1 <?xml version="1.0" encoding="UTF-8"?>
2 <schema targetNamespace="urn:mace:shibboleth:2.0:attribute-map"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:am="urn:mace:shibboleth:2.0:attribute-map"
5 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6 elementFormDefault="qualified"
9 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
13 This schema maps SAML attributes into Shibboleth internal attributes.
17 <simpleType name="string">
18 <restriction base="string">
19 <minLength value="1"/>
23 <simpleType name="anyURI">
24 <restriction base="anyURI">
25 <minLength value="1"/>
29 <simpleType name="listOfStrings">
30 <list itemType="am:string"/>
33 <complexType name="PluggableType">
35 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
37 <attribute name="type" type="am:string" use="required"/>
38 <anyAttribute namespace="##any" processContents="lax"/>
41 <element name="GSSAPIContext" type="base64Binary">
43 <documentation>A wrapper element for GSS-API contexts.</documentation>
47 <element name="GSSAPIName" type="base64Binary">
49 <documentation>A wrapper element for GSS-API composite names.</documentation>
53 <element name="Attributes">
55 <documentation>The set of SAML or GSS-API attribute mappings.</documentation>
59 <element name="MetadataProvider" type="am:PluggableType" minOccurs="0"/>
60 <element name="TrustEngine" type="am:PluggableType" minOccurs="0"/>
61 <element name="AttributeFilter" type="am:PluggableType" minOccurs="0"/>
62 <choice maxOccurs="unbounded">
63 <element name="Attribute" type="am:AttributeType"/>
64 <element name="GSSAPIAttribute" type="am:GSSAPIAttributeType"/>
66 <element ref="ds:Signature" minOccurs="0"/>
68 <attribute name="metadataAttributeCaching" type="boolean"/>
69 <attribute name="metadataPolicyId" type="am:string"/>
73 <complexType name="AttributeType">
75 <documentation>Rule for mapping a SAML attribute to an internal attribute.</documentation>
78 <element name="AttributeDecoder" type="am:AttributeDecoderType" minOccurs="0"/>
80 <attribute name="id" type="am:string" use="required">
82 <documentation>The internal attribute ID to which this SAML attribute maps.</documentation>
85 <attribute name="aliases" type="am:listOfStrings">
87 <documentation>Optional aliases for the internal attribute to which this SAML attribute maps.</documentation>
90 <attribute name="name" type="am:string" use="required">
92 <documentation>The SAML 1 AttributeName or SAML 2 Name of the attribute.</documentation>
95 <attribute name="nameFormat" type="am:string">
97 <documentation>The SAML 1 Namespace or SAML 2 NameFormat of the attribute.</documentation>
100 <attribute name="isRequested" type="boolean">
102 <documentation>Marks an attribute as requested by the service.</documentation>
105 <attribute name="isRequired" type="boolean">
107 <documentation>Marks an attribute as required by the service.</documentation>
112 <complexType name="GSSAPIAttributeType">
114 <documentation>Rule for mapping a GSS-API naming attribute to an internal attribute.</documentation>
116 <attribute name="id" type="am:string" use="required">
118 <documentation>The internal attribute ID to which this SAML attribute maps.</documentation>
121 <attribute name="aliases" type="am:listOfStrings">
123 <documentation>Optional aliases for the internal attribute to which this SAML attribute maps.</documentation>
126 <attribute name="name" type="am:string" use="required">
128 <documentation>The name of the naming attribute.</documentation>
131 <attribute name="authenticated" type="boolean">
133 <documentation>If true, only an authenticated GSS-API naming attribute will be mapped.</documentation>
136 <attribute name="binary" type="boolean">
138 <documentation>If true, the GSS-API naming attribute will be base64-encoded for internal use.</documentation>
141 <attribute name="scopeDelimiter" type="am:string">
144 The character(s) used to delimit the scoped information from the scope.
150 <complexType name="AttributeDecoderType" abstract="true">
153 Decodes a SAML attribute into its Shibboleth-internal representation.
156 <attribute name="caseSensitive" type="boolean">
159 Flag controlling case sensitivity when comparisons to the attribute's values are done.
163 <attribute name="internal" type="boolean">
166 Flag controlling whether the resulting attribute should be exported for CGI use.
170 <attribute name="langAware" type="boolean">
173 Flag controlling whether the decoder should select only the best matching value by language.
177 <attribute name="hashAlg" type="am:string">
180 Crypto-provider-specific name of hash algorithm to use,
181 turning the decoded result into a simple string.
187 <complexType name="StringAttributeDecoder">
190 Decoder for attributes with string values.
194 <extension base="am:AttributeDecoderType" />
198 <complexType name="ScopedAttributeDecoder">
201 Decoder for attributes with scoped values.
205 <extension base="am:AttributeDecoderType">
206 <attribute name="scopeDelimiter" type="am:string">
209 The character(s) used to delimit the scoped information from the scope.
217 <complexType name="NameIDAttributeDecoder">
220 Decoder for attributes with NameID values.
224 <extension base="am:AttributeDecoderType">
225 <attribute name="formatter" type="am:string">
228 The pattern used to generate string versions of the attribute's values.
232 <attribute name="defaultQualifiers" type="boolean">
235 Flag controlling whether to default in values for NameQualifier/SPNameQualifier if not set.
243 <complexType name="NameIDFromScopedAttributeDecoder">
246 Decoder for attributes with scoped values that produces a NameID attribute with
247 the scope dropped and the NameQualifiers defaulted.
251 <extension base="am:ScopedAttributeDecoder">
252 <attribute name="format" type="am:anyURI">
255 Value to use as the NameID Format.
259 <attribute name="defaultQualifiers" type="boolean">
262 Flag controlling whether to default in values for NameQualifier/SPNameQualifier if not set.
266 <attribute name="formatter" type="am:string">
269 The pattern used to generate string versions of the attribute's values.
277 <complexType name="KeyInfoAttributeDecoder">
280 Decoder for attributes with ds:KeyInfo values.
284 <extension base="am:AttributeDecoderType">
286 <element name="KeyInfoResolver" type="am:PluggableType" minOccurs="0"/>
288 <attribute name="hash" type="boolean">
291 Flag controlling whether to hash keys before base64-encoding them.
295 <attribute name="keyInfoHashAlg" type="am:string">
298 Crypto-provider-specific name of hash algorithm to use.
306 <complexType name="XMLAttributeDecoder">
309 Decoder for directly serializing XML values.
313 <extension base="am:AttributeDecoderType"/>
317 <complexType name="DOMAttributeDecoder">
320 Decoder for extracting information from XML values.
324 <extension base="am:AttributeDecoderType">
326 <element name="Mapping" minOccurs="0">
328 <documentation>Optional transform to turn qualified XML names into string names.</documentation>
331 <attribute name="from" type="QName" use="required"/>
332 <attribute name="to" type="am:string" use="required"/>
336 <attribute name="formatter" type="am:string">
339 The pattern used to generate strings from the XML.
347 <complexType name="Base64AttributeDecoder">
350 Decoder for attributes with base64-encoded string values.
354 <extension base="am:AttributeDecoderType" />