1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:target:config:1.0"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:conf="urn:mace:shibboleth:target:config:1.0"
5 xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
6 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
7 elementFormDefault="qualified"
8 attributeFormDefault="unqualified"
9 blockDefault="substitution"
12 <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
13 <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
17 1.0 schema for XML-based configuration of Shibboleth target libraries and modules.
18 First appearing in Shibboleth 1.2 release.
22 <complexType name="PluggableType">
24 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
26 <attribute name="type" type="string" use="required"/>
27 <attribute name="uri" type="anyURI" use="optional"/>
28 <anyAttribute namespace="##any" processContents="lax"/>
31 <element name="ShibbolethTargetConfig" type="conf:SPConfigType"/>
32 <element name="SPConfig" type="conf:SPConfigType"/>
33 <complexType name="SPConfigType">
35 <documentation>Root element of configuration file</documentation>
38 <element ref="conf:Extensions" minOccurs="0"/>
39 <choice minOccurs="0">
40 <element name="Global" type="conf:GlobalConfigurationType"/>
41 <element name="SHAR" type="conf:GlobalConfigurationType"/>
43 <choice minOccurs="0">
44 <element name="Local" type="conf:LocalConfigurationType"/>
45 <element name="SHIRE" type="conf:LocalConfigurationType"/>
47 <element ref="conf:Applications"/>
48 <element name="CredentialsProvider" type="conf:PluggableType" minOccurs="0" maxOccurs="unbounded"/>
50 <attribute name="logger" type="anyURI" use="optional"/>
51 <attribute name="clockSkew" type="unsignedInt" use="optional"/>
52 <anyAttribute namespace="##other" processContents="lax"/>
55 <element name="Extensions">
57 <documentation>Container for extension libraries and custom configuration</documentation>
61 <element name="Library" minOccurs="0" maxOccurs="unbounded">
64 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
66 <attribute name="path" type="anyURI" use="required"/>
67 <attribute name="fatal" type="boolean" use="optional"/>
68 <anyAttribute namespace="##other" processContents="lax"/>
71 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
76 <complexType name="GlobalConfigurationType">
78 <documentation>Container for global (server independent) configuration</documentation>
81 <element ref="conf:Extensions" minOccurs="0"/>
83 <element name="UnixListener">
85 <attribute name="address" type="string" use="required"/>
88 <element name="TCPListener">
90 <attribute name="address" type="string" use="required"/>
91 <attribute name="port" type="unsignedInt" use="required"/>
92 <attribute name="acl" use="optional" default="127.0.0.1">
94 <list itemType="string"/>
99 <element name="Listener" type="conf:PluggableType"/>
102 <element name="MemorySessionCache">
104 <attributeGroup ref="conf:SessionCacheProperties"/>
105 <anyAttribute namespace="##other" processContents="lax"/>
108 <element name="MySQLSessionCache">
111 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
113 <attributeGroup ref="conf:SessionCacheProperties"/>
114 <attribute name="mysqlTimeout" type="unsignedInt" use="optional" default="14400"/>
115 <attribute name="storeAttributes" type="boolean" use="optional" default="false"/>
116 <anyAttribute namespace="##other" processContents="lax"/>
119 <element name="SessionCache">
122 <extension base="conf:PluggableType">
123 <attributeGroup ref="conf:SessionCacheProperties"/>
129 <choice minOccurs="0">
130 <element name="MySQLReplayCache">
133 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
135 <anyAttribute namespace="##other" processContents="lax"/>
138 <element name="ReplayCache" type="conf:PluggableType"/>
140 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
142 <attribute name="logger" type="anyURI" use="optional"/>
143 <anyAttribute namespace="##other" processContents="lax"/>
146 <attributeGroup name="SessionCacheProperties">
147 <attribute name="cleanupInterval" type="unsignedInt" use="optional" default="300"/>
148 <attribute name="cacheTimeout" type="unsignedInt" use="optional" default="28800"/>
149 <attribute name="AAConnectTimeout" type="unsignedInt" use="optional" default="15"/>
150 <attribute name="AATimeout" type="unsignedInt" use="optional" default="30"/>
151 <attribute name="defaultLifetime" type="unsignedInt" use="optional" default="1800"/>
152 <attribute name="retryInterval" type="unsignedInt" use="optional" default="300"/>
153 <attribute name="strictValidity" type="boolean" use="optional" default="true"/>
154 <attribute name="propagateErrors" type="boolean" use="optional" default="false"/>
157 <complexType name="LocalConfigurationType">
160 Container for configuration of locally integrated or platform-specific
161 features (e.g. web server filters)
165 <element ref="conf:Extensions" minOccurs="0"/>
166 <element name="RequestMapProvider" type="conf:PluggableType" minOccurs="0"/>
167 <element name="Implementation" minOccurs="0">
169 <choice maxOccurs="unbounded">
170 <element ref="conf:ISAPI"/>
171 <any namespace="##other" processContents="lax"/>
175 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
177 <attribute name="logger" type="anyURI" use="optional"/>
178 <attribute name="localRelayState" type="boolean" use="optional" default="false"/>
179 <anyAttribute namespace="##other" processContents="lax"/>
182 <element name="ISAPI">
185 <element name="Site" maxOccurs="unbounded">
188 <element name="Alias" type="string" minOccurs="0" maxOccurs="unbounded"/>
190 <attribute name="id" type="unsignedInt" use="required"/>
191 <attribute name="name" type="string" use="required"/>
192 <attribute name="port" type="unsignedInt" use="optional"/>
193 <attribute name="sslport" type="unsignedInt" use="optional"/>
194 <attribute name="scheme" type="string" use="optional"/>
197 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
199 <attribute name="normalizeRequest" type="boolean" use="optional"/>
200 <anyAttribute namespace="##other" processContents="lax"/>
203 <element name="NSAPI" type="anyType"/>
204 <element name="Java" type="anyType"/>
206 <element name="AccessControl" type="conf:UniOperatorType">
209 A simple example access policy language extension that supersedes Apache .htaccess
213 <element name="OR" type="conf:MultiOperatorType"/>
214 <element name="AND" type="conf:MultiOperatorType"/>
215 <element name="NOT" type="conf:UniOperatorType"/>
216 <complexType name="UniOperatorType">
218 <element ref="conf:AND"/>
219 <element ref="conf:OR"/>
220 <element ref="conf:NOT"/>
221 <element ref="conf:Rule"/>
224 <complexType name="MultiOperatorType">
225 <choice minOccurs="2" maxOccurs="unbounded">
226 <element ref="conf:AND"/>
227 <element ref="conf:OR"/>
228 <element ref="conf:NOT"/>
229 <element ref="conf:Rule"/>
232 <element name="Rule">
235 <extension base="conf:listOfStrings">
236 <attribute name="require" type="string" use="required"/>
241 <simpleType name="listOfStrings">
242 <list itemType="string"/>
245 <attributeGroup name="ContentSettings">
246 <attribute name="authType" type="string" use="optional"/>
247 <attribute name="requireSession" type="boolean" use="optional"/>
248 <attribute name="requireSessionWith" type="string" use="optional"/>
249 <attribute name="exportAssertion" type="boolean" use="optional"/>
250 <anyAttribute namespace="##other" processContents="lax"/>
252 <element name="AccessControlProvider" type="conf:PluggableType"/>
253 <element name="htaccess" type="conf:PluggableType"/>
255 <element name="RequestMap">
258 Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
263 <choice minOccurs="0">
264 <element ref="conf:htaccess"/>
265 <element ref="conf:AccessControl"/>
266 <element ref="conf:AccessControlProvider"/>
268 <element ref="conf:Host" minOccurs="0" maxOccurs="unbounded"/>
270 <attribute name="applicationId" type="string" fixed="default"/>
271 <attributeGroup ref="conf:ContentSettings"/>
275 <element name="Host">
278 <choice minOccurs="0">
279 <element ref="conf:htaccess"/>
280 <element ref="conf:AccessControl"/>
281 <element ref="conf:AccessControlProvider"/>
283 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
285 <attribute name="scheme" use="optional">
287 <restriction base="string">
288 <enumeration value="http"/>
289 <enumeration value="https"/>
290 <enumeration value="ftp"/>
291 <enumeration value="ldap"/>
292 <enumeration value="ldaps"/>
296 <attribute name="name" type="string" use="required"/>
297 <attribute name="port" type="unsignedInt" use="optional"/>
298 <attribute name="applicationId" type="string" use="optional"/>
299 <attributeGroup ref="conf:ContentSettings"/>
303 <element name="Path">
306 <choice minOccurs="0">
307 <element ref="conf:htaccess"/>
308 <element ref="conf:AccessControl"/>
309 <element ref="conf:AccessControlProvider"/>
311 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
313 <attribute name="name" type="string" use="required"/>
314 <attribute name="applicationId" type="string" use="optional"/>
315 <attributeGroup ref="conf:ContentSettings"/>
319 <element name="Applications">
321 <documentation>Container for global target settings and application-specific overrides</documentation>
325 <element ref="conf:Sessions"/>
326 <element ref="conf:Errors"/>
327 <element ref="conf:CredentialUse" minOccurs="0"/>
328 <choice minOccurs="0" maxOccurs="unbounded">
329 <element ref="saml:AttributeDesignator"/>
330 <element ref="saml:Audience"/>
331 <element name="AAPProvider" type="conf:PluggableType"/>
332 <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
333 <element name="MetadataProvider" type="conf:PluggableType"/>
334 <element name="TrustProvider" type="conf:PluggableType"/>
336 <element ref="conf:Application" minOccurs="0" maxOccurs="unbounded"/>
338 <attribute name="id" type="string" fixed="default"/>
339 <attribute name="providerId" type="anyURI" use="required"/>
340 <attribute name="homeURL" type="anyURI" use="optional"/>
341 <anyAttribute namespace="##other" processContents="lax"/>
345 <element name="Application">
347 <documentation>Container for application-specific overrides</documentation>
351 <element ref="conf:Sessions" minOccurs="0"/>
352 <element ref="conf:Errors" minOccurs="0"/>
353 <element ref="conf:CredentialUse" minOccurs="0"/>
354 <choice minOccurs="0" maxOccurs="unbounded">
355 <element ref="saml:AttributeDesignator"/>
356 <element ref="saml:Audience"/>
357 <element name="AAPProvider" type="conf:PluggableType"/>
358 <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
359 <element name="MetadataProvider" type="conf:PluggableType"/>
360 <element name="TrustProvider" type="conf:PluggableType"/>
363 <attribute name="id" type="string" use="required"/>
364 <attribute name="providerId" type="anyURI" use="optional"/>
365 <attribute name="homeURL" type="anyURI" use="optional"/>
366 <anyAttribute namespace="##other" processContents="lax"/>
370 <element name="KeyInfoResolver" type="conf:PluggableType">
373 Custom plug-in that resolves ds:KeyInfo elements into public keys, used in
374 TrustProvider elements.
379 <element name="Sessions">
381 <documentation>Container for specifying app session establishment and policy</documentation>
384 <choice minOccurs="0" maxOccurs="unbounded">
385 <element ref="conf:SessionInitiator"/>
386 <element ref="md:AssertionConsumerService"/>
387 <element ref="md:SingleLogoutService"/>
389 <!-- deprecated --> <attribute name="wayfURL" type="anyURI" use="optional"/>
390 <!-- deprecated --> <attribute name="shireURL" type="anyURI" use="optional"/>
391 <!-- deprecated --> <attribute name="shireSSL" type="boolean" use="optional"/>
392 <attribute name="handlerURL" type="anyURI" use="optional"/>
393 <attribute name="handlerSSL" type="boolean" use="optional" default="true"/>
394 <attribute name="cookieName" type="string" use="optional"/>
395 <attribute name="cookieProps" type="string" use="optional"/>
396 <attribute name="idpHistory" type="boolean" use="optional" default="true"/>
397 <attribute name="idpHistoryDays" type="unsignedInt" use="optional"/>
398 <attribute name="lifetime" type="unsignedInt" use="optional"/>
399 <attribute name="timeout" type="unsignedInt" use="optional"/>
400 <attribute name="checkAddress" type="boolean" use="optional"/>
401 <attribute name="checkReplay" type="boolean" use="optional" default="true"/>
402 <anyAttribute namespace="##other" processContents="lax"/>
405 <element name="SessionInitiator">
407 <documentation>Used to specify WAYF/Discovery services (external or internal)</documentation>
411 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
413 <attribute name="Location" type="anyURI" use="required"/>
414 <attribute name="Binding" type="anyURI" use="required"/>
415 <attribute name="wayfURL" type="anyURI" use="optional"/>
416 <attribute name="wayfBinding" type="anyURI" use="optional"/>
417 <attribute name="checkCDC" type="anyURI" use="optional"/>
418 <attribute name="isDefault" type="boolean" use="optional"/>
419 <attribute name="id" type="string" use="optional"/>
423 <element name="Errors">
425 <documentation>Container for error templates and associated details</documentation>
429 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
431 <!-- deprecated --> <attribute name="shire" type="anyURI" use="optional"/>
432 <attribute name="session" type="anyURI" use="optional"/>
433 <attribute name="metadata" type="anyURI" use="optional"/>
434 <attribute name="rm" type="anyURI" use="required"/>
435 <attribute name="access" type="anyURI" use="optional"/>
436 <attribute name="supportContact" type="string" use="optional"/>
437 <attribute name="logoLocation" type="anyURI" use="optional"/>
438 <attribute name="styleSheet" type="anyURI" use="optional"/>
439 <anyAttribute namespace="##any" processContents="lax"/>
443 <attributeGroup name="CredentialUseGroup">
444 <attribute name="TLS" type="string" use="required"/>
445 <attribute name="Signing" type="string" use="required"/>
446 <attribute name="signRequest" type="boolean" use="optional" default="false"/>
447 <attribute name="signedResponse" type="boolean" use="optional" default="false"/>
448 <attribute name="signedAssertions" type="boolean" use="optional" default="false"/>
451 <element name="CredentialUse">
453 <documentation>Container for specifying credentials to use</documentation>
457 <element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
460 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
462 <attribute name="Name" type="string" use="required"/>
463 <attributeGroup ref="conf:CredentialUseGroup"/>
464 <anyAttribute namespace="##other" processContents="lax"/>
467 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
469 <attributeGroup ref="conf:CredentialUseGroup"/>
470 <anyAttribute namespace="##other" processContents="lax"/>