1 | <?xml version="1.0" encoding="US-ASCII"?> |
---|
2 | <schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config" |
---|
3 | xmlns="http://www.w3.org/2001/XMLSchema" |
---|
4 | xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config" |
---|
5 | xmlns:ds="http://www.w3.org/2000/09/xmldsig#" |
---|
6 | xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" |
---|
7 | xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" |
---|
8 | xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" |
---|
9 | elementFormDefault="qualified" |
---|
10 | attributeFormDefault="unqualified" |
---|
11 | blockDefault="substitution" |
---|
12 | version="2.4.2"> |
---|
13 | |
---|
14 | <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" /> |
---|
15 | <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/> |
---|
16 | <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/> |
---|
17 | <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/> |
---|
18 | |
---|
19 | <annotation> |
---|
20 | <documentation> |
---|
21 | 2.0 schema for XML-based configuration of Shibboleth Native SP instances. |
---|
22 | First appearing in Shibboleth 2.0 release. |
---|
23 | </documentation> |
---|
24 | </annotation> |
---|
25 | |
---|
26 | <simpleType name="string"> |
---|
27 | <restriction base="string"> |
---|
28 | <minLength value="1"/> |
---|
29 | </restriction> |
---|
30 | </simpleType> |
---|
31 | |
---|
32 | <simpleType name="listOfStrings"> |
---|
33 | <list itemType="conf:string"/> |
---|
34 | </simpleType> |
---|
35 | |
---|
36 | <simpleType name="listOfURIs"> |
---|
37 | <list itemType="anyURI"/> |
---|
38 | </simpleType> |
---|
39 | |
---|
40 | <simpleType name="bindingBoolean"> |
---|
41 | <restriction base="string"> |
---|
42 | <enumeration value="true"/> |
---|
43 | <enumeration value="false"/> |
---|
44 | <enumeration value="front"/> |
---|
45 | <enumeration value="back"/> |
---|
46 | </restriction> |
---|
47 | </simpleType> |
---|
48 | |
---|
49 | <simpleType name="relayStateLimitType"> |
---|
50 | <restriction base="string"> |
---|
51 | <enumeration value="none"/> |
---|
52 | <enumeration value="exact"/> |
---|
53 | <enumeration value="host"/> |
---|
54 | <enumeration value="whitelist"/> |
---|
55 | </restriction> |
---|
56 | </simpleType> |
---|
57 | |
---|
58 | <complexType name="PluggableType"> |
---|
59 | <sequence> |
---|
60 | <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> |
---|
61 | </sequence> |
---|
62 | <attribute name="type" type="conf:string" use="required"/> |
---|
63 | <anyAttribute namespace="##any" processContents="lax"/> |
---|
64 | </complexType> |
---|
65 | |
---|
66 | <complexType name="ExtensionsType"> |
---|
67 | <annotation> |
---|
68 | <documentation>Container for extension libraries and custom configuration</documentation> |
---|
69 | </annotation> |
---|
70 | <sequence> |
---|
71 | <element name="Library" minOccurs="0" maxOccurs="unbounded"> |
---|
72 | <complexType> |
---|
73 | <sequence> |
---|
74 | <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> |
---|
75 | </sequence> |
---|
76 | <attribute name="path" type="anyURI" use="required"/> |
---|
77 | <attribute name="fatal" type="boolean"/> |
---|
78 | <anyAttribute namespace="##any" processContents="lax"/> |
---|
79 | </complexType> |
---|
80 | </element> |
---|
81 | <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> |
---|
82 | </sequence> |
---|
83 | </complexType> |
---|
84 | |
---|
85 | <complexType name="StorageServiceType"> |
---|
86 | <annotation> |
---|
87 | <documentation>References StorageService plugins</documentation> |
---|
88 | </annotation> |
---|
89 | <complexContent> |
---|
90 | <restriction base="conf:PluggableType"> |
---|
91 | <sequence> |
---|
92 | <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> |
---|
93 | </sequence> |
---|
94 | <attribute name="id" type="ID" use="required"/> |
---|
95 | <attribute name="cleanupInterval" type="unsignedInt"/> |
---|
96 | <anyAttribute namespace="##any" processContents="lax"/> |
---|
97 | </restriction> |
---|
98 | </complexContent> |
---|
99 | </complexType> |
---|
100 | |
---|
101 | <complexType name="SessionCacheType"> |
---|
102 | <annotation> |
---|
103 | <documentation>References SessionCache plugins</documentation> |
---|
104 | </annotation> |
---|
105 | <complexContent> |
---|
106 | <restriction base="conf:PluggableType"> |
---|
107 | <sequence> |
---|
108 | <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> |
---|
109 | </sequence> |
---|
110 | <attribute name="StorageService" type="IDREF"/> |
---|
111 | <attribute name="cacheAllowance" type="unsignedInt"/> |
---|
112 | <attribute name="cacheTimeout" type="unsignedInt"/> <!-- deprecated --> |
---|
113 | <anyAttribute namespace="##any" processContents="lax"/> |
---|
114 | </restriction> |
---|
115 | </complexContent> |
---|
116 | </complexType> |
---|
117 | |
---|
118 | <complexType name="ReplayCacheType"> |
---|
119 | <annotation> |
---|
120 | <documentation>Ties ReplayCache to a custom StorageService</documentation> |
---|
121 | </annotation> |
---|
122 | <sequence/> |
---|
123 | <attribute name="StorageService" type="IDREF"/> |
---|
124 | </complexType> |
---|
125 | |
---|
126 | <complexType name="ArtifactMapType"> |
---|
127 | <annotation> |
---|
128 | <documentation>Customizes an ArtifactMap</documentation> |
---|
129 | </annotation> |
---|
130 | <sequence/> |
---|
131 | <attribute name="StorageService" type="IDREF"/> |
---|
132 | <attribute name="context" type="conf:string"/> |
---|
133 | <attribute name="artifactTTL" type="unsignedInt"/> |
---|
134 | </complexType> |
---|
135 | |
---|
136 | <complexType name="OutOfProcessType"> |
---|
137 | <annotation> |
---|
138 | <documentation>Container for out-of-process (shibd) configuration</documentation> |
---|
139 | </annotation> |
---|
140 | <sequence> |
---|
141 | <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/> |
---|
142 | <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> |
---|
143 | </sequence> |
---|
144 | <attribute name="logger" type="anyURI"/> |
---|
145 | <attribute name="catchAll" type="boolean"/> |
---|
146 | <anyAttribute namespace="##other" processContents="lax"/> |
---|
147 | </complexType> |
---|
148 | |
---|
149 | <complexType name="InProcessType"> |
---|
150 | <annotation> |
---|
151 | <documentation> |
---|
152 | Container for configuration of locally integrated or platform-specific |
---|
153 | features (e.g. web server filters) |
---|
154 | </documentation> |
---|
155 | </annotation> |
---|
156 | <sequence> |
---|
157 | <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/> |
---|
158 | <element name="ISAPI" minOccurs="0"> |
---|
159 | <complexType> |
---|
160 | <sequence> |
---|
161 | <element name="Site" maxOccurs="unbounded"> |
---|
162 | <complexType> |
---|
163 | <sequence> |
---|
164 | <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/> |
---|
165 | </sequence> |
---|
166 | <attribute name="id" type="unsignedInt" use="required"/> |
---|
167 | <attribute name="name" type="conf:string" use="required"/> |
---|
168 | <attribute name="port" type="unsignedInt"/> |
---|
169 | <attribute name="sslport" type="unsignedInt"/> |
---|
170 | <attribute name="scheme" type="conf:string"/> |
---|
171 | </complexType> |
---|
172 | </element> |
---|
173 | <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> |
---|
174 | </sequence> |
---|
175 | <attribute name="normalizeRequest" type="boolean"/> |
---|
176 | <attribute name="safeHeaderNames" type="boolean"/> |
---|
177 | <anyAttribute namespace="##other" processContents="lax"/> |
---|
178 | </complexType> |
---|
179 | </element> |
---|
180 | <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> |
---|
181 | </sequence> |
---|
182 | <attribute name="logger" type="anyURI"/> |
---|
183 | <attribute name="unsetHeaderValue" type="conf:string"/> |
---|
184 | <attribute name="checkSpoofing" type="boolean"/> |
---|
185 | <attribute name="spoofKey" type="conf:string"/> |
---|
186 | <attribute name="catchAll" type="boolean"/> |
---|
187 | <attribute name="extraAuthTypes" type="conf:listOfStrings"/> |
---|
188 | <anyAttribute namespace="##other" processContents="lax"/> |
---|
189 | </complexType> |
---|
190 | |
---|
191 | <element name="AccessControl" type="conf:UniOperatorType"> |
---|
192 | <annotation> |
---|
193 | <documentation> |
---|
194 | A simple example access policy language extension that supersedes Apache .htaccess |
---|
195 | </documentation> |
---|
196 | </annotation> |
---|
197 | </element> |
---|
198 | <complexType name="UniOperatorType"> |
---|
199 | <choice> |
---|
200 | <element name="AND" type="conf:MultiOperatorType"/> |
---|
201 | <element name="OR" type="conf:MultiOperatorType"/> |
---|
202 | <element name="NOT" type="conf:UniOperatorType"/> |
---|
203 | <element name="Rule" type="conf:RuleType"/> |
---|
204 | <element name="RuleRegex" type="conf:RuleRegexType"/> |
---|
205 | </choice> |
---|
206 | </complexType> |
---|
207 | <complexType name="MultiOperatorType"> |
---|
208 | <choice minOccurs="2" maxOccurs="unbounded"> |
---|
209 | <element name="AND" type="conf:MultiOperatorType"/> |
---|
210 | <element name="OR" type="conf:MultiOperatorType"/> |
---|
211 | <element name="NOT" type="conf:UniOperatorType"/> |
---|
212 | <element name="Rule" type="conf:RuleType"/> |
---|
213 | <element name="RuleRegex" type="conf:RuleRegexType"/> |
---|
214 | </choice> |
---|
215 | </complexType> |
---|
216 | <complexType name="RuleType"> |
---|
217 | <simpleContent> |
---|
218 | <extension base="conf:listOfStrings"> |
---|
219 | <attribute name="require" type="conf:string" use="required"/> |
---|
220 | <attribute name="list" type="boolean"/> |
---|
221 | </extension> |
---|
222 | </simpleContent> |
---|
223 | </complexType> |
---|
224 | <complexType name="RuleRegexType"> |
---|
225 | <simpleContent> |
---|
226 | <extension base="conf:string"> |
---|
227 | <attribute name="require" type="conf:string" use="required"/> |
---|
228 | <attribute name="ignoreCase" type="boolean"/> |
---|
229 | </extension> |
---|
230 | </simpleContent> |
---|
231 | </complexType> |
---|
232 | |
---|
233 | <attributeGroup name="ContentSettings"> |
---|
234 | <attribute name="applicationId" type="conf:string"/> |
---|
235 | <attribute name="authType" type="conf:string"/> |
---|
236 | <attribute name="requireSession" type="boolean"/> |
---|
237 | <attribute name="requireSessionWith" type="conf:string"/> |
---|
238 | <attribute name="exportAssertion" type="boolean"/> |
---|
239 | <attribute name="redirectToSSL" type="unsignedInt"/> |
---|
240 | <attribute name="entityID" type="anyURI"/> |
---|
241 | <attribute name="discoveryURL" type="anyURI"/> |
---|
242 | <attribute name="isPassive" type="boolean"/> |
---|
243 | <attribute name="returnOnError" type="boolean"/> |
---|
244 | <attribute name="forceAuthn" type="boolean"/> |
---|
245 | <attribute name="authnContextClassRef" type="anyURI"/> |
---|
246 | <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/> |
---|
247 | <attribute name="NameIDFormat" type="anyURI"/> |
---|
248 | <attribute name="SPNameQualifier" type="conf:string"/> |
---|
249 | <attribute name="redirectErrors" type="anyURI"/> |
---|
250 | <attribute name="sessionError" type="anyURI"/> |
---|
251 | <attribute name="metadataError" type="anyURI"/> |
---|
252 | <attribute name="accessError" type="anyURI"/> |
---|
253 | <attribute name="sslError" type="anyURI"/> |
---|
254 | <attribute name="target" type="anyURI"/> |
---|
255 | <attribute name="acsIndex" type="unsignedShort"/> |
---|
256 | <attribute name="REMOTE_ADDR" type="conf:string"/> |
---|
257 | <attribute name="encoding" type="conf:string"/> |
---|
258 | <anyAttribute namespace="##other" processContents="lax"/> |
---|
259 | </attributeGroup> |
---|
260 | |
---|
261 | <element name="RequestMap"> |
---|
262 | <annotation> |
---|
263 | <documentation> |
---|
264 | Built-in request mapping syntax, decomposes URLs into Host/Path/Path/... |
---|
265 | </documentation> |
---|
266 | </annotation> |
---|
267 | <complexType> |
---|
268 | <sequence> |
---|
269 | <choice minOccurs="0"> |
---|
270 | <element name="htaccess" type="conf:PluggableType"/> |
---|
271 | <element ref="conf:AccessControl"/> |
---|
272 | <element name="AccessControlProvider" type="conf:PluggableType"/> |
---|
273 | </choice> |
---|
274 | <choice minOccurs="0" maxOccurs="unbounded"> |
---|
275 | <element name="Host" type="conf:HostType"/> |
---|
276 | <element name="HostRegex" type="conf:HostRegexType"/> |
---|
277 | </choice> |
---|
278 | <element ref="ds:Signature" minOccurs="0"/> |
---|
279 | </sequence> |
---|
280 | <attribute name="unicodeAware" type="boolean"/> |
---|
281 | <attributeGroup ref="conf:ContentSettings"/> |
---|
282 | </complexType> |
---|
283 | </element> |
---|
284 | |
---|
285 | <complexType name="HostType"> |
---|
286 | <sequence> |
---|
287 | <choice minOccurs="0"> |
---|
288 | <element name="htaccess" type="conf:PluggableType"/> |
---|
289 | <element ref="conf:AccessControl"/> |
---|
290 | <element name="AccessControlProvider" type="conf:PluggableType"/> |
---|
291 | </choice> |
---|
292 | <choice minOccurs="0" maxOccurs="unbounded"> |
---|
293 | <element name="Path" type="conf:PathType"/> |
---|
294 | <element name="PathRegex" type="conf:PathRegexType"/> |
---|
295 | <element name="Query" type="conf:QueryType"/> |
---|
296 | </choice> |
---|
297 | </sequence> |
---|
298 | <attribute name="scheme"> |
---|
299 | <simpleType> |
---|
300 | <restriction base="conf:string"> |
---|
301 | <enumeration value="http"/> |
---|
302 | <enumeration value="https"/> |
---|
303 | <enumeration value="ftp"/> |
---|
304 | <enumeration value="ldap"/> |
---|
305 | <enumeration value="ldaps"/> |
---|
306 | </restriction> |
---|
307 | </simpleType> |
---|
308 | </attribute> |
---|
309 | <attribute name="name" type="conf:string" use="required"/> |
---|
310 | <attribute name="port" type="unsignedInt"/> |
---|
311 | <attributeGroup ref="conf:ContentSettings"/> |
---|
312 | </complexType> |
---|
313 | |
---|
314 | <complexType name="HostRegexType"> |
---|
315 | <sequence> |
---|
316 | <choice minOccurs="0"> |
---|
317 | <element name="htaccess" type="conf:PluggableType"/> |
---|
318 | <element ref="conf:AccessControl"/> |
---|
319 | <element name="AccessControlProvider" type="conf:PluggableType"/> |
---|
320 | </choice> |
---|
321 | <choice minOccurs="0" maxOccurs="unbounded"> |
---|
322 | <element name="Path" type="conf:PathType"/> |
---|
323 | <element name="PathRegex" type="conf:PathRegexType"/> |
---|
324 | <element name="Query" type="conf:QueryType"/> |
---|
325 | </choice> |
---|
326 | </sequence> |
---|
327 | <attribute name="regex" type="conf:string" use="required"/> |
---|
328 | <attribute name="ignoreCase" type="boolean"/> |
---|
329 | <attributeGroup ref="conf:ContentSettings"/> |
---|
330 | </complexType> |
---|
331 | |
---|
332 | <complexType name="PathType"> |
---|
333 | <sequence> |
---|
334 | <choice minOccurs="0"> |
---|
335 | <element name="htaccess" type="conf:PluggableType"/> |
---|
336 | <element ref="conf:AccessControl"/> |
---|
337 | <element name="AccessControlProvider" type="conf:PluggableType"/> |
---|
338 | </choice> |
---|
339 | <choice minOccurs="0" maxOccurs="unbounded"> |
---|
340 | <element name="Path" type="conf:PathType"/> |
---|
341 | <element name="PathRegex" type="conf:PathRegexType"/> |
---|
342 | <element name="Query" type="conf:QueryType"/> |
---|
343 | </choice> |
---|
344 | </sequence> |
---|
345 | <attribute name="name" type="conf:string" use="required"/> |
---|
346 | <attributeGroup ref="conf:ContentSettings"/> |
---|
347 | </complexType> |
---|
348 | |
---|
349 | <complexType name="PathRegexType"> |
---|
350 | <sequence> |
---|
351 | <choice minOccurs="0"> |
---|
352 | <element name="htaccess" type="conf:PluggableType"/> |
---|
353 | <element ref="conf:AccessControl"/> |
---|
354 | <element name="AccessControlProvider" type="conf:PluggableType"/> |
---|
355 | </choice> |
---|
356 | <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/> |
---|
357 | </sequence> |
---|
358 | <attribute name="regex" type="conf:string" use="required"/> |
---|
359 | <attribute name="ignoreCase" type="boolean"/> |
---|
360 | <attributeGroup ref="conf:ContentSettings"/> |
---|
361 | </complexType> |
---|
362 | |
---|
363 | <complexType name="QueryType"> |
---|
364 | <sequence> |
---|
365 | <choice minOccurs="0"> |
---|
366 | <element name="htaccess" type="conf:PluggableType"/> |
---|
367 | <element ref="conf:AccessControl"/> |
---|
368 | <element name="AccessControlProvider" type="conf:PluggableType"/> |
---|
369 | </choice> |
---|
370 | <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/> |
---|
371 | </sequence> |
---|
372 | <attribute name="name" type="conf:string" use="required"/> |
---|
373 | <attribute name="regex" type="conf:string"/> |
---|
374 | <attributeGroup ref="conf:ContentSettings"/> |
---|
375 | </complexType> |
---|
376 | |
---|
377 | <complexType name="ApplicationDefaultsType"> |
---|
378 | <annotation> |
---|
379 | <documentation>Container for default settings and application-specific overrides</documentation> |
---|
380 | </annotation> |
---|
381 | <sequence> |
---|
382 | <element name="Sessions" type="conf:SessionsType"/> |
---|
383 | <element name="Errors" type="conf:ErrorsType" minOccurs="0"/> |
---|
384 | <choice minOccurs="0" maxOccurs="unbounded"> |
---|
385 | <element name="RelyingParty" type="conf:RelyingPartyType"/> |
---|
386 | <element name="Notify" type="conf:NotifyType"/> |
---|
387 | <element ref="saml:Audience"/> |
---|
388 | <element name="MetadataProvider" type="conf:PluggableType"/> |
---|
389 | <element name="TrustEngine" type="conf:PluggableType"/> |
---|
390 | <element name="AttributeExtractor" type="conf:PluggableType"/> |
---|
391 | <element name="AttributeResolver" type="conf:PluggableType"/> |
---|
392 | <element name="AttributeFilter" type="conf:PluggableType"/> |
---|
393 | <element name="CredentialResolver" type="conf:PluggableType"/> |
---|
394 | <element name="ApplicationOverride" type="conf:ApplicationOverrideType"/> |
---|
395 | </choice> |
---|
396 | </sequence> |
---|
397 | <attribute name="id" type="conf:string" fixed="default"/> |
---|
398 | <attribute name="entityID" type="anyURI" use="required"/> |
---|
399 | <attribute name="policyId" type="conf:string"/> |
---|
400 | <attributeGroup ref="conf:ApplicationGroup"/> |
---|
401 | <attributeGroup ref="conf:RelyingPartyGroup"/> |
---|
402 | <anyAttribute namespace="##other" processContents="lax"/> |
---|
403 | </complexType> |
---|
404 | |
---|
405 | <complexType name="ApplicationOverrideType"> |
---|
406 | <annotation> |
---|
407 | <documentation>Container for application-specific overrides</documentation> |
---|
408 | </annotation> |
---|
409 | <sequence> |
---|
410 | <element name="Sessions" type="conf:SessionsType" minOccurs="0"/> |
---|
411 | <element name="Errors" type="conf:ErrorsType" minOccurs="0"/> |
---|
412 | <choice minOccurs="0" maxOccurs="unbounded"> |
---|
413 | <element name="RelyingParty" type="conf:RelyingPartyType"/> |
---|
414 | <element name="Notify" type="conf:NotifyType"/> |
---|
415 | <element ref="saml:Audience"/> |
---|
416 | <element name="MetadataProvider" type="conf:PluggableType"/> |
---|
417 | <element name="TrustEngine" type="conf:PluggableType"/> |
---|
418 | <element name="AttributeExtractor" type="conf:PluggableType"/> |
---|
419 | <element name="AttributeResolver" type="conf:PluggableType"/> |
---|
420 | <element name="AttributeFilter" type="conf:PluggableType"/> |
---|
421 | <element name="CredentialResolver" type="conf:PluggableType"/> |
---|
422 | </choice> |
---|
423 | </sequence> |
---|
424 | <attribute name="id" type="conf:string" use="required"/> |
---|
425 | <attribute name="entityID" type="anyURI"/> |
---|
426 | <attribute name="policyId" type="conf:string"/> |
---|
427 | <attributeGroup ref="conf:ApplicationGroup"/> |
---|
428 | <attributeGroup ref="conf:RelyingPartyGroup"/> |
---|
429 | <anyAttribute namespace="##other" processContents="lax"/> |
---|
430 | </complexType> |
---|
431 | |
---|
432 | <attributeGroup name="ApplicationGroup"> |
---|
433 | <attribute name="homeURL" type="anyURI"/> |
---|
434 | <attribute name="REMOTE_USER" type="conf:listOfStrings"/> |
---|
435 | <attribute name="unsetHeaders" type="conf:listOfStrings"/> |
---|
436 | <attribute name="metadataAttributePrefix" type="conf:string"/> |
---|
437 | <attribute name="attributePrefix" type="conf:string"/> |
---|
438 | </attributeGroup> |
---|
439 | |
---|
440 | <attributeGroup name="RelyingPartyGroup"> |
---|
441 | <attribute name="authType" type="conf:string"/> |
---|
442 | <attribute name="authUsername" type="conf:string"/> |
---|
443 | <attribute name="authPassword" type="conf:string"/> |
---|
444 | <attribute name="signing" type="conf:bindingBoolean"/> |
---|
445 | <attribute name="signingAlg" type="anyURI"/> |
---|
446 | <attribute name="digestAlg" type="anyURI"/> |
---|
447 | <attribute name="encryption" type="conf:bindingBoolean"/> |
---|
448 | <attribute name="encryptionAlg" type="anyURI"/> |
---|
449 | <attribute name="keyName" type="conf:string"/> |
---|
450 | <attribute name="artifactEndpointIndex" type="unsignedShort"/> |
---|
451 | <attribute name="chunkedEncoding" type="boolean"/> |
---|
452 | <attribute name="connectTimeout" type="unsignedShort"/> |
---|
453 | <attribute name="timeout" type="unsignedShort"/> |
---|
454 | <attribute name="requireConfidentiality" type="boolean"/> |
---|
455 | <attribute name="requireTransportAuth" type="boolean"/> |
---|
456 | <attribute name="requireSignedAssertions" type="boolean"/> |
---|
457 | </attributeGroup> |
---|
458 | |
---|
459 | <complexType name="SessionsType"> |
---|
460 | <annotation> |
---|
461 | <documentation>Container for specifying protocol handlers and session policy</documentation> |
---|
462 | </annotation> |
---|
463 | <sequence> |
---|
464 | <element name="SSO" minOccurs="0"> |
---|
465 | <complexType> |
---|
466 | <annotation> |
---|
467 | <documentation>Implicitly configures SessionInitiator and AssertionConsumerService handlers</documentation> |
---|
468 | </annotation> |
---|
469 | <simpleContent> |
---|
470 | <extension base="conf:listOfStrings"> |
---|
471 | <attribute name="discoveryProtocol" type="conf:string"/> |
---|
472 | <attribute name="discoveryURL" type="anyURI"/> |
---|
473 | <attributeGroup ref="conf:SessionInitiatorGroup"/> |
---|
474 | </extension> |
---|
475 | </simpleContent> |
---|
476 | </complexType> |
---|
477 | </element> |
---|
478 | <element name="Logout" minOccurs="0"> |
---|
479 | <complexType> |
---|
480 | <annotation> |
---|
481 | <documentation>Implicitly configures LogoutInitiator and SingleLogoutService handlers</documentation> |
---|
482 | </annotation> |
---|
483 | <simpleContent> |
---|
484 | <extension base="conf:listOfStrings"> |
---|
485 | <attributeGroup ref="conf:LogoutInitiatorGroup"/> |
---|
486 | </extension> |
---|
487 | </simpleContent> |
---|
488 | </complexType> |
---|
489 | </element> |
---|
490 | <element name="NameIDMgmt" type="conf:listOfStrings" minOccurs="0"> |
---|
491 | <annotation> |
---|
492 | <documentation>Implicitly configures ManageNameIDService handlers</documentation> |
---|
493 | </annotation> |
---|
494 | </element> |
---|
495 | <choice minOccurs="0" maxOccurs="unbounded"> |
---|
496 | <element ref="conf:SessionInitiator"/> |
---|
497 | <element ref="conf:LogoutInitiator"/> |
---|
498 | <element ref="md:AssertionConsumerService"/> |
---|
499 | <element ref="md:ArtifactResolutionService"/> |
---|
500 | <element ref="md:SingleLogoutService"/> |
---|
501 | <element ref="md:ManageNameIDService"/> |
---|
502 | <element ref="conf:Handler"/> |
---|
503 | </choice> |
---|
504 | </sequence> |
---|
505 | <attribute name="handlerURL" type="anyURI"/> |
---|
506 | <attribute name="handlerSSL" type="boolean"/> |
---|
507 | <attribute name="exportLocation" type="conf:string"/> |
---|
508 | <attribute name="exportACL" type="conf:listOfStrings"/> |
---|
509 | <attribute name="cookieName" type="conf:string"/> |
---|
510 | <attribute name="cookieProps" type="conf:string"/> |
---|
511 | <attribute name="cookieLifetime" type="unsignedInt"/> |
---|
512 | <attribute name="idpHistory" type="boolean"/> |
---|
513 | <attribute name="idpHistoryDays" type="unsignedInt"/> |
---|
514 | <attribute name="lifetime" type="unsignedInt"/> |
---|
515 | <attribute name="timeout" type="unsignedInt"/> |
---|
516 | <attribute name="maxTimeSinceAuthn" type="unsignedInt"/> |
---|
517 | <attribute name="checkAddress" type="boolean"/> |
---|
518 | <attribute name="consistentAddress" type="boolean"/> |
---|
519 | <attribute name="postData" type="conf:string"/> |
---|
520 | <attribute name="postLimit" type="positiveInteger"/> |
---|
521 | <attribute name="postTemplate" type="conf:string"/> |
---|
522 | <attribute name="postExpire" type="boolean"/> |
---|
523 | <attribute name="relayState" type="conf:string"/> |
---|
524 | <attribute name="relayStateLimit" type="conf:relayStateLimitType"/> |
---|
525 | <attribute name="relayStateWhitelist" type="conf:listOfURIs"/> |
---|
526 | <anyAttribute namespace="##other" processContents="lax"/> |
---|
527 | </complexType> |
---|
528 | |
---|
529 | <attribute name="policyId" type="conf:string"> |
---|
530 | <annotation> |
---|
531 | <documentation>Used to override Policy from profile endpoints</documentation> |
---|
532 | </annotation> |
---|
533 | </attribute> |
---|
534 | |
---|
535 | <attributeGroup name="SessionInitiatorGroup"> |
---|
536 | <annotation> |
---|
537 | <documentation>Options common to explicit and implicit SessionInitiators</documentation> |
---|
538 | </annotation> |
---|
539 | <attribute name="relayState" type="conf:string"/> |
---|
540 | <attribute name="entityIDParam" type="conf:string"/> |
---|
541 | <attribute name="entityID" type="anyURI"/> |
---|
542 | <attribute name="outgoingBindings" type="conf:listOfURIs"/> |
---|
543 | <attribute name="preservedOptions" type="conf:listOfStrings"/> |
---|
544 | <attribute name="template" type="anyURI"/> |
---|
545 | <attribute name="postArtifact" type="boolean"/> |
---|
546 | <attribute name="acsByIndex" type="boolean"/> |
---|
547 | <attribute name="isPassive" type="boolean"/> |
---|
548 | <attribute name="returnOnError" type="boolean"/> |
---|
549 | <attribute name="forceAuthn" type="boolean"/> |
---|
550 | <attribute name="authnContextClassRef" type="anyURI"/> |
---|
551 | <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/> |
---|
552 | <attribute name="NameIDFormat" type="anyURI"/> |
---|
553 | <attribute name="SPNameQualifier" type="conf:string"/> |
---|
554 | <attribute name="requestDelegation" type="boolean"/> |
---|
555 | <attribute name="target" type="anyURI"/> |
---|
556 | <anyAttribute namespace="##any" processContents="lax"/> |
---|
557 | </attributeGroup> |
---|
558 | |
---|
559 | <element name="SessionInitiator"> |
---|
560 | <annotation> |
---|
561 | <documentation>Used to specify handlers that can issue AuthnRequests or perform discovery</documentation> |
---|
562 | </annotation> |
---|
563 | <complexType> |
---|
564 | <complexContent> |
---|
565 | <restriction base="conf:PluggableType"> |
---|
566 | <sequence> |
---|
567 | <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> |
---|
568 | </sequence> |
---|
569 | <attribute name="Location" type="anyURI"/> |
---|
570 | <attribute name="id" type="conf:string"/> |
---|
571 | <attribute name="isDefault" type="boolean"/> |
---|
572 | <attribute name="URL" type="anyURI"/> |
---|
573 | <attribute name="acsIndex" type="unsignedShort"/> |
---|
574 | <attribute name="defaultACSIndex" type="unsignedShort"/> <!-- deprecated --> |
---|
575 | <attributeGroup ref="conf:SessionInitiatorGroup"/> |
---|
576 | </restriction> |
---|
577 | </complexContent> |
---|
578 | </complexType> |
---|
579 | </element> |
---|
580 | |
---|
581 | <attributeGroup name="LogoutInitiatorGroup"> |
---|
582 | <annotation> |
---|
583 | <documentation>Options common to explicit and implicit LogoutInitiators</documentation> |
---|
584 | </annotation> |
---|
585 | <attribute name="relayState" type="conf:string"/> |
---|
586 | <attribute name="outgoingBindings" type="conf:listOfURIs"/> |
---|
587 | <attribute name="template" type="anyURI"/> |
---|
588 | <attribute name="postArtifact" type="boolean"/> |
---|
589 | <anyAttribute namespace="##any" processContents="lax"/> |
---|
590 | </attributeGroup> |
---|
591 | |
---|
592 | <element name="LogoutInitiator"> |
---|
593 | <annotation> |
---|
594 | <documentation>Used to specify handlers that can issue LogoutRequests</documentation> |
---|
595 | </annotation> |
---|
596 | <complexType> |
---|
597 | <complexContent> |
---|
598 | <restriction base="conf:PluggableType"> |
---|
599 | <sequence> |
---|
600 | <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> |
---|
601 | </sequence> |
---|
602 | <attribute name="Location" type="anyURI"/> |
---|
603 | <attributeGroup ref="conf:LogoutInitiatorGroup"/> |
---|
604 | </restriction> |
---|
605 | </complexContent> |
---|
606 | </complexType> |
---|
607 | </element> |
---|
608 | |
---|
609 | <element name="Handler"> |
---|
610 | <annotation> |
---|
611 | <documentation>Used to specify custom handlers</documentation> |
---|
612 | </annotation> |
---|
613 | <complexType> |
---|
614 | <complexContent> |
---|
615 | <restriction base="conf:PluggableType"> |
---|
616 | <sequence> |
---|
617 | <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> |
---|
618 | </sequence> |
---|
619 | <attribute name="Location" type="anyURI" use="required"/> |
---|
620 | <attribute name="acl" type="conf:listOfStrings"/> |
---|
621 | <anyAttribute namespace="##any" processContents="lax"/> |
---|
622 | </restriction> |
---|
623 | </complexContent> |
---|
624 | </complexType> |
---|
625 | </element> |
---|
626 | |
---|
627 | <complexType name="ErrorsType"> |
---|
628 | <annotation> |
---|
629 | <documentation>Container for error templates and associated details</documentation> |
---|
630 | </annotation> |
---|
631 | <sequence> |
---|
632 | <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> |
---|
633 | </sequence> |
---|
634 | <attribute name="redirectErrors" type="anyURI"/> |
---|
635 | <attribute name="session" type="anyURI"/> |
---|
636 | <attribute name="metadata" type="anyURI"/> |
---|
637 | <attribute name="access" type="anyURI"/> |
---|
638 | <attribute name="ssl" type="anyURI"/> |
---|
639 | <attribute name="localLogout" type="anyURI"/> |
---|
640 | <attribute name="globalLogout" type="anyURI"/> |
---|
641 | <attribute name="partialLogout" type="anyURI"/> |
---|
642 | <attribute name="supportContact" type="conf:string"/> |
---|
643 | <attribute name="logoLocation" type="anyURI"/> |
---|
644 | <attribute name="styleSheet" type="anyURI"/> |
---|
645 | <anyAttribute namespace="##any" processContents="lax"/> |
---|
646 | </complexType> |
---|
647 | |
---|
648 | <complexType name="RelyingPartyType"> |
---|
649 | <annotation> |
---|
650 | <documentation>Container for specifying settings to use with particular peers</documentation> |
---|
651 | </annotation> |
---|
652 | <sequence/> |
---|
653 | <attribute name="Name" type="conf:string" use="required"/> |
---|
654 | <attributeGroup ref="conf:RelyingPartyGroup"/> |
---|
655 | <attribute name="entityID" type="anyURI"/> |
---|
656 | <anyAttribute namespace="##other" processContents="lax"/> |
---|
657 | </complexType> |
---|
658 | |
---|
659 | <complexType name="NotifyType"> |
---|
660 | <annotation> |
---|
661 | <documentation>Used to specify locations to receive application notifications</documentation> |
---|
662 | </annotation> |
---|
663 | <sequence/> |
---|
664 | <attribute name="Channel" use="required"> |
---|
665 | <simpleType> |
---|
666 | <restriction base="string"> |
---|
667 | <enumeration value="front"/> |
---|
668 | <enumeration value="back"/> |
---|
669 | </restriction> |
---|
670 | </simpleType> |
---|
671 | </attribute> |
---|
672 | <attribute name="Location" type="anyURI" use="required"/> |
---|
673 | <anyAttribute namespace="##any" processContents="lax"/> |
---|
674 | </complexType> |
---|
675 | |
---|
676 | <element name="SecurityPolicies"> |
---|
677 | <complexType> |
---|
678 | <annotation> |
---|
679 | <documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation> |
---|
680 | </annotation> |
---|
681 | <sequence> |
---|
682 | <element name="Policy" minOccurs="1" maxOccurs="unbounded"> |
---|
683 | <annotation> |
---|
684 | <documentation>Specifies a set of SecurityPolicyRule plugins</documentation> |
---|
685 | </annotation> |
---|
686 | <complexType> |
---|
687 | <choice> |
---|
688 | <element name="Rule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/> |
---|
689 | <element name="PolicyRule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/> |
---|
690 | </choice> |
---|
691 | <attribute name="id" type="conf:string" use="required"/> |
---|
692 | <attribute name="validate" type="boolean"/> |
---|
693 | <anyAttribute namespace="##any" processContents="lax"/> |
---|
694 | </complexType> |
---|
695 | </element> |
---|
696 | <choice minOccurs="0"> |
---|
697 | <element name="AlgorithmWhitelist" type="conf:listOfURIs"/> |
---|
698 | <element name="AlgorithmBlacklist" type="conf:listOfURIs"/> |
---|
699 | </choice> |
---|
700 | </sequence> |
---|
701 | </complexType> |
---|
702 | </element> |
---|
703 | |
---|
704 | <element name="TransportOption"> |
---|
705 | <annotation> |
---|
706 | <documentation>Implementation-specific option to pass to SOAPTransport provider.</documentation> |
---|
707 | </annotation> |
---|
708 | <complexType> |
---|
709 | <simpleContent> |
---|
710 | <extension base="anySimpleType"> |
---|
711 | <attribute name="provider" type="conf:string" use="required"/> |
---|
712 | <attribute name="option" type="conf:string" use="required"/> |
---|
713 | </extension> |
---|
714 | </simpleContent> |
---|
715 | </complexType> |
---|
716 | </element> |
---|
717 | |
---|
718 | <element name="SPConfig"> |
---|
719 | <complexType> |
---|
720 | <annotation> |
---|
721 | <documentation>Root of configuration</documentation> |
---|
722 | </annotation> |
---|
723 | <sequence> |
---|
724 | <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/> |
---|
725 | <element name="OutOfProcess" type="conf:OutOfProcessType" minOccurs="0"/> |
---|
726 | <element name="InProcess" type="conf:InProcessType" minOccurs="0"/> |
---|
727 | <choice minOccurs="0"> |
---|
728 | <element name="UnixListener"> |
---|
729 | <complexType> |
---|
730 | <attribute name="address" type="conf:string" use="required"/> |
---|
731 | <attribute name="stackSize" type="unsignedInt"/> |
---|
732 | </complexType> |
---|
733 | </element> |
---|
734 | <element name="TCPListener"> |
---|
735 | <complexType> |
---|
736 | <attribute name="address" type="conf:string" use="required"/> |
---|
737 | <attribute name="port" type="unsignedInt" use="required"/> |
---|
738 | <attribute name="acl" type="conf:listOfStrings"/> |
---|
739 | <attribute name="stackSize" type="unsignedInt"/> |
---|
740 | </complexType> |
---|
741 | </element> |
---|
742 | <element name="Listener" type="conf:PluggableType"/> |
---|
743 | </choice> |
---|
744 | <element name="StorageService" type="conf:StorageServiceType" minOccurs="0" maxOccurs="unbounded"/> |
---|
745 | <element name="SessionCache" type="conf:SessionCacheType" minOccurs="0"/> |
---|
746 | <element name="ReplayCache" type="conf:ReplayCacheType" minOccurs="0"/> |
---|
747 | <element name="ArtifactMap" type="conf:ArtifactMapType" minOccurs="0"/> |
---|
748 | <element name="RequestMapper" type="conf:PluggableType" minOccurs="0"/> |
---|
749 | <element name="ApplicationDefaults" type="conf:ApplicationDefaultsType"/> |
---|
750 | <choice> |
---|
751 | <element name="SecurityPolicyProvider" type="conf:PluggableType"/> |
---|
752 | <element ref="conf:SecurityPolicies"/> <!-- deprecated --> |
---|
753 | </choice> |
---|
754 | <element name="ProtocolProvider" type="conf:PluggableType" minOccurs="0"/> |
---|
755 | <element ref="conf:TransportOption" minOccurs="0" maxOccurs="unbounded"/> |
---|
756 | <element ref="ds:Signature" minOccurs="0"/> |
---|
757 | </sequence> |
---|
758 | <attribute name="logger" type="anyURI"/> |
---|
759 | <attribute name="clockSkew" type="unsignedInt"/> |
---|
760 | <attribute name="unsafeChars" type="conf:string"/> |
---|
761 | <attribute name="allowedSchemes" type="conf:listOfStrings"/> |
---|
762 | <anyAttribute namespace="##other" processContents="lax"/> |
---|
763 | </complexType> |
---|
764 | </element> |
---|
765 | |
---|
766 | </schema> |
---|