1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:target:config:1.0"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:conf="urn:mace:shibboleth:target:config:1.0"
5 xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
6 elementFormDefault="qualified"
7 attributeFormDefault="unqualified"
8 blockDefault="substitution"
11 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
12 <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
16 1.0 schema for XML-based configuration of Shibboleth target libraries and modules.
17 First appearing in Shibboleth 1.2 release.
21 <complexType name="PluggableType">
23 <restriction base="anyType">
25 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
27 <attribute name="type" type="string" use="required"/>
28 <attribute name="uri" type="anyURI" use="optional"/>
29 <anyAttribute namespace="##other" processContents="lax"/>
34 <element name="ShibbolethTargetConfig" type="conf:SPConfigType"/>
35 <element name="SPConfig" type="conf:SPConfigType"/>
36 <complexType name="SPConfigType">
38 <documentation>Root element of configuration file</documentation>
41 <element ref="conf:Extensions" minOccurs="0"/>
42 <choice minOccurs="0">
43 <element name="Global" type="conf:GlobalConfigurationType"/>
44 <element name="SHAR" type="conf:GlobalConfigurationType"/>
46 <choice minOccurs="0">
47 <element name="Local" type="conf:LocalConfigurationType"/>
48 <element name="SHIRE" type="conf:LocalConfigurationType"/>
50 <element ref="conf:Applications"/>
51 <element name="CredentialsProvider" type="conf:PluggableType" minOccurs="0" maxOccurs="unbounded"/>
53 <attribute name="logger" type="anyURI" use="optional"/>
54 <attribute name="clockSkew" type="unsignedInt" use="optional"/>
55 <anyAttribute namespace="##other" processContents="lax"/>
58 <element name="Extensions">
60 <documentation>Container for extension libraries and custom configuration</documentation>
64 <element name="Library" minOccurs="0" maxOccurs="unbounded">
67 <restriction base="anyType">
69 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
71 <attribute name="path" type="anyURI" use="required"/>
72 <attribute name="fatal" type="boolean" use="optional"/>
73 <anyAttribute namespace="##other" processContents="lax"/>
78 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
83 <complexType name="GlobalConfigurationType">
85 <documentation>Container for global (server independent) configuration</documentation>
88 <element ref="conf:Extensions" minOccurs="0"/>
90 <element name="UnixListener">
91 <complexType mixed="false">
93 <restriction base="anyType">
94 <attribute name="address" type="string" use="required"/>
99 <element name="TCPListener">
100 <complexType mixed="false">
102 <restriction base="anyType">
103 <attribute name="address" type="string" use="required"/>
104 <attribute name="port" type="unsignedInt" use="required"/>
105 <attribute name="acl" use="optional" default="127.0.0.1">
107 <list itemType="string"/>
114 <element name="Listener" type="conf:PluggableType"/>
117 <element name="MemorySessionCache">
118 <complexType mixed="false">
120 <restriction base="anyType">
121 <attributeGroup ref="conf:SessionCacheProperties"/>
122 <anyAttribute namespace="##other" processContents="lax"/>
127 <element name="MySQLSessionCache">
130 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
132 <attributeGroup ref="conf:SessionCacheProperties"/>
133 <attribute name="mysqlTimeout" type="unsignedInt" use="optional" default="14400"/>
134 <anyAttribute namespace="##other" processContents="lax"/>
137 <element name="SessionCache">
140 <extension base="conf:PluggableType">
141 <attributeGroup ref="conf:SessionCacheProperties"/>
147 <choice minOccurs="0">
148 <element name="MySQLReplayCache">
151 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
153 <anyAttribute namespace="##other" processContents="lax"/>
156 <element name="ReplayCache" type="conf:PluggableType"/>
158 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
160 <attribute name="logger" type="anyURI" use="optional"/>
161 <anyAttribute namespace="##other" processContents="lax"/>
164 <attributeGroup name="SessionCacheProperties">
165 <attribute name="cleanupInterval" type="unsignedInt" use="optional" default="300"/>
166 <attribute name="cacheTimeout" type="unsignedInt" use="optional" default="28800"/>
167 <attribute name="AAConnectTimeout" type="unsignedInt" use="optional" default="15"/>
168 <attribute name="AATimeout" type="unsignedInt" use="optional" default="30"/>
169 <attribute name="defaultLifetime" type="unsignedInt" use="optional" default="1800"/>
170 <attribute name="retryInterval" type="unsignedInt" use="optional" default="300"/>
171 <attribute name="strictValidity" type="boolean" use="optional" default="true"/>
172 <attribute name="propagateErrors" type="boolean" use="optional" default="false"/>
175 <complexType name="LocalConfigurationType">
178 Container for configuration of locally integrated or platform-specific
179 features (e.g. web server filters)
183 <element ref="conf:Extensions" minOccurs="0"/>
184 <element name="RequestMapProvider" type="conf:PluggableType" minOccurs="0"/>
185 <element name="Implementation" minOccurs="0">
187 <choice maxOccurs="unbounded">
188 <element ref="conf:ISAPI"/>
189 <element ref="conf:NSAPI"/>
190 <element ref="conf:Java"/>
191 <any namespace="##other" processContents="lax"/>
195 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
197 <attribute name="logger" type="anyURI" use="optional"/>
198 <anyAttribute namespace="##other" processContents="lax"/>
201 <element name="ISAPI">
204 <element name="Site" maxOccurs="unbounded">
205 <complexType mixed="false">
207 <restriction base="anyType">
209 <element name="Alias" type="string" minOccurs="0" maxOccurs="unbounded"/>
211 <attribute name="id" type="unsignedInt" use="required"/>
212 <attribute name="name" type="string" use="required"/>
213 <attribute name="port" type="unsignedInt" use="optional"/>
214 <attribute name="scheme" type="string" use="optional"/>
219 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
221 <attribute name="normalizeRequest" type="boolean" use="optional"/>
222 <anyAttribute namespace="##other" processContents="lax"/>
225 <element name="NSAPI" type="anyType"/>
226 <element name="Java" type="anyType"/>
228 <element name="htaccess" type="conf:UniOperatorType">
231 A simple example access policy language extension that supersedes Apache .htaccess
235 <element name="OR" type="conf:MultiOperatorType"/>
236 <element name="AND" type="conf:MultiOperatorType"/>
237 <element name="NOT" type="conf:UniOperatorType"/>
238 <complexType name="UniOperatorType">
240 <element ref="conf:AND"/>
241 <element ref="conf:OR"/>
242 <element ref="conf:NOT"/>
243 <element ref="conf:Rule"/>
246 <complexType name="MultiOperatorType">
247 <choice minOccurs="2" maxOccurs="unbounded">
248 <element ref="conf:AND"/>
249 <element ref="conf:OR"/>
250 <element ref="conf:NOT"/>
251 <element ref="conf:Rule"/>
254 <element name="Rule">
257 <extension base="conf:listOfStrings">
258 <attribute name="require" type="string" use="required"/>
263 <simpleType name="listOfStrings">
264 <list itemType='string'/>
267 <attributeGroup name="ContentSettings">
268 <attribute name="requireSession" type="boolean" use="optional"/>
269 <attribute name="exportAssertion" type="boolean" use="optional"/>
270 <anyAttribute namespace="##other" processContents="lax"/>
272 <element name="AccessControlProvider" type="conf:PluggableType"/>
274 <element name="RequestMap">
277 Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
282 <choice minOccurs="0">
283 <element ref="conf:htaccess"/>
284 <element ref="conf:AccessControlProvider"/>
286 <element ref="conf:Host" minOccurs="0" maxOccurs="unbounded"/>
288 <attribute name="applicationId" type="string" fixed="default"/>
289 <attributeGroup ref="conf:ContentSettings"/>
293 <element name="Host">
296 <choice minOccurs="0">
297 <element ref="conf:htaccess"/>
298 <element ref="conf:AccessControlProvider"/>
300 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
302 <attribute name="scheme" use="optional">
304 <restriction base="string">
305 <enumeration value="http"/>
306 <enumeration value="https"/>
307 <enumeration value="ftp"/>
308 <enumeration value="ldap"/>
309 <enumeration value="ldaps"/>
313 <attribute name="name" type="string" use="required"/>
314 <attribute name="port" type="unsignedInt" use="optional"/>
315 <attribute name="applicationId" type="string" use="optional"/>
316 <attributeGroup ref="conf:ContentSettings"/>
320 <element name="Path">
323 <choice minOccurs="0">
324 <element ref="conf:htaccess"/>
325 <element ref="conf:AccessControlProvider"/>
327 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
329 <attribute name="name" type="string" use="required"/>
330 <attribute name="applicationId" type="string" use="optional"/>
331 <attributeGroup ref="conf:ContentSettings"/>
335 <element name="Applications">
338 Container for global target settings and application-specific overrides
343 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
344 <element ref="conf:Sessions"/>
345 <element ref="conf:Errors"/>
346 <element ref="conf:CredentialUse" minOccurs="0"/>
347 <choice minOccurs="0" maxOccurs="unbounded">
348 <element ref="saml:AttributeDesignator"/>
349 <element ref="saml:Audience"/>
350 <element name="AAPProvider" type="conf:PluggableType"/>
351 <element name="FederationProvider" type="conf:PluggableType"/>
352 <element name="TrustProvider" type="conf:PluggableType"/>
353 <element name="RevocationProvider" type="conf:PluggableType"/>
355 <element ref="conf:Application" minOccurs="0" maxOccurs="unbounded"/>
357 <attribute name="id" type="string" fixed="default"/>
358 <attribute name="providerId" type="anyURI" use="required"/>
359 <anyAttribute namespace="##other" processContents="lax"/>
363 <element name="Application">
366 Container for application-specific overrides
371 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
372 <element ref="conf:Sessions"/>
373 <element ref="conf:Errors" minOccurs="0"/>
374 <element ref="conf:CredentialUse" minOccurs="0"/>
375 <choice minOccurs="0" maxOccurs="unbounded">
376 <element ref="saml:AttributeDesignator"/>
377 <element ref="saml:Audience"/>
378 <element name="AAPProvider" type="conf:PluggableType"/>
379 <element name="FederationProvider" type="conf:PluggableType"/>
380 <element name="TrustProvider" type="conf:PluggableType"/>
381 <element name="RevocationProvider" type="conf:PluggableType"/>
384 <attribute name="id" type="string" use="required"/>
385 <attribute name="providerId" type="anyURI" use="optional"/>
386 <anyAttribute namespace="##other" processContents="lax"/>
390 <element name="Sessions">
392 <documentation>Container for specifying app session establishment and policy</documentation>
395 <attribute name="wayfURL" type="anyURI" use="optional"/>
396 <!-- deprecated --> <attribute name="shireURL" type="anyURI" use="optional"/>
397 <attribute name="shireSSL" type="boolean" use="optional"/>
398 <attribute name="cookieName" type="string" use="optional"/>
399 <attribute name="cookieProps" type="string" use="optional"/>
400 <attribute name="lifetime" type="unsignedInt" use="optional"/>
401 <attribute name="timeout" type="unsignedInt" use="optional"/>
402 <attribute name="checkAddress" type="boolean" use="optional"/>
403 <attribute name="oldAuthnRequest" type="boolean" use="optional"/>
404 <anyAttribute namespace="##any" processContents="lax"/>
408 <element name="Errors">
410 <documentation>Container for error templates and associated details</documentation>
414 <restriction base="anyType">
415 <!-- deprecated --> <attribute name="shire" type="anyURI" use="optional"/>
416 <attribute name="session" type="anyURI" use="optional"/>
417 <attribute name="rm" type="anyURI" use="required"/>
418 <attribute name="access" type="anyURI" use="optional"/>
419 <attribute name="supportContact" type="string" use="optional"/>
420 <attribute name="logoLocation" type="anyURI" use="optional"/>
421 <attribute name="styleSheet" type="anyURI" use="optional"/>
422 <anyAttribute namespace="##any" processContents="lax"/>
428 <attributeGroup name="CredentialUseGroup">
429 <attribute name="TLS" type="string" use="required"/>
430 <attribute name="Signing" type="string" use="required"/>
431 <attribute name="signRequest" type="boolean" use="optional" default="false"/>
432 <attribute name="signedResponse" type="boolean" use="optional" default="false"/>
433 <attribute name="signedAssertions" type="boolean" use="optional" default="false"/>
436 <element name="CredentialUse">
438 <documentation>Container for specifying credentials to use</documentation>
442 <element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
443 <complexType mixed="false">
445 <restriction base="anyType">
446 <attribute name="Name" type="string" use="required"/>
447 <attributeGroup ref="conf:CredentialUseGroup"/>
452 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
454 <attributeGroup ref="conf:CredentialUseGroup"/>
455 <anyAttribute namespace="##other" processContents="lax"/>