibMDScope"> |
---|
51 | <annotation> |
---|
52 | <documentation> |
---|
53 | A match function that ensures that an attribute value's scope matches a scope given in metadata for the entity or role. |
---|
54 | </documentation> |
---|
55 | </annotation> |
---|
56 | <complexContent> |
---|
57 | <extension base="afp:MatchFunctorType" /> |
---|
58 | </complexContent> |
---|
59 | </complexType> |
---|
60 | |
---|
61 | <complexType name="NameIDQualifierString"> |
---|
62 | <annotation> |
---|
63 | <documentation> |
---|
64 | A match function that ensures that a NameID-valued attribute's qualifier(s), if set, match particular values. |
---|
65 | </documentation> |
---|
66 | </annotation> |
---|
67 | <complexContent> |
---|
68 | <extension base="afp:MatchFunctorType"> |
---|
69 | <attribute name="attributeID" type="string"> |
---|
70 | <annotation> |
---|
71 | <documentation> |
---|
72 | The ID of the attribute whose qualifiers should be matched. If no attribute ID is specified the |
---|
73 | ID of the containing attribute rule is assumed. |
---|
74 | </documentation> |
---|
75 | </annotation> |
---|
76 | </attribute> |
---|
77 | <attribute name="NameQualifier" type="string"> |
---|
78 | <annotation> |
---|
79 | <documentation> |
---|
80 | A value to require in the NameQualifier field, or if omitted, require that it match the issuing IdP's entityID. |
---|
81 | </documentation> |
---|
82 | </annotation> |
---|
83 | </attribute> |
---|
84 | <attribute name="SPNameQualifier" type="string"> |
---|
85 | <annotation> |
---|
86 | <documentation> |
---|
87 | A value to require in the SPNameQualifier field, or if omitted, require that it match the SP's entityID. |
---|
88 | </documentation> |
---|
89 | </annotation> |
---|
90 | </attribute> |
---|
91 | </extension> |
---|
92 | </complexContent> |
---|
93 | </complexType> |
---|
94 | |
---|
95 | </schema> |
---|