1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:target:config:1.0"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:conf="urn:mace:shibboleth:target:config:1.0"
5 xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
6 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
7 elementFormDefault="qualified"
8 attributeFormDefault="unqualified"
9 blockDefault="substitution"
12 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
13 <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
14 <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
18 1.0 schema for XML-based configuration of Shibboleth target libraries and modules.
19 First appearing in Shibboleth 1.2 release.
23 <complexType name="PluggableType">
25 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
27 <attribute name="type" type="string" use="required"/>
28 <attribute name="uri" type="anyURI" use="optional"/>
29 <anyAttribute namespace="##any" processContents="lax"/>
32 <element name="ShibbolethTargetConfig" type="conf:SPConfigType"/>
33 <element name="SPConfig" type="conf:SPConfigType"/>
34 <complexType name="SPConfigType">
36 <documentation>Root element of configuration file</documentation>
39 <element ref="conf:Extensions" minOccurs="0"/>
40 <choice minOccurs="0">
41 <element name="Global" type="conf:GlobalConfigurationType"/>
42 <element name="SHAR" type="conf:GlobalConfigurationType"/>
44 <choice minOccurs="0">
45 <element name="Local" type="conf:LocalConfigurationType"/>
46 <element name="SHIRE" type="conf:LocalConfigurationType"/>
48 <element ref="conf:Applications"/>
49 <element name="CredentialsProvider" type="conf:PluggableType" minOccurs="0" maxOccurs="unbounded"/>
51 <attribute name="logger" type="anyURI" use="optional"/>
52 <attribute name="clockSkew" type="unsignedInt" use="optional"/>
53 <anyAttribute namespace="##other" processContents="lax"/>
56 <element name="Extensions">
58 <documentation>Container for extension libraries and custom configuration</documentation>
62 <element name="Library" minOccurs="0" maxOccurs="unbounded">
65 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
67 <attribute name="path" type="anyURI" use="required"/>
68 <attribute name="fatal" type="boolean" use="optional"/>
69 <anyAttribute namespace="##other" processContents="lax"/>
72 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
77 <complexType name="GlobalConfigurationType">
79 <documentation>Container for global (server independent) configuration</documentation>
82 <element ref="conf:Extensions" minOccurs="0"/>
84 <element name="UnixListener">
86 <attribute name="address" type="string" use="required"/>
89 <element name="TCPListener">
91 <attribute name="address" type="string" use="required"/>
92 <attribute name="port" type="unsignedInt" use="required"/>
93 <attribute name="acl" use="optional" default="127.0.0.1">
95 <list itemType="string"/>
100 <element name="Listener" type="conf:PluggableType"/>
103 <element name="MemorySessionCache">
105 <attributeGroup ref="conf:SessionCacheProperties"/>
106 <anyAttribute namespace="##other" processContents="lax"/>
109 <element name="MySQLSessionCache">
112 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
114 <attributeGroup ref="conf:SessionCacheProperties"/>
115 <attribute name="mysqlTimeout" type="unsignedInt" use="optional" default="14400"/>
116 <attribute name="storeAttributes" type="boolean" use="optional" default="false"/>
117 <anyAttribute namespace="##other" processContents="lax"/>
120 <element name="SessionCache">
123 <extension base="conf:PluggableType">
124 <attributeGroup ref="conf:SessionCacheProperties"/>
130 <choice minOccurs="0">
131 <element name="MySQLReplayCache">
134 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
136 <anyAttribute namespace="##other" processContents="lax"/>
139 <element name="ReplayCache" type="conf:PluggableType"/>
141 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
143 <attribute name="logger" type="anyURI" use="optional"/>
144 <anyAttribute namespace="##other" processContents="lax"/>
147 <attributeGroup name="SessionCacheProperties">
148 <attribute name="cleanupInterval" type="unsignedInt" use="optional" default="300"/>
149 <attribute name="cacheTimeout" type="unsignedInt" use="optional" default="28800"/>
150 <attribute name="AAConnectTimeout" type="unsignedInt" use="optional" default="15"/>
151 <attribute name="AATimeout" type="unsignedInt" use="optional" default="30"/>
152 <attribute name="defaultLifetime" type="unsignedInt" use="optional" default="1800"/>
153 <attribute name="retryInterval" type="unsignedInt" use="optional" default="300"/>
154 <attribute name="strictValidity" type="boolean" use="optional" default="true"/>
155 <attribute name="propagateErrors" type="boolean" use="optional" default="false"/>
158 <complexType name="LocalConfigurationType">
161 Container for configuration of locally integrated or platform-specific
162 features (e.g. web server filters)
166 <element ref="conf:Extensions" minOccurs="0"/>
167 <element name="RequestMapProvider" type="conf:PluggableType" minOccurs="0"/>
168 <element name="Implementation" minOccurs="0">
170 <choice maxOccurs="unbounded">
171 <element ref="conf:ISAPI"/>
172 <element ref="conf:NSAPI"/>
173 <element ref="conf:Java"/>
174 <any namespace="##other" processContents="lax"/>
178 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
180 <attribute name="logger" type="anyURI" use="optional"/>
181 <attribute name="localRelayState" type="boolean" use="optional" default="false"/>
182 <anyAttribute namespace="##other" processContents="lax"/>
185 <element name="ISAPI">
188 <element name="Site" maxOccurs="unbounded">
191 <element name="Alias" type="string" minOccurs="0" maxOccurs="unbounded"/>
193 <attribute name="id" type="unsignedInt" use="required"/>
194 <attribute name="name" type="string" use="required"/>
195 <attribute name="port" type="unsignedInt" use="optional"/>
196 <attribute name="sslport" type="unsignedInt" use="optional"/>
197 <attribute name="scheme" type="string" use="optional"/>
200 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
202 <attribute name="normalizeRequest" type="boolean" use="optional"/>
203 <anyAttribute namespace="##other" processContents="lax"/>
206 <element name="NSAPI" type="anyType"/>
207 <element name="Java" type="anyType"/>
209 <element name="AccessControl" type="conf:UniOperatorType">
212 A simple example access policy language extension that supersedes Apache .htaccess
216 <element name="OR" type="conf:MultiOperatorType"/>
217 <element name="AND" type="conf:MultiOperatorType"/>
218 <element name="NOT" type="conf:UniOperatorType"/>
219 <complexType name="UniOperatorType">
221 <element ref="conf:AND"/>
222 <element ref="conf:OR"/>
223 <element ref="conf:NOT"/>
224 <element ref="conf:Rule"/>
227 <complexType name="MultiOperatorType">
228 <choice minOccurs="2" maxOccurs="unbounded">
229 <element ref="conf:AND"/>
230 <element ref="conf:OR"/>
231 <element ref="conf:NOT"/>
232 <element ref="conf:Rule"/>
235 <element name="Rule">
238 <extension base="conf:listOfStrings">
239 <attribute name="require" type="string" use="required"/>
244 <simpleType name="listOfStrings">
245 <list itemType="string"/>
248 <attributeGroup name="ContentSettings">
249 <attribute name="authType" type="string" use="optional"/>
250 <attribute name="requireSession" type="boolean" use="optional"/>
251 <attribute name="requireSessionWith" type="string" use="optional"/>
252 <attribute name="exportAssertion" type="boolean" use="optional"/>
253 <anyAttribute namespace="##other" processContents="lax"/>
255 <element name="AccessControlProvider" type="conf:PluggableType"/>
256 <element name="htaccess" type="conf:PluggableType"/>
258 <element name="RequestMap">
261 Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
266 <choice minOccurs="0">
267 <element ref="conf:htaccess"/>
268 <element ref="conf:AccessControl"/>
269 <element ref="conf:AccessControlProvider"/>
271 <element ref="conf:Host" minOccurs="0" maxOccurs="unbounded"/>
273 <attribute name="applicationId" type="string" fixed="default"/>
274 <attributeGroup ref="conf:ContentSettings"/>
278 <element name="Host">
281 <choice minOccurs="0">
282 <element ref="conf:htaccess"/>
283 <element ref="conf:AccessControl"/>
284 <element ref="conf:AccessControlProvider"/>
286 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
288 <attribute name="scheme" use="optional">
290 <restriction base="string">
291 <enumeration value="http"/>
292 <enumeration value="https"/>
293 <enumeration value="ftp"/>
294 <enumeration value="ldap"/>
295 <enumeration value="ldaps"/>
299 <attribute name="name" type="string" use="required"/>
300 <attribute name="port" type="unsignedInt" use="optional"/>
301 <attribute name="applicationId" type="string" use="optional"/>
302 <attributeGroup ref="conf:ContentSettings"/>
306 <element name="Path">
309 <choice minOccurs="0">
310 <element ref="conf:htaccess"/>
311 <element ref="conf:AccessControl"/>
312 <element ref="conf:AccessControlProvider"/>
314 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
316 <attribute name="name" type="string" use="required"/>
317 <attribute name="applicationId" type="string" use="optional"/>
318 <attributeGroup ref="conf:ContentSettings"/>
322 <element name="Applications">
324 <documentation>Container for global target settings and application-specific overrides</documentation>
328 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
329 <element ref="conf:Sessions"/>
330 <element ref="conf:Errors"/>
331 <element ref="conf:CredentialUse" minOccurs="0"/>
332 <choice minOccurs="0" maxOccurs="unbounded">
333 <element ref="saml:AttributeDesignator"/>
334 <element ref="saml:Audience"/>
335 <element name="AAPProvider" type="conf:PluggableType"/>
336 <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
337 <element name="MetadataProvider" type="conf:PluggableType"/>
338 <element name="TrustProvider" type="conf:PluggableType"/>
340 <element ref="conf:Application" minOccurs="0" maxOccurs="unbounded"/>
342 <attribute name="id" type="string" fixed="default"/>
343 <attribute name="providerId" type="anyURI" use="required"/>
344 <attribute name="homeURL" type="anyURI" use="optional"/>
345 <anyAttribute namespace="##other" processContents="lax"/>
349 <element name="Application">
351 <documentation>Container for application-specific overrides</documentation>
355 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
356 <element ref="conf:Sessions" minOccurs="0"/>
357 <element ref="conf:Errors" minOccurs="0"/>
358 <element ref="conf:CredentialUse" minOccurs="0"/>
359 <choice minOccurs="0" maxOccurs="unbounded">
360 <element ref="saml:AttributeDesignator"/>
361 <element ref="saml:Audience"/>
362 <element name="AAPProvider" type="conf:PluggableType"/>
363 <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
364 <element name="MetadataProvider" type="conf:PluggableType"/>
365 <element name="TrustProvider" type="conf:PluggableType"/>
368 <attribute name="id" type="string" use="required"/>
369 <attribute name="providerId" type="anyURI" use="optional"/>
370 <attribute name="homeURL" type="anyURI" use="optional"/>
371 <anyAttribute namespace="##other" processContents="lax"/>
375 <element name="KeyInfoResolver" type="conf:PluggableType">
378 Custom plug-in that resolves ds:KeyInfo elements into public keys, used in
379 TrustProvider elements.
384 <element name="Sessions">
386 <documentation>Container for specifying app session establishment and policy</documentation>
389 <choice minOccurs="0" maxOccurs="unbounded">
390 <element ref="conf:SessionInitiator"/>
391 <element ref="md:AssertionConsumerService"/>
392 <element ref="md:SingleLogoutService"/>
394 <!-- deprecated --> <attribute name="wayfURL" type="anyURI" use="optional"/>
395 <!-- deprecated --> <attribute name="shireURL" type="anyURI" use="optional"/>
396 <!-- deprecated --> <attribute name="shireSSL" type="boolean" use="optional"/>
397 <attribute name="handlerURL" type="anyURI" use="optional"/>
398 <attribute name="handlerSSL" type="boolean" use="optional" default="true"/>
399 <attribute name="cookieName" type="string" use="optional"/>
400 <attribute name="cookieProps" type="string" use="optional"/>
401 <attribute name="idpHistory" type="boolean" use="optional" default="true"/>
402 <attribute name="idpHistoryDays" type="unsignedInt" use="optional"/>
403 <attribute name="lifetime" type="unsignedInt" use="optional"/>
404 <attribute name="timeout" type="unsignedInt" use="optional"/>
405 <attribute name="checkAddress" type="boolean" use="optional"/>
406 <attribute name="checkReplay" type="boolean" use="optional" default="true"/>
407 <anyAttribute namespace="##other" processContents="lax"/>
410 <element name="SessionInitiator">
412 <documentation>Used to specify WAYF/Discovery services (external or internal)</documentation>
416 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
418 <attribute name="Location" type="anyURI" use="required"/>
419 <attribute name="Binding" type="anyURI" use="required"/>
420 <attribute name="wayfURL" type="anyURI" use="optional"/>
421 <attribute name="wayfBinding" type="anyURI" use="optional"/>
422 <attribute name="checkCDC" type="anyURI" use="optional"/>
423 <attribute name="isDefault" type="boolean" use="optional"/>
424 <attribute name="id" type="string" use="optional"/>
428 <element name="Errors">
430 <documentation>Container for error templates and associated details</documentation>
434 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
436 <!-- deprecated --> <attribute name="shire" type="anyURI" use="optional"/>
437 <attribute name="session" type="anyURI" use="optional"/>
438 <attribute name="metadata" type="anyURI" use="optional"/>
439 <attribute name="rm" type="anyURI" use="required"/>
440 <attribute name="access" type="anyURI" use="optional"/>
441 <attribute name="supportContact" type="string" use="optional"/>
442 <attribute name="logoLocation" type="anyURI" use="optional"/>
443 <attribute name="styleSheet" type="anyURI" use="optional"/>
444 <anyAttribute namespace="##any" processContents="lax"/>
448 <attributeGroup name="CredentialUseGroup">
449 <attribute name="TLS" type="string" use="required"/>
450 <attribute name="Signing" type="string" use="required"/>
451 <attribute name="signRequest" type="boolean" use="optional" default="false"/>
452 <attribute name="signedResponse" type="boolean" use="optional" default="false"/>
453 <attribute name="signedAssertions" type="boolean" use="optional" default="false"/>
456 <element name="CredentialUse">
458 <documentation>Container for specifying credentials to use</documentation>
462 <element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
463 <complexType mixed="false">
465 <restriction base="anyType">
466 <attribute name="Name" type="string" use="required"/>
467 <attributeGroup ref="conf:CredentialUseGroup"/>
472 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
474 <attributeGroup ref="conf:CredentialUseGroup"/>
475 <anyAttribute namespace="##other" processContents="lax"/>