1 <?xml version="1.0" encoding="UTF-8"?>
2 <schema xmlns="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns:afp="urn:mace:shibboleth:2.0:afp" targetNamespace="urn:mace:shibboleth:2.0:afp:mf:saml" elementFormDefault="qualified">
4 <import namespace="urn:mace:shibboleth:2.0:afp" schemaLocation="classpath:/schema/shibboleth-2.0-afp.xsd" />
8 A set of SAML specific match functions. These match functions only operate against a
13 <complexType name="AttributeIssuerEntityAttributeExactMatch">
16 A match function that checks if the attribute issuer contains an entity attribute with the
21 <extension base="saml:EntityAttributeExactMatchType"/>
25 <complexType name="AttributeRequesterEntityAttributeExactMatch">
28 A match function that checks if the attribute requester contains an entity attribute with the
33 <extension base="saml:EntityAttributeExactMatchType"/>
37 <complexType name="EntityAttributeExactMatchType" abstract="true">
39 <extension base="afp:MatchFunctorType">
40 <attribute name="attributeName" type="string" use="required">
42 <documentation>The name of the entity attribute to match.</documentation>
45 <attribute name="attributeNameFormat" type="string" use="optional">
47 <documentation>The name format of the entity attribute to match.</documentation>
50 <attribute name="attributeValue" type="string" use="required">
52 <documentation>The value of the entity attribute to match.</documentation>
59 <complexType name="AttributeIssuerEntityAttributeRegexMatch">
62 A match function that checks if the attribute issuer contains an entity attribute with a
63 value that matches the given regular expression.
67 <extension base="saml:EntityAttributeRegexMatchType"/>
71 <complexType name="AttributeRequesterEntityAttributeRegexMatch">
74 A match function that checks if the attribute requester contains an entity attribute with a
75 value that matches the given regular expression.
79 <extension base="saml:EntityAttributeRegexMatchType"/>
83 <complexType name="EntityAttributeRegexMatchType" abstract="true">
85 <extension base="afp:MatchFunctorType">
86 <attribute name="attributeName" type="string" use="required">
88 <documentation>The name of the entity attribute to match.</documentation>
91 <attribute name="attributeNameFormat" type="string" use="optional">
93 <documentation>The name format of the entity attribute to match.</documentation>
96 <attribute name="attributeValueRegex" type="string" use="required">
98 <documentation>The regular expression that must match the value of the entity attribute to
99 match.</documentation>
106 <complexType name="AttributeIssuerNameIDFormatExactMatch">
109 A match function that evaluates to true if the attribute issuer supports a specified
114 <extension base="saml:NameIDFormatExactMatchType"/>
118 <complexType name="AttributeRequesterNameIDFormatExactMatch">
121 A match function that evaluates to true if the attribute requester supports a specified
126 <extension base="saml:NameIDFormatExactMatchType"/>
130 <complexType name="NameIDFormatExactMatchType" abstract="true">
132 <extension base="afp:MatchFunctorType">
133 <attribute name="nameIdFormat" type="string" use="required">
135 <documentation>The NameID format that needs to be supported by the entity.</documentation>
142 <complexType name="AttributeRequesterInEntityGroup">
145 A match function that evaluates to true if the attribute requester is found in metadata and is a member
146 of the given entity group.
150 <extension base="saml:EntityGroupMatchType" />
154 <complexType name="AttributeIssuerInEntityGroup">
157 A match function that evaluates to true if the attribute issuer is found in metadata and is a member
158 of the given entity group.
162 <extension base="saml:EntityGroupMatchType" />
166 <complexType name="EntityGroupMatchType" abstract="true">
168 <extension base="afp:MatchFunctorType">
169 <attribute name="groupID" type="string" use="required">
171 <documentation>The entity group ID that an entity must be in.</documentation>
178 <complexType name="AttributeScopeMatchesShibMDScope">
181 A match function that ensures that an attribute value's scope matches a scope given in metadata for the entity or role.
185 <extension base="afp:MatchFunctorType" />
189 <complexType name="NameIDQualifierString">
192 A match function that ensures that a NameID-valued attribute's qualifier(s), if set, match particular values.
196 <extension base="afp:MatchFunctorType">
197 <attribute name="attributeID" type="string">
200 The ID of the attribute whose qualifiers should be matched. If no attribute ID is specified the
201 ID of the containing attribute rule is assumed.
205 <attribute name="NameQualifier" type="string">
208 A value to require in the NameQualifier field, or if omitted, require that it match the issuing IdP's entityID.
212 <attribute name="SPNameQualifier" type="string">
215 A value to require in the SPNameQualifier field, or if omitted, require that it match the SP's entityID.
223 <complexType name="AttributeIssuerEntityMatcher">
226 A match function that checks if the attribute issuer matches pluggable criteria.
230 <extension base="saml:EntityMatcherType"/>
234 <complexType name="AttributeRequesterEntityMatcher">
237 A match function that checks if the attribute requester matches pluggable criteria.
241 <extension base="saml:EntityMatcherType"/>
245 <complexType name="EntityMatcherType" abstract="true">
247 <extension base="afp:MatchFunctorType">
249 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
251 <attribute name="matcher" type="string" use="required">
254 The type of plugin to apply as a matching mechanism.
258 <anyAttribute namespace="##any" processContents="lax"/>