1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:target:config:1.0"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:conf="urn:mace:shibboleth:target:config:1.0"
5 xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
6 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
7 elementFormDefault="qualified"
8 attributeFormDefault="unqualified"
9 blockDefault="substitution"
12 <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
13 <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
17 1.0 schema for XML-based configuration of Shibboleth target libraries and modules.
18 First appearing in Shibboleth 1.2 release.
22 <complexType name="PluggableType">
24 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
26 <attribute name="type" type="string" use="required"/>
27 <attribute name="uri" type="anyURI" use="optional"/>
28 <anyAttribute namespace="##any" processContents="lax"/>
31 <element name="ShibbolethTargetConfig" type="conf:SPConfigType"/>
32 <element name="SPConfig" type="conf:SPConfigType"/>
33 <complexType name="SPConfigType">
35 <documentation>Root element of configuration file</documentation>
38 <element ref="conf:Extensions" minOccurs="0"/>
39 <choice minOccurs="0">
40 <element name="OutOfProcess" type="conf:OutOfProcessType"/>
41 <element name="Global" type="conf:OutOfProcessType"/>
42 <element name="SHAR" type="conf:OutOfProcessType"/>
44 <choice minOccurs="0">
45 <element name="InProcess" type="conf:InProcessType"/>
46 <element name="Local" type="conf:InProcessType"/>
47 <element name="SHIRE" type="conf:InProcessType"/>
49 <element ref="conf:Applications"/>
50 <element name="CredentialsProvider" type="conf:PluggableType" minOccurs="0" maxOccurs="unbounded"/>
51 <element ref="conf:AttributeFactory" minOccurs="0" maxOccurs="unbounded"/>
53 <attribute name="logger" type="anyURI" use="optional"/>
54 <attribute name="clockSkew" type="unsignedInt" use="optional"/>
55 <anyAttribute namespace="##other" processContents="lax"/>
58 <element name="Extensions">
60 <documentation>Container for extension libraries and custom configuration</documentation>
64 <element name="Library" minOccurs="0" maxOccurs="unbounded">
67 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
69 <attribute name="path" type="anyURI" use="required"/>
70 <attribute name="fatal" type="boolean" use="optional"/>
71 <anyAttribute namespace="##other" processContents="lax"/>
74 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
79 <attributeGroup name="SessionCacheProperties">
80 <attribute name="cleanupInterval" type="unsignedInt" use="optional" default="300"/>
81 <attribute name="cacheTimeout" type="unsignedInt" use="optional" default="28800"/>
82 <attribute name="AAConnectTimeout" type="unsignedInt" use="optional" default="15"/>
83 <attribute name="AATimeout" type="unsignedInt" use="optional" default="30"/>
84 <attribute name="defaultLifetime" type="unsignedInt" use="optional" default="1800"/>
85 <attribute name="retryInterval" type="unsignedInt" use="optional" default="300"/>
86 <attribute name="strictValidity" type="boolean" use="optional" default="true"/>
87 <attribute name="propagateErrors" type="boolean" use="optional" default="false"/>
88 <attribute name="writeThrough" type="boolean" use="optional" default="true"/>
91 <element name="MemorySessionCache">
93 <attributeGroup ref="conf:SessionCacheProperties"/>
94 <anyAttribute namespace="##other" processContents="lax"/>
97 <element name="MySQLSessionCache">
100 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
102 <attributeGroup ref="conf:SessionCacheProperties"/>
103 <attribute name="mysqlTimeout" type="unsignedInt" use="optional" default="14400"/>
104 <attribute name="storeAttributes" type="boolean" use="optional" default="false"/>
105 <anyAttribute namespace="##other" processContents="lax"/>
108 <element name="SessionCache">
111 <extension base="conf:PluggableType">
112 <attributeGroup ref="conf:SessionCacheProperties"/>
118 <complexType name="OutOfProcessType">
120 <documentation>Container for global (server independent) configuration</documentation>
123 <element ref="conf:Extensions" minOccurs="0"/>
125 <element name="UnixListener">
127 <attribute name="address" type="string" use="required"/>
130 <element name="TCPListener">
132 <attribute name="address" type="string" use="required"/>
133 <attribute name="port" type="unsignedInt" use="required"/>
134 <attribute name="acl" use="optional" default="127.0.0.1">
136 <list itemType="string"/>
141 <element name="MemoryListener" type="conf:PluggableType"/>
142 <element name="Listener" type="conf:PluggableType"/>
145 <element ref="conf:MemorySessionCache"/>
146 <element ref="conf:MySQLSessionCache"/>
147 <element ref="conf:SessionCache"/>
149 <choice minOccurs="0">
150 <element name="MySQLReplayCache">
153 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
155 <anyAttribute namespace="##other" processContents="lax"/>
158 <element name="ReplayCache" type="conf:PluggableType"/>
160 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
162 <attribute name="logger" type="anyURI" use="optional"/>
163 <anyAttribute namespace="##other" processContents="lax"/>
166 <complexType name="InProcessType">
169 Container for configuration of locally integrated or platform-specific
170 features (e.g. web server filters)
174 <element ref="conf:Extensions" minOccurs="0"/>
175 <choice minOccurs="0">
176 <element ref="conf:MemorySessionCache"/>
177 <element ref="conf:MySQLSessionCache"/>
178 <element ref="conf:SessionCache"/>
180 <element name="RequestMapProvider" type="conf:PluggableType" minOccurs="0"/>
181 <element name="Implementation" minOccurs="0">
183 <choice maxOccurs="unbounded">
184 <element ref="conf:ISAPI"/>
185 <any namespace="##other" processContents="lax"/>
189 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
191 <attribute name="logger" type="anyURI" use="optional"/>
192 <attribute name="localRelayState" type="boolean" use="optional" default="false"/>
193 <anyAttribute namespace="##other" processContents="lax"/>
196 <element name="ISAPI">
199 <element name="Site" maxOccurs="unbounded">
202 <element name="Alias" type="string" minOccurs="0" maxOccurs="unbounded"/>
204 <attribute name="id" type="unsignedInt" use="required"/>
205 <attribute name="name" type="string" use="required"/>
206 <attribute name="port" type="unsignedInt" use="optional"/>
207 <attribute name="sslport" type="unsignedInt" use="optional"/>
208 <attribute name="scheme" type="string" use="optional"/>
211 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
213 <attribute name="normalizeRequest" type="boolean" use="optional"/>
214 <anyAttribute namespace="##other" processContents="lax"/>
217 <element name="NSAPI" type="anyType"/>
218 <element name="Java" type="anyType"/>
220 <element name="AccessControl" type="conf:UniOperatorType">
223 A simple example access policy language extension that supersedes Apache .htaccess
227 <element name="OR" type="conf:MultiOperatorType"/>
228 <element name="AND" type="conf:MultiOperatorType"/>
229 <element name="NOT" type="conf:UniOperatorType"/>
230 <complexType name="UniOperatorType">
232 <element ref="conf:AND"/>
233 <element ref="conf:OR"/>
234 <element ref="conf:NOT"/>
235 <element ref="conf:Rule"/>
238 <complexType name="MultiOperatorType">
239 <choice minOccurs="2" maxOccurs="unbounded">
240 <element ref="conf:AND"/>
241 <element ref="conf:OR"/>
242 <element ref="conf:NOT"/>
243 <element ref="conf:Rule"/>
246 <element name="Rule">
249 <extension base="conf:listOfStrings">
250 <attribute name="require" type="string" use="required"/>
255 <simpleType name="listOfStrings">
256 <list itemType="string"/>
259 <attributeGroup name="ContentSettings">
260 <attribute name="authType" type="string" use="optional"/>
261 <attribute name="requireSession" type="boolean" use="optional"/>
262 <attribute name="requireSessionWith" type="string" use="optional"/>
263 <attribute name="exportAssertion" type="boolean" use="optional"/>
264 <anyAttribute namespace="##other" processContents="lax"/>
266 <element name="AccessControlProvider" type="conf:PluggableType"/>
267 <element name="htaccess" type="conf:PluggableType"/>
269 <element name="RequestMap">
272 Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
277 <choice minOccurs="0">
278 <element ref="conf:htaccess"/>
279 <element ref="conf:AccessControl"/>
280 <element ref="conf:AccessControlProvider"/>
282 <element ref="conf:Host" minOccurs="0" maxOccurs="unbounded"/>
284 <attribute name="applicationId" type="string" fixed="default"/>
285 <attributeGroup ref="conf:ContentSettings"/>
289 <element name="Host">
292 <choice minOccurs="0">
293 <element ref="conf:htaccess"/>
294 <element ref="conf:AccessControl"/>
295 <element ref="conf:AccessControlProvider"/>
297 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
299 <attribute name="scheme" use="optional">
301 <restriction base="string">
302 <enumeration value="http"/>
303 <enumeration value="https"/>
304 <enumeration value="ftp"/>
305 <enumeration value="ldap"/>
306 <enumeration value="ldaps"/>
310 <attribute name="name" type="string" use="required"/>
311 <attribute name="port" type="unsignedInt" use="optional"/>
312 <attribute name="applicationId" type="string" use="optional"/>
313 <attributeGroup ref="conf:ContentSettings"/>
317 <element name="Path">
320 <choice minOccurs="0">
321 <element ref="conf:htaccess"/>
322 <element ref="conf:AccessControl"/>
323 <element ref="conf:AccessControlProvider"/>
325 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
327 <attribute name="name" type="string" use="required"/>
328 <attribute name="applicationId" type="string" use="optional"/>
329 <attributeGroup ref="conf:ContentSettings"/>
333 <element name="Applications">
335 <documentation>Container for global target settings and application-specific overrides</documentation>
339 <element ref="conf:Sessions"/>
340 <element ref="conf:Errors"/>
341 <element ref="conf:CredentialUse" minOccurs="0"/>
342 <choice minOccurs="0" maxOccurs="unbounded">
343 <element ref="saml:AttributeDesignator"/>
344 <element ref="saml:Audience"/>
345 <element name="AAPProvider" type="conf:PluggableType"/>
346 <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
347 <element name="MetadataProvider" type="conf:PluggableType"/>
348 <element name="TrustProvider" type="conf:PluggableType"/>
350 <element ref="conf:Application" minOccurs="0" maxOccurs="unbounded"/>
352 <attribute name="id" type="string" fixed="default"/>
353 <attribute name="providerId" type="anyURI" use="required"/>
354 <attribute name="homeURL" type="anyURI" use="optional"/>
355 <anyAttribute namespace="##other" processContents="lax"/>
359 <element name="Application">
361 <documentation>Container for application-specific overrides</documentation>
365 <element ref="conf:Sessions" minOccurs="0"/>
366 <element ref="conf:Errors" minOccurs="0"/>
367 <element ref="conf:CredentialUse" minOccurs="0"/>
368 <choice minOccurs="0" maxOccurs="unbounded">
369 <element ref="saml:AttributeDesignator"/>
370 <element ref="saml:Audience"/>
371 <element name="AAPProvider" type="conf:PluggableType"/>
372 <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
373 <element name="MetadataProvider" type="conf:PluggableType"/>
374 <element name="TrustProvider" type="conf:PluggableType"/>
377 <attribute name="id" type="string" use="required"/>
378 <attribute name="providerId" type="anyURI" use="optional"/>
379 <attribute name="homeURL" type="anyURI" use="optional"/>
380 <anyAttribute namespace="##other" processContents="lax"/>
384 <element name="KeyInfoResolver" type="conf:PluggableType">
387 Custom plug-in that resolves ds:KeyInfo elements into public keys, used in
388 TrustProvider elements.
393 <element name="Sessions">
395 <documentation>Container for specifying app session establishment and policy</documentation>
398 <choice minOccurs="0" maxOccurs="unbounded">
399 <element ref="conf:SessionInitiator"/>
400 <element ref="md:AssertionConsumerService"/>
401 <element ref="md:SingleLogoutService"/>
402 <element ref="conf:DiagnosticService"/>
403 <element name="ExtensionService" type="conf:PluggableType"/>
405 <!-- deprecated --> <attribute name="wayfURL" type="anyURI" use="optional"/>
406 <!-- deprecated --> <attribute name="shireURL" type="anyURI" use="optional"/>
407 <!-- deprecated --> <attribute name="shireSSL" type="boolean" use="optional"/>
408 <attribute name="handlerURL" type="anyURI" use="optional"/>
409 <attribute name="handlerSSL" type="boolean" use="optional" default="true"/>
410 <attribute name="cookieName" type="string" use="optional"/>
411 <attribute name="cookieProps" type="string" use="optional"/>
412 <attribute name="idpHistory" type="boolean" use="optional" default="true"/>
413 <attribute name="idpHistoryDays" type="unsignedInt" use="optional"/>
414 <attribute name="lifetime" type="unsignedInt" use="optional"/>
415 <attribute name="timeout" type="unsignedInt" use="optional"/>
416 <attribute name="checkAddress" type="boolean" use="optional"/>
417 <attribute name="consistentAddress" type="boolean" use="optional" default="true"/>
418 <attribute name="checkReplay" type="boolean" use="optional" default="true"/>
419 <anyAttribute namespace="##other" processContents="lax"/>
422 <element name="SessionInitiator">
424 <documentation>Used to specify WAYF/Discovery services (external or internal)</documentation>
428 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
430 <attribute name="Location" type="anyURI" use="required"/>
431 <attribute name="Binding" type="anyURI" use="required"/>
432 <attribute name="wayfURL" type="anyURI" use="optional"/>
433 <attribute name="wayfBinding" type="anyURI" use="optional"/>
434 <attribute name="checkCDC" type="anyURI" use="optional"/>
435 <attribute name="isDefault" type="boolean" use="optional"/>
436 <attribute name="id" type="string" use="optional"/>
437 <anyAttribute namespace="##any" processContents="lax"/>
440 <element name="DiagnosticService">
442 <documentation>Used to specify internal diagnostic capabilities</documentation>
446 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
448 <attribute name="Location" type="anyURI" use="required"/>
449 <attribute name="Binding" type="anyURI" use="required"/>
450 <attribute name="echo" type="boolean" use="optional"/>
451 <attribute name="log" type="boolean" use="optional"/>
452 <attribute name="config" type="boolean" use="optional"/>
453 <attribute name="acl" use="optional">
455 <list itemType="string"/>
458 <anyAttribute namespace="##any" processContents="lax"/>
462 <element name="Errors">
464 <documentation>Container for error templates and associated details</documentation>
468 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
470 <!-- deprecated --> <attribute name="shire" type="anyURI" use="optional"/>
471 <attribute name="session" type="anyURI" use="optional"/>
472 <attribute name="metadata" type="anyURI" use="optional"/>
473 <attribute name="rm" type="anyURI" use="required"/>
474 <attribute name="access" type="anyURI" use="optional"/>
475 <attribute name="supportContact" type="string" use="optional"/>
476 <attribute name="logoLocation" type="anyURI" use="optional"/>
477 <attribute name="styleSheet" type="anyURI" use="optional"/>
478 <anyAttribute namespace="##any" processContents="lax"/>
482 <attributeGroup name="CredentialUseGroup">
483 <attribute name="TLS" type="string" use="optional"/>
484 <attribute name="Signing" type="string" use="optional"/>
485 <attribute name="signRequest" type="boolean" use="optional" default="false"/>
486 <attribute name="signatureAlg" type="anyURI" use="optional"/>
487 <attribute name="digestAlg" type="anyURI" use="optional"/>
488 <attribute name="signedResponse" type="boolean" use="optional" default="false"/>
489 <attribute name="signedAssertions" type="boolean" use="optional" default="false"/>
490 <attribute name="authType" use="optional">
492 <restriction base="string">
493 <enumeration value="basic"/>
494 <enumeration value="digest"/>
495 <enumeration value="ntlm"/>
496 <enumeration value="gss"/>
500 <attribute name="authUsername" use="optional"/>
501 <attribute name="authPassword" use="optional"/>
504 <element name="CredentialUse">
506 <documentation>Container for specifying credentials to use</documentation>
510 <element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
513 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
515 <attribute name="Name" type="string" use="required"/>
516 <attributeGroup ref="conf:CredentialUseGroup"/>
517 <anyAttribute namespace="##other" processContents="lax"/>
520 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
522 <attributeGroup ref="conf:CredentialUseGroup"/>
523 <anyAttribute namespace="##other" processContents="lax"/>
527 <element name="AttributeFactory">
529 <documentation>Specifies a plugin that implements a specialized SAML attribute</documentation>
533 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
535 <attribute name="type" type="string" use="required"/>
536 <attribute name="AttributeName" type="string" use="required"/>
537 <anyAttribute namespace="##other" processContents="lax"/>