projects / shibboleth / sp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
https://issues.shibboleth.net/jira/browse/SSPCPP-396
[shibboleth/sp.git] / schemas / shibboleth-2.0-native-sp-config.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
3         xmlns="http://www.w3.org/2001/XMLSchema"
4         xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
5   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6         xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
7         xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
8         xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
9         elementFormDefault="qualified"
10         attributeFormDefault="unqualified"
11         blockDefault="substitution"
12         version="2.5">
13
14   <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
15   <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
16   <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/>
17   <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
18
19   <annotation>
20     <documentation>
21       2.0 schema for XML-based configuration of Shibboleth Native SP instances.
22       First appearing in Shibboleth 2.0 release.
23     </documentation>
24   </annotation>
25
26   <simpleType name="string">
27     <restriction base="string">
28       <minLength value="1"/>
29     </restriction>
30   </simpleType>
31
32   <simpleType name="listOfStrings">
33     <list itemType="conf:string"/>
34   </simpleType>
35
36   <simpleType name="listOfURIs">
37     <list itemType="anyURI"/>
38   </simpleType>
39
40   <simpleType name="bindingBoolean">
41     <restriction base="string">
42       <enumeration value="true"/>
43       <enumeration value="false"/>
44       <enumeration value="front"/>
45       <enumeration value="back"/>
46     </restriction>
47   </simpleType>
48
49   <simpleType name="redirectLimitType">
50     <restriction base="string">
51       <enumeration value="none"/>
52       <enumeration value="exact"/>
53       <enumeration value="host"/>
54       <enumeration value="whitelist"/>
55       <enumeration value="exact+whitelist"/>
56       <enumeration value="host+whitelist"/>
57     </restriction>
58   </simpleType>
59
60   <complexType name="PluggableType">
61     <sequence>
62       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
63     </sequence>
64     <attribute name="type" type="conf:string" use="required"/>
65     <anyAttribute namespace="##any" processContents="lax"/>
66   </complexType>
67
68   <complexType name="ExtensionsType">
69     <annotation>
70       <documentation>Container for extension libraries and custom configuration</documentation>
71     </annotation>
72     <sequence>
73       <element name="Library" minOccurs="0" maxOccurs="unbounded">
74         <complexType>
75           <sequence>
76             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
77           </sequence>
78           <attribute name="path" type="anyURI" use="required"/>
79           <attribute name="fatal" type="boolean"/>
80           <anyAttribute namespace="##any" processContents="lax"/>
81         </complexType>
82       </element>
83       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
84     </sequence>
85   </complexType>
86
87   <complexType name="StorageServiceType">
88     <annotation>
89       <documentation>References StorageService plugins</documentation>
90     </annotation>
91     <complexContent>
92       <restriction base="conf:PluggableType">
93         <sequence>
94           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
95         </sequence>
96         <attribute name="id" type="ID" use="required"/>
97         <attribute name="cleanupInterval" type="unsignedInt"/>
98         <anyAttribute namespace="##any" processContents="lax"/>
99       </restriction>
100     </complexContent>
101   </complexType>
102
103   <complexType name="SessionCacheType">
104     <annotation>
105       <documentation>References SessionCache plugins</documentation>
106     </annotation>
107     <complexContent>
108       <restriction base="conf:PluggableType">
109         <sequence>
110           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
111         </sequence>
112         <attribute name="StorageService" type="IDREF"/>
113         <attribute name="cacheAllowance" type="unsignedInt"/>
114         <attribute name="cacheTimeout" type="unsignedInt"/> <!-- deprecated -->
115         <anyAttribute namespace="##any" processContents="lax"/>
116       </restriction>
117     </complexContent>
118   </complexType>
119
120   <complexType name="ReplayCacheType">
121     <annotation>
122       <documentation>Ties ReplayCache to a custom StorageService</documentation>
123     </annotation>
124     <sequence/>
125     <attribute name="StorageService" type="IDREF"/>
126   </complexType>
127
128   <complexType name="ArtifactMapType">
129     <annotation>
130       <documentation>Customizes an ArtifactMap</documentation>
131     </annotation>
132     <sequence/>
133     <attribute name="StorageService" type="IDREF"/>
134     <attribute name="context" type="conf:string"/>
135     <attribute name="artifactTTL" type="unsignedInt"/>
136   </complexType>
137
138   <complexType name="OutOfProcessType">
139     <annotation>
140       <documentation>Container for out-of-process (shibd) configuration</documentation>
141     </annotation>
142     <sequence>
143       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
144       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
145     </sequence>
146     <attribute name="logger" type="anyURI"/>
147     <attribute name="tranLogFormat" type="conf:string"/>
148     <attribute name="tranLogFiller" type="conf:string"/>
149     <attribute name="catchAll" type="boolean"/>
150     <anyAttribute namespace="##other" processContents="lax"/>
151   </complexType>
152
153   <complexType name="InProcessType">
154     <annotation>
155       <documentation>
156         Container for configuration of locally integrated or platform-specific
157         features (e.g. web server filters)
158       </documentation>
159     </annotation>
160     <sequence>
161       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
162       <element name="ISAPI" minOccurs="0">
163         <complexType>
164           <sequence>
165             <element name="Site" maxOccurs="unbounded">
166               <complexType>
167                 <sequence>
168                   <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
169                 </sequence>
170                 <attribute name="id" type="unsignedInt" use="required"/>
171                 <attribute name="name" type="conf:string" use="required"/>
172                 <attribute name="port" type="unsignedInt"/>
173                 <attribute name="sslport" type="unsignedInt"/>
174                 <attribute name="scheme" type="conf:string"/>
175               </complexType>
176             </element>
177             <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
178           </sequence>
179           <attribute name="normalizeRequest" type="boolean"/>
180           <attribute name="safeHeaderNames" type="boolean"/>
181           <anyAttribute namespace="##other" processContents="lax"/>
182         </complexType>
183       </element>
184       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
185     </sequence>
186     <attribute name="logger" type="anyURI"/>
187     <attribute name="unsetHeaderValue" type="conf:string"/>
188     <attribute name="checkSpoofing" type="boolean"/>
189     <attribute name="spoofKey" type="conf:string"/>
190     <attribute name="catchAll" type="boolean"/>
191     <attribute name="extraAuthTypes" type="conf:listOfStrings"/>
192     <anyAttribute namespace="##other" processContents="lax"/>
193   </complexType>
194
195   <element name="AccessControl" type="conf:UniOperatorType">
196     <annotation>
197       <documentation>
198         A simple example access policy language extension that supersedes Apache .htaccess
199       </documentation>
200     </annotation>
201   </element>
202   <complexType name="UniOperatorType">
203     <choice>
204       <element name="AND" type="conf:MultiOperatorType"/>
205       <element name="OR" type="conf:MultiOperatorType"/>
206       <element name="NOT" type="conf:UniOperatorType"/>
207       <element name="Rule" type="conf:RuleType"/>
208       <element name="RuleRegex" type="conf:RuleRegexType"/>
209     </choice>
210   </complexType>
211   <complexType name="MultiOperatorType">
212     <choice minOccurs="2" maxOccurs="unbounded">
213       <element name="AND" type="conf:MultiOperatorType"/>
214       <element name="OR" type="conf:MultiOperatorType"/>
215       <element name="NOT" type="conf:UniOperatorType"/>
216       <element name="Rule" type="conf:RuleType"/>
217       <element name="RuleRegex" type="conf:RuleRegexType"/>
218     </choice>
219   </complexType>
220   <complexType name="RuleType">
221     <simpleContent>
222       <extension base="conf:listOfStrings">
223         <attribute name="require" type="conf:string" use="required"/>
224         <attribute name="list" type="boolean"/>
225       </extension>
226     </simpleContent>
227   </complexType>
228   <complexType name="RuleRegexType">
229     <simpleContent>
230       <extension base="conf:string">
231         <attribute name="require" type="conf:string" use="required"/>
232         <attribute name="ignoreCase" type="boolean"/>
233       </extension>
234     </simpleContent>
235   </complexType>
236
237   <attributeGroup name="ContentSettings">
238     <attribute name="applicationId" type="conf:string"/>
239     <attribute name="authType" type="conf:string"/>
240     <attribute name="requireSession" type="boolean"/>
241     <attribute name="requireSessionWith" type="conf:string"/>
242     <attribute name="requireLogoutWith" type="anyURI"/>
243     <attribute name="exportAssertion" type="boolean"/>
244     <attribute name="exportStdVars" type="boolean"/>
245     <attribute name="exportCookie" type="boolean"/>
246     <attribute name="redirectToSSL" type="unsignedInt"/>
247     <attribute name="entityID" type="anyURI"/>
248     <attribute name="discoveryURL" type="anyURI"/>
249     <attribute name="discoveryPolicy" type="conf:string"/>
250     <attribute name="isPassive" type="boolean"/>
251     <attribute name="returnOnError" type="boolean"/>
252     <attribute name="forceAuthn" type="boolean"/>
253     <attribute name="authnContextClassRef" type="conf:listOfURIs"/>
254     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
255     <attribute name="NameIDFormat" type="anyURI"/>
256     <attribute name="SPNameQualifier" type="conf:string"/>
257     <attribute name="redirectErrors" type="anyURI"/>
258     <attribute name="sessionError" type="anyURI"/>
259     <attribute name="metadataError" type="anyURI"/>
260     <attribute name="accessError" type="anyURI"/>
261     <attribute name="sslError" type="anyURI"/>
262     <attribute name="target" type="anyURI"/>
263     <attribute name="acsIndex" type="unsignedShort"/>
264     <attribute name="REMOTE_ADDR" type="conf:string"/>
265     <attribute name="encoding" type="conf:string"/>
266     <anyAttribute namespace="##other" processContents="lax"/>
267   </attributeGroup>
268
269   <element name="RequestMap">
270     <annotation>
271       <documentation>
272         Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
273       </documentation>
274     </annotation>
275     <complexType>
276       <sequence>
277         <choice minOccurs="0">
278           <element name="htaccess" type="conf:PluggableType"/>
279           <element ref="conf:AccessControl"/>
280           <element name="AccessControlProvider" type="conf:PluggableType"/>
281         </choice>
282         <choice minOccurs="0" maxOccurs="unbounded">
283           <element name="Host" type="conf:HostType"/>
284           <element name="HostRegex" type="conf:HostRegexType"/>
285         </choice>
286         <element ref="ds:Signature" minOccurs="0"/>
287       </sequence>
288       <attribute name="unicodeAware" type="boolean"/>
289       <attributeGroup ref="conf:ContentSettings"/>
290     </complexType>
291   </element>
292
293   <complexType name="HostType">
294     <sequence>
295       <choice minOccurs="0">
296         <element name="htaccess" type="conf:PluggableType"/>
297         <element ref="conf:AccessControl"/>
298         <element name="AccessControlProvider" type="conf:PluggableType"/>
299       </choice>
300       <choice minOccurs="0" maxOccurs="unbounded">
301         <element name="Path" type="conf:PathType"/>
302         <element name="PathRegex" type="conf:PathRegexType"/>
303         <element name="Query" type="conf:QueryType"/>
304       </choice>
305     </sequence>
306     <attribute name="scheme">
307       <simpleType>
308         <restriction base="conf:string">
309           <enumeration value="http"/>
310           <enumeration value="https"/>
311           <enumeration value="ftp"/>
312           <enumeration value="ldap"/>
313           <enumeration value="ldaps"/>
314         </restriction>
315       </simpleType>
316     </attribute>
317     <attribute name="name" type="conf:string" use="required"/>
318     <attribute name="port" type="unsignedInt"/>
319     <attributeGroup ref="conf:ContentSettings"/>
320   </complexType>
321
322   <complexType name="HostRegexType">
323     <sequence>
324       <choice minOccurs="0">
325         <element name="htaccess" type="conf:PluggableType"/>
326         <element ref="conf:AccessControl"/>
327         <element name="AccessControlProvider" type="conf:PluggableType"/>
328       </choice>
329       <choice minOccurs="0" maxOccurs="unbounded">
330         <element name="Path" type="conf:PathType"/>
331         <element name="PathRegex" type="conf:PathRegexType"/>
332         <element name="Query" type="conf:QueryType"/>
333       </choice>
334     </sequence>
335     <attribute name="regex" type="conf:string" use="required"/>
336     <attribute name="ignoreCase" type="boolean"/>
337     <attributeGroup ref="conf:ContentSettings"/>
338   </complexType>
339
340   <complexType name="PathType">
341     <sequence>
342       <choice minOccurs="0">
343         <element name="htaccess" type="conf:PluggableType"/>
344         <element ref="conf:AccessControl"/>
345         <element name="AccessControlProvider" type="conf:PluggableType"/>
346       </choice>
347       <choice minOccurs="0" maxOccurs="unbounded">
348         <element name="Path" type="conf:PathType"/>
349         <element name="PathRegex" type="conf:PathRegexType"/>
350         <element name="Query" type="conf:QueryType"/>
351       </choice>
352     </sequence>
353     <attribute name="name" type="conf:string" use="required"/>
354     <attributeGroup ref="conf:ContentSettings"/>
355   </complexType>
356
357   <complexType name="PathRegexType">
358     <sequence>
359       <choice minOccurs="0">
360         <element name="htaccess" type="conf:PluggableType"/>
361         <element ref="conf:AccessControl"/>
362         <element name="AccessControlProvider" type="conf:PluggableType"/>
363       </choice>
364       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
365     </sequence>
366     <attribute name="regex" type="conf:string" use="required"/>
367     <attribute name="ignoreCase" type="boolean"/>
368     <attributeGroup ref="conf:ContentSettings"/>
369   </complexType>
370
371   <complexType name="QueryType">
372     <sequence>
373       <choice minOccurs="0">
374         <element name="htaccess" type="conf:PluggableType"/>
375         <element ref="conf:AccessControl"/>
376         <element name="AccessControlProvider" type="conf:PluggableType"/>
377       </choice>
378       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
379     </sequence>
380     <attribute name="name" type="conf:string" use="required"/>
381     <attribute name="regex" type="conf:string"/>
382     <attributeGroup ref="conf:ContentSettings"/>
383   </complexType>
384
385   <complexType name="ApplicationDefaultsType">
386     <annotation>
387       <documentation>Container for default settings and application-specific overrides</documentation>
388     </annotation>
389     <sequence>
390       <element name="Sessions" type="conf:SessionsType"/>
391       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
392       <choice minOccurs="0" maxOccurs="unbounded">
393         <element name="RelyingParty" type="conf:RelyingPartyType"/>
394         <element name="Notify" type="conf:NotifyType"/>
395         <element ref="saml:Audience"/>
396         <element name="MetadataProvider" type="conf:PluggableType"/>
397         <element name="TrustEngine" type="conf:PluggableType"/>
398         <element name="AttributeExtractor" type="conf:PluggableType"/>
399         <element name="AttributeResolver" type="conf:PluggableType"/>
400         <element name="AttributeFilter" type="conf:PluggableType"/>
401         <element name="CredentialResolver" type="conf:PluggableType"/>
402         <element name="ApplicationOverride" type="conf:ApplicationOverrideType"/>
403       </choice>
404     </sequence>
405     <attribute name="id" type="conf:string" fixed="default"/>
406     <attribute name="entityID" type="anyURI" use="required"/>
407     <attributeGroup ref="conf:ApplicationGroup"/>
408     <attributeGroup ref="conf:RelyingPartyGroup"/>
409     <anyAttribute namespace="##other" processContents="lax"/>
410   </complexType>
411
412   <complexType name="ApplicationOverrideType">
413     <annotation>
414       <documentation>Container for application-specific overrides</documentation>
415     </annotation>
416     <sequence>
417       <element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
418       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
419       <choice minOccurs="0" maxOccurs="unbounded">
420         <element name="RelyingParty" type="conf:RelyingPartyType"/>
421         <element name="Notify" type="conf:NotifyType"/>
422         <element ref="saml:Audience"/>
423         <element name="MetadataProvider" type="conf:PluggableType"/>
424         <element name="TrustEngine" type="conf:PluggableType"/>
425         <element name="AttributeExtractor" type="conf:PluggableType"/>
426         <element name="AttributeResolver" type="conf:PluggableType"/>
427         <element name="AttributeFilter" type="conf:PluggableType"/>
428         <element name="CredentialResolver" type="conf:PluggableType"/>
429       </choice>
430     </sequence>
431     <attribute name="id" type="conf:string" use="required"/>
432     <attribute name="entityID" type="anyURI"/>
433     <attributeGroup ref="conf:ApplicationGroup"/>
434     <attributeGroup ref="conf:RelyingPartyGroup"/>
435     <anyAttribute namespace="##other" processContents="lax"/>
436   </complexType>
437
438   <attributeGroup name="ApplicationGroup">
439     <attribute name="homeURL" type="anyURI"/>
440     <attribute name="policyId" type="conf:string"/>
441     <attribute name="REMOTE_USER" type="conf:listOfStrings"/>
442     <attribute name="unsetHeaders" type="conf:listOfStrings"/>
443     <attribute name="metadataAttributePrefix" type="conf:string"/>
444     <attribute name="attributePrefix" type="conf:string"/>
445     <attribute name="requireAuthenticatedCipher" type="boolean"/>
446   </attributeGroup>
447
448   <attributeGroup name="RelyingPartyGroup">
449     <attribute name="authType" type="conf:string"/>
450     <attribute name="authUsername" type="conf:string"/>
451     <attribute name="authPassword" type="conf:string"/>
452     <attribute name="signing" type="conf:bindingBoolean"/>
453     <attribute name="signingAlg" type="anyURI"/>
454     <attribute name="digestAlg" type="anyURI"/>
455     <attribute name="encryption" type="conf:bindingBoolean"/>
456     <attribute name="encryptionAlg" type="anyURI"/>
457     <attribute name="keyName" type="conf:string"/>
458     <attribute name="artifactEndpointIndex" type="unsignedShort"/>
459     <attribute name="chunkedEncoding" type="boolean"/>
460     <attribute name="connectTimeout" type="unsignedShort"/>
461     <attribute name="timeout" type="unsignedShort"/>
462     <attribute name="requireConfidentiality" type="boolean"/>
463     <attribute name="requireTransportAuth" type="boolean"/>
464     <attribute name="requireSignedAssertions" type="boolean"/>
465     <attribute name="sessionHook" type="anyURI"/>
466   </attributeGroup>
467     
468   <complexType name="SessionsType">
469     <annotation>
470       <documentation>Container for specifying protocol handlers and session policy</documentation>
471     </annotation>
472     <sequence>
473       <element name="SSO" minOccurs="0">
474         <complexType>
475           <annotation>
476             <documentation>Implicitly configures SessionInitiator and AssertionConsumerService handlers</documentation>
477           </annotation>
478           <simpleContent>
479             <extension base="conf:listOfStrings">
480               <attribute name="discoveryProtocol" type="conf:string"/>
481               <attribute name="discoveryURL" type="anyURI"/>
482               <attributeGroup ref="conf:SessionInitiatorGroup"/>
483             </extension>
484           </simpleContent>
485         </complexType>
486       </element>
487       <element name="Logout" minOccurs="0">
488         <complexType>
489           <annotation>
490             <documentation>Implicitly configures LogoutInitiator and SingleLogoutService handlers</documentation>
491           </annotation>
492           <simpleContent>
493             <extension base="conf:listOfStrings">
494               <attributeGroup ref="conf:LogoutInitiatorGroup"/>
495             </extension>
496           </simpleContent>
497         </complexType>
498       </element>
499       <element name="NameIDMgmt" type="conf:listOfStrings" minOccurs="0">
500         <annotation>
501           <documentation>Implicitly configures ManageNameIDService handlers</documentation>
502         </annotation>
503       </element>
504       <choice minOccurs="0" maxOccurs="unbounded">
505         <element ref="conf:SessionInitiator"/>
506         <element ref="conf:LogoutInitiator"/>
507         <element ref="md:AssertionConsumerService"/>
508         <element ref="md:ArtifactResolutionService"/>
509         <element ref="md:SingleLogoutService"/>
510         <element ref="md:ManageNameIDService"/>
511         <element ref="conf:Handler"/>
512       </choice>
513     </sequence>
514     <attribute name="handlerURL" type="anyURI"/>
515     <attribute name="handlerSSL" type="boolean"/>
516     <attribute name="exportLocation" type="conf:string"/>
517     <attribute name="exportACL" type="conf:listOfStrings"/>
518     <attribute name="cookieName" type="conf:string"/>
519     <attribute name="cookieProps" type="conf:string"/>
520     <attribute name="cookieLifetime" type="unsignedInt"/>
521     <attribute name="idpHistory" type="boolean"/>
522     <attribute name="idpHistoryDays" type="unsignedInt"/>
523     <attribute name="lifetime" type="unsignedInt"/>
524     <attribute name="timeout" type="unsignedInt"/>
525     <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>
526     <attribute name="checkAddress" type="boolean"/>
527     <attribute name="consistentAddress" type="boolean"/>
528     <attribute name="postData" type="conf:string"/>
529     <attribute name="postLimit" type="positiveInteger"/>
530     <attribute name="postTemplate" type="conf:string"/>
531     <attribute name="postExpire" type="boolean"/>
532     <attribute name="relayState" type="conf:string"/>
533     <attribute name="relayStateLimit" type="conf:redirectLimitType"/>
534     <attribute name="relayStateWhitelist" type="conf:listOfURIs"/>
535     <attribute name="redirectLimit" type="conf:redirectLimitType"/>
536     <attribute name="redirectWhitelist" type="conf:listOfURIs"/>
537     <anyAttribute namespace="##other" processContents="lax"/>
538   </complexType>
539
540   <attribute name="policyId" type="conf:string">
541     <annotation>
542       <documentation>Used to override Policy from profile endpoints</documentation>
543     </annotation>
544   </attribute>
545
546   <attributeGroup name="SessionInitiatorGroup">
547     <annotation>
548       <documentation>Options common to explicit and implicit SessionInitiators</documentation>
549     </annotation>
550     <attribute name="relayState" type="conf:string"/>
551     <attribute name="entityIDParam" type="conf:string"/>
552     <attribute name="entityID" type="anyURI"/>
553     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
554     <attribute name="preservedOptions" type="conf:listOfStrings"/>
555     <attribute name="template" type="anyURI"/>
556     <attribute name="postArtifact" type="boolean"/>
557     <attribute name="acsByIndex" type="boolean"/>
558     <attribute name="isPassive" type="boolean"/>
559     <attribute name="returnOnError" type="boolean"/>
560     <attribute name="forceAuthn" type="boolean"/>
561     <attribute name="authnContextClassRef" type="anyURI"/>
562     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
563     <attribute name="NameIDFormat" type="anyURI"/>
564     <attribute name="SPNameQualifier" type="conf:string"/>
565     <attribute name="requestDelegation" type="boolean"/>
566     <attribute name="target" type="anyURI"/>
567     <attribute name="discoveryPolicy" type="conf:string"/>
568     <anyAttribute namespace="##any" processContents="lax"/>
569   </attributeGroup>
570
571   <element name="SessionInitiator">
572     <annotation>
573       <documentation>Used to specify handlers that can issue AuthnRequests or perform discovery</documentation>
574     </annotation>
575     <complexType>
576       <complexContent>
577         <restriction base="conf:PluggableType">
578           <sequence>
579             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
580           </sequence>
581           <attribute name="Location" type="anyURI"/>
582           <attribute name="id" type="conf:string"/>
583           <attribute name="isDefault" type="boolean"/>
584           <attribute name="URL" type="anyURI"/>
585           <attribute name="acsIndex" type="unsignedShort"/>
586           <attribute name="defaultACSIndex" type="unsignedShort"/>  <!-- deprecated -->
587           <attributeGroup ref="conf:SessionInitiatorGroup"/>
588         </restriction>
589       </complexContent>
590     </complexType>
591   </element>
592
593   <attributeGroup name="LogoutInitiatorGroup">
594     <annotation>
595       <documentation>Options common to explicit and implicit LogoutInitiators</documentation>
596     </annotation>
597     <attribute name="relayState" type="conf:string"/>
598     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
599     <attribute name="template" type="anyURI"/>
600     <attribute name="postArtifact" type="boolean"/>
601     <anyAttribute namespace="##any" processContents="lax"/>
602   </attributeGroup>
603
604   <element name="LogoutInitiator">
605     <annotation>
606       <documentation>Used to specify handlers that can issue LogoutRequests</documentation>
607     </annotation>
608     <complexType>
609       <complexContent>
610         <restriction base="conf:PluggableType">
611           <sequence>
612             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
613           </sequence>
614           <attribute name="Location" type="anyURI"/>
615           <attributeGroup ref="conf:LogoutInitiatorGroup"/>
616         </restriction>
617       </complexContent>
618     </complexType>
619   </element>
620
621   <element name="Handler">
622     <annotation>
623       <documentation>Used to specify custom handlers</documentation>
624     </annotation>
625     <complexType>
626       <complexContent>
627         <restriction base="conf:PluggableType">
628           <sequence>
629             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
630           </sequence>
631           <attribute name="Location" type="anyURI" use="required"/>
632           <attribute name="acl" type="conf:listOfStrings"/>
633           <anyAttribute namespace="##any" processContents="lax"/>
634         </restriction>
635       </complexContent>
636     </complexType>
637   </element>
638
639   <complexType name="ErrorsType">
640     <annotation>
641       <documentation>Container for error templates and associated details</documentation>
642     </annotation>
643     <sequence>
644       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
645     </sequence>
646     <attribute name="redirectErrors" type="anyURI"/>
647     <attribute name="session" type="anyURI"/>
648     <attribute name="metadata" type="anyURI"/>
649     <attribute name="access" type="anyURI"/>
650     <attribute name="ssl" type="anyURI"/>
651     <attribute name="localLogout" type="anyURI"/>
652     <attribute name="globalLogout" type="anyURI"/>
653     <attribute name="partialLogout" type="anyURI"/>
654     <attribute name="supportContact" type="conf:string"/>
655     <attribute name="logoLocation" type="anyURI"/>
656     <attribute name="helpLocation" type="anyURI"/>
657     <attribute name="styleSheet" type="anyURI"/>
658     <anyAttribute namespace="##any" processContents="lax"/>
659   </complexType>
660
661   <complexType name="RelyingPartyType">
662     <annotation>
663       <documentation>Container for specifying settings to use with particular peers</documentation>
664     </annotation>
665     <sequence>
666       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
667     </sequence>
668     <attribute name="Name" type="conf:string"/>
669     <attribute name="type" type="conf:string"/>
670     <attributeGroup ref="conf:RelyingPartyGroup"/>
671     <attribute name="entityID" type="anyURI"/>
672     <anyAttribute namespace="##any" processContents="lax"/>
673   </complexType>
674
675   <complexType name="NotifyType">
676     <annotation>
677       <documentation>Used to specify locations to receive application notifications</documentation>
678     </annotation>
679     <sequence/>
680     <attribute name="Channel" use="required">
681       <simpleType>
682         <restriction base="string">
683           <enumeration value="front"/>
684           <enumeration value="back"/>
685         </restriction>
686       </simpleType>
687     </attribute>
688     <attribute name="Location" type="anyURI" use="required"/>
689     <anyAttribute namespace="##any" processContents="lax"/>
690   </complexType>
691
692   <element name="SecurityPolicies">
693     <complexType>
694       <annotation>
695         <documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>
696       </annotation>
697       <sequence>
698         <element name="Policy" minOccurs="1" maxOccurs="unbounded">
699           <annotation>
700             <documentation>Specifies a set of SecurityPolicyRule plugins</documentation>
701           </annotation>
702           <complexType>
703             <choice>
704               <element name="Rule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
705               <element name="PolicyRule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
706             </choice>
707             <attribute name="id" type="conf:string" use="required"/>
708             <attribute name="validate" type="boolean"/>
709             <anyAttribute namespace="##any" processContents="lax"/>
710           </complexType>
711         </element>
712         <choice minOccurs="0">
713           <element name="AlgorithmWhitelist" type="conf:listOfURIs"/>
714           <element name="AlgorithmBlacklist" type="conf:listOfURIs"/>
715         </choice>
716       </sequence>
717     </complexType>
718   </element>
719
720   <element name="TransportOption">
721     <annotation>
722       <documentation>Implementation-specific option to pass to SOAPTransport provider.</documentation>
723     </annotation>
724     <complexType>
725       <simpleContent>
726         <extension base="anySimpleType">
727           <attribute name="provider" type="conf:string" use="required"/>
728           <attribute name="option" type="conf:string" use="required"/>
729         </extension>
730       </simpleContent>
731     </complexType>
732   </element>
733
734   <element name="SPConfig">
735     <complexType>
736       <annotation>
737         <documentation>Root of configuration</documentation>
738       </annotation>
739       <sequence>
740         <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
741         <element name="OutOfProcess" type="conf:OutOfProcessType" minOccurs="0"/>
742         <element name="InProcess" type="conf:InProcessType" minOccurs="0"/>
743         <choice minOccurs="0">
744           <element name="UnixListener">
745             <complexType>
746               <attribute name="address" type="conf:string" use="required"/>
747               <attribute name="stackSize" type="unsignedInt"/>
748             </complexType>
749           </element>
750           <element name="TCPListener">
751             <complexType>
752               <attribute name="address" type="conf:string" use="required"/>
753               <attribute name="port" type="unsignedInt" use="required"/>
754               <attribute name="acl" type="conf:listOfStrings"/>
755               <attribute name="stackSize" type="unsignedInt"/>
756             </complexType>
757           </element>
758           <element name="Listener" type="conf:PluggableType"/>
759         </choice>
760         <element name="StorageService" type="conf:StorageServiceType" minOccurs="0" maxOccurs="unbounded"/>
761         <element name="SessionCache" type="conf:SessionCacheType" minOccurs="0"/>
762         <element name="ReplayCache" type="conf:ReplayCacheType" minOccurs="0"/>
763         <element name="ArtifactMap" type="conf:ArtifactMapType" minOccurs="0"/>
764         <element name="RequestMapper" type="conf:PluggableType" minOccurs="0"/>
765         <element name="ApplicationDefaults" type="conf:ApplicationDefaultsType"/>
766         <choice>
767           <element name="SecurityPolicyProvider" type="conf:PluggableType"/>
768           <element ref="conf:SecurityPolicies"/> <!-- deprecated -->
769         </choice>
770         <element name="ProtocolProvider" type="conf:PluggableType" minOccurs="0"/>
771         <element ref="conf:TransportOption" minOccurs="0" maxOccurs="unbounded"/>
772         <element ref="ds:Signature" minOccurs="0"/>
773       </sequence>
774       <attribute name="logger" type="anyURI"/>
775       <attribute name="clockSkew" type="unsignedInt"/>
776       <attribute name="unsafeChars" type="conf:string"/>
777       <attribute name="allowedSchemes" type="conf:listOfStrings"/>
778       <attribute name="langFromClient" type="boolean"/>
779       <attribute name="langPriority" type="conf:listOfStrings"/>
780       <attribute name="contactPriority" type="conf:listOfStrings"/>
781       <anyAttribute namespace="##other" processContents="lax"/>
782     </complexType>
783   </element>
784
785 </schema>
Shibboleth SP