1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:target:config:1.0"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:conf="urn:mace:shibboleth:target:config:1.0"
5 xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
6 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
7 elementFormDefault="qualified"
8 attributeFormDefault="unqualified"
9 blockDefault="substitution"
12 <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
13 <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
17 1.0 schema for XML-based configuration of Shibboleth target libraries and modules.
18 First appearing in Shibboleth 1.2 release.
22 <complexType name="PluggableType">
24 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
26 <attribute name="type" type="string" use="required"/>
27 <attribute name="uri" type="anyURI" use="optional"/>
28 <anyAttribute namespace="##any" processContents="lax"/>
31 <element name="ShibbolethTargetConfig" type="conf:SPConfigType"/>
32 <element name="SPConfig" type="conf:SPConfigType"/>
33 <complexType name="SPConfigType">
35 <documentation>Root element of configuration file</documentation>
38 <element ref="conf:Extensions" minOccurs="0"/>
39 <choice minOccurs="0">
40 <element name="OutOfProcess" type="conf:GlobalConfigurationType"/>
41 <element name="Global" type="conf:GlobalConfigurationType"/>
42 <element name="SHAR" type="conf:GlobalConfigurationType"/>
44 <choice minOccurs="0">
45 <element name="InProcess" type="conf:LocalConfigurationType"/>
46 <element name="Local" type="conf:LocalConfigurationType"/>
47 <element name="SHIRE" type="conf:LocalConfigurationType"/>
49 <element ref="conf:Applications"/>
50 <element name="CredentialsProvider" type="conf:PluggableType" minOccurs="0" maxOccurs="unbounded"/>
51 <element ref="conf:AttributeFactory" minOccurs="0" maxOccurs="unbounded"/>
53 <attribute name="logger" type="anyURI" use="optional"/>
54 <attribute name="clockSkew" type="unsignedInt" use="optional"/>
55 <anyAttribute namespace="##other" processContents="lax"/>
58 <element name="Extensions">
60 <documentation>Container for extension libraries and custom configuration</documentation>
64 <element name="Library" minOccurs="0" maxOccurs="unbounded">
67 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
69 <attribute name="path" type="anyURI" use="required"/>
70 <attribute name="fatal" type="boolean" use="optional"/>
71 <anyAttribute namespace="##other" processContents="lax"/>
74 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
79 <complexType name="GlobalConfigurationType">
81 <documentation>Container for global (server independent) configuration</documentation>
84 <element ref="conf:Extensions" minOccurs="0"/>
86 <element name="UnixListener">
88 <attribute name="address" type="string" use="required"/>
91 <element name="TCPListener">
93 <attribute name="address" type="string" use="required"/>
94 <attribute name="port" type="unsignedInt" use="required"/>
95 <attribute name="acl" use="optional" default="127.0.0.1">
97 <list itemType="string"/>
102 <element name="MemoryListener" type="conf:PluggableType"/>
103 <element name="Listener" type="conf:PluggableType"/>
106 <element name="MemorySessionCache">
108 <attributeGroup ref="conf:SessionCacheProperties"/>
109 <anyAttribute namespace="##other" processContents="lax"/>
112 <element name="MySQLSessionCache">
115 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
117 <attributeGroup ref="conf:SessionCacheProperties"/>
118 <attribute name="mysqlTimeout" type="unsignedInt" use="optional" default="14400"/>
119 <attribute name="storeAttributes" type="boolean" use="optional" default="false"/>
120 <anyAttribute namespace="##other" processContents="lax"/>
123 <element name="SessionCache">
126 <extension base="conf:PluggableType">
127 <attributeGroup ref="conf:SessionCacheProperties"/>
133 <choice minOccurs="0">
134 <element name="MySQLReplayCache">
137 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
139 <anyAttribute namespace="##other" processContents="lax"/>
142 <element name="ReplayCache" type="conf:PluggableType"/>
144 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
146 <attribute name="logger" type="anyURI" use="optional"/>
147 <anyAttribute namespace="##other" processContents="lax"/>
150 <attributeGroup name="SessionCacheProperties">
151 <attribute name="cleanupInterval" type="unsignedInt" use="optional" default="300"/>
152 <attribute name="cacheTimeout" type="unsignedInt" use="optional" default="28800"/>
153 <attribute name="AAConnectTimeout" type="unsignedInt" use="optional" default="15"/>
154 <attribute name="AATimeout" type="unsignedInt" use="optional" default="30"/>
155 <attribute name="defaultLifetime" type="unsignedInt" use="optional" default="1800"/>
156 <attribute name="retryInterval" type="unsignedInt" use="optional" default="300"/>
157 <attribute name="strictValidity" type="boolean" use="optional" default="true"/>
158 <attribute name="propagateErrors" type="boolean" use="optional" default="false"/>
161 <complexType name="LocalConfigurationType">
164 Container for configuration of locally integrated or platform-specific
165 features (e.g. web server filters)
169 <element ref="conf:Extensions" minOccurs="0"/>
170 <element name="RequestMapProvider" type="conf:PluggableType" minOccurs="0"/>
171 <element name="Implementation" minOccurs="0">
173 <choice maxOccurs="unbounded">
174 <element ref="conf:ISAPI"/>
175 <any namespace="##other" processContents="lax"/>
179 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
181 <attribute name="logger" type="anyURI" use="optional"/>
182 <attribute name="localRelayState" type="boolean" use="optional" default="false"/>
183 <anyAttribute namespace="##other" processContents="lax"/>
186 <element name="ISAPI">
189 <element name="Site" maxOccurs="unbounded">
192 <element name="Alias" type="string" minOccurs="0" maxOccurs="unbounded"/>
194 <attribute name="id" type="unsignedInt" use="required"/>
195 <attribute name="name" type="string" use="required"/>
196 <attribute name="port" type="unsignedInt" use="optional"/>
197 <attribute name="sslport" type="unsignedInt" use="optional"/>
198 <attribute name="scheme" type="string" use="optional"/>
201 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
203 <attribute name="normalizeRequest" type="boolean" use="optional"/>
204 <anyAttribute namespace="##other" processContents="lax"/>
207 <element name="NSAPI" type="anyType"/>
208 <element name="Java" type="anyType"/>
210 <element name="AccessControl" type="conf:UniOperatorType">
213 A simple example access policy language extension that supersedes Apache .htaccess
217 <element name="OR" type="conf:MultiOperatorType"/>
218 <element name="AND" type="conf:MultiOperatorType"/>
219 <element name="NOT" type="conf:UniOperatorType"/>
220 <complexType name="UniOperatorType">
222 <element ref="conf:AND"/>
223 <element ref="conf:OR"/>
224 <element ref="conf:NOT"/>
225 <element ref="conf:Rule"/>
228 <complexType name="MultiOperatorType">
229 <choice minOccurs="2" maxOccurs="unbounded">
230 <element ref="conf:AND"/>
231 <element ref="conf:OR"/>
232 <element ref="conf:NOT"/>
233 <element ref="conf:Rule"/>
236 <element name="Rule">
239 <extension base="conf:listOfStrings">
240 <attribute name="require" type="string" use="required"/>
245 <simpleType name="listOfStrings">
246 <list itemType="string"/>
249 <attributeGroup name="ContentSettings">
250 <attribute name="authType" type="string" use="optional"/>
251 <attribute name="requireSession" type="boolean" use="optional"/>
252 <attribute name="requireSessionWith" type="string" use="optional"/>
253 <attribute name="exportAssertion" type="boolean" use="optional"/>
254 <anyAttribute namespace="##other" processContents="lax"/>
256 <element name="AccessControlProvider" type="conf:PluggableType"/>
257 <element name="htaccess" type="conf:PluggableType"/>
259 <element name="RequestMap">
262 Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
267 <choice minOccurs="0">
268 <element ref="conf:htaccess"/>
269 <element ref="conf:AccessControl"/>
270 <element ref="conf:AccessControlProvider"/>
272 <element ref="conf:Host" minOccurs="0" maxOccurs="unbounded"/>
274 <attribute name="applicationId" type="string" fixed="default"/>
275 <attributeGroup ref="conf:ContentSettings"/>
279 <element name="Host">
282 <choice minOccurs="0">
283 <element ref="conf:htaccess"/>
284 <element ref="conf:AccessControl"/>
285 <element ref="conf:AccessControlProvider"/>
287 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
289 <attribute name="scheme" use="optional">
291 <restriction base="string">
292 <enumeration value="http"/>
293 <enumeration value="https"/>
294 <enumeration value="ftp"/>
295 <enumeration value="ldap"/>
296 <enumeration value="ldaps"/>
300 <attribute name="name" type="string" use="required"/>
301 <attribute name="port" type="unsignedInt" use="optional"/>
302 <attribute name="applicationId" type="string" use="optional"/>
303 <attributeGroup ref="conf:ContentSettings"/>
307 <element name="Path">
310 <choice minOccurs="0">
311 <element ref="conf:htaccess"/>
312 <element ref="conf:AccessControl"/>
313 <element ref="conf:AccessControlProvider"/>
315 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
317 <attribute name="name" type="string" use="required"/>
318 <attribute name="applicationId" type="string" use="optional"/>
319 <attributeGroup ref="conf:ContentSettings"/>
323 <element name="Applications">
325 <documentation>Container for global target settings and application-specific overrides</documentation>
329 <element ref="conf:Sessions"/>
330 <element ref="conf:Errors"/>
331 <element ref="conf:CredentialUse" minOccurs="0"/>
332 <choice minOccurs="0" maxOccurs="unbounded">
333 <element ref="saml:AttributeDesignator"/>
334 <element ref="saml:Audience"/>
335 <element name="AAPProvider" type="conf:PluggableType"/>
336 <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
337 <element name="MetadataProvider" type="conf:PluggableType"/>
338 <element name="TrustProvider" type="conf:PluggableType"/>
340 <element ref="conf:Application" minOccurs="0" maxOccurs="unbounded"/>
342 <attribute name="id" type="string" fixed="default"/>
343 <attribute name="providerId" type="anyURI" use="required"/>
344 <attribute name="homeURL" type="anyURI" use="optional"/>
345 <anyAttribute namespace="##other" processContents="lax"/>
349 <element name="Application">
351 <documentation>Container for application-specific overrides</documentation>
355 <element ref="conf:Sessions" minOccurs="0"/>
356 <element ref="conf:Errors" minOccurs="0"/>
357 <element ref="conf:CredentialUse" minOccurs="0"/>
358 <choice minOccurs="0" maxOccurs="unbounded">
359 <element ref="saml:AttributeDesignator"/>
360 <element ref="saml:Audience"/>
361 <element name="AAPProvider" type="conf:PluggableType"/>
362 <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
363 <element name="MetadataProvider" type="conf:PluggableType"/>
364 <element name="TrustProvider" type="conf:PluggableType"/>
367 <attribute name="id" type="string" use="required"/>
368 <attribute name="providerId" type="anyURI" use="optional"/>
369 <attribute name="homeURL" type="anyURI" use="optional"/>
370 <anyAttribute namespace="##other" processContents="lax"/>
374 <element name="KeyInfoResolver" type="conf:PluggableType">
377 Custom plug-in that resolves ds:KeyInfo elements into public keys, used in
378 TrustProvider elements.
383 <element name="Sessions">
385 <documentation>Container for specifying app session establishment and policy</documentation>
388 <choice minOccurs="0" maxOccurs="unbounded">
389 <element ref="conf:SessionInitiator"/>
390 <element ref="md:AssertionConsumerService"/>
391 <element ref="md:SingleLogoutService"/>
392 <element ref="conf:DiagnosticService"/>
393 <element name="ExtensionService" type="conf:PluggableType"/>
395 <!-- deprecated --> <attribute name="wayfURL" type="anyURI" use="optional"/>
396 <!-- deprecated --> <attribute name="shireURL" type="anyURI" use="optional"/>
397 <!-- deprecated --> <attribute name="shireSSL" type="boolean" use="optional"/>
398 <attribute name="handlerURL" type="anyURI" use="optional"/>
399 <attribute name="handlerSSL" type="boolean" use="optional" default="true"/>
400 <attribute name="cookieName" type="string" use="optional"/>
401 <attribute name="cookieProps" type="string" use="optional"/>
402 <attribute name="idpHistory" type="boolean" use="optional" default="true"/>
403 <attribute name="idpHistoryDays" type="unsignedInt" use="optional"/>
404 <attribute name="lifetime" type="unsignedInt" use="optional"/>
405 <attribute name="timeout" type="unsignedInt" use="optional"/>
406 <attribute name="checkAddress" type="boolean" use="optional"/>
407 <attribute name="checkReplay" type="boolean" use="optional" default="true"/>
408 <anyAttribute namespace="##other" processContents="lax"/>
411 <element name="SessionInitiator">
413 <documentation>Used to specify WAYF/Discovery services (external or internal)</documentation>
417 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
419 <attribute name="Location" type="anyURI" use="required"/>
420 <attribute name="Binding" type="anyURI" use="required"/>
421 <attribute name="wayfURL" type="anyURI" use="optional"/>
422 <attribute name="wayfBinding" type="anyURI" use="optional"/>
423 <attribute name="checkCDC" type="anyURI" use="optional"/>
424 <attribute name="isDefault" type="boolean" use="optional"/>
425 <attribute name="id" type="string" use="optional"/>
426 <anyAttribute namespace="##any" processContents="lax"/>
429 <element name="DiagnosticService">
431 <documentation>Used to specify internal diagnostic capabilities</documentation>
435 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
437 <attribute name="Location" type="anyURI" use="required"/>
438 <attribute name="Binding" type="anyURI" use="required"/>
439 <attribute name="echo" type="boolean" use="optional"/>
440 <attribute name="log" type="boolean" use="optional"/>
441 <attribute name="config" type="boolean" use="optional"/>
442 <attribute name="acl" use="optional">
444 <list itemType="string"/>
447 <anyAttribute namespace="##any" processContents="lax"/>
451 <element name="Errors">
453 <documentation>Container for error templates and associated details</documentation>
457 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
459 <!-- deprecated --> <attribute name="shire" type="anyURI" use="optional"/>
460 <attribute name="session" type="anyURI" use="optional"/>
461 <attribute name="metadata" type="anyURI" use="optional"/>
462 <attribute name="rm" type="anyURI" use="required"/>
463 <attribute name="access" type="anyURI" use="optional"/>
464 <attribute name="supportContact" type="string" use="optional"/>
465 <attribute name="logoLocation" type="anyURI" use="optional"/>
466 <attribute name="styleSheet" type="anyURI" use="optional"/>
467 <anyAttribute namespace="##any" processContents="lax"/>
471 <attributeGroup name="CredentialUseGroup">
472 <attribute name="TLS" type="string" use="optional"/>
473 <attribute name="Signing" type="string" use="optional"/>
474 <attribute name="signRequest" type="boolean" use="optional" default="false"/>
475 <attribute name="signatureAlg" type="anyURI" use="optional"/>
476 <attribute name="digestAlg" type="anyURI" use="optional"/>
477 <attribute name="signedResponse" type="boolean" use="optional" default="false"/>
478 <attribute name="signedAssertions" type="boolean" use="optional" default="false"/>
479 <attribute name="authType" use="optional">
481 <restriction base="string">
482 <enumeration value="basic"/>
483 <enumeration value="digest"/>
484 <enumeration value="ntlm"/>
485 <enumeration value="gss"/>
489 <attribute name="authUsername" use="optional"/>
490 <attribute name="authPassword" use="optional"/>
493 <element name="CredentialUse">
495 <documentation>Container for specifying credentials to use</documentation>
499 <element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
502 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
504 <attribute name="Name" type="string" use="required"/>
505 <attributeGroup ref="conf:CredentialUseGroup"/>
506 <anyAttribute namespace="##other" processContents="lax"/>
509 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
511 <attributeGroup ref="conf:CredentialUseGroup"/>
512 <anyAttribute namespace="##other" processContents="lax"/>
516 <element name="AttributeFactory">
518 <documentation>Specifies a plugin that implements a specialized SAML attribute</documentation>
522 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
524 <attribute name="type" type="string" use="required"/>
525 <attribute name="AttributeName" type="string" use="required"/>
526 <anyAttribute namespace="##other" processContents="lax"/>