projects / shibboleth / sp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Removed wildcard.
[shibboleth/sp.git] / schemas / shibboleth-targetconfig-1.0.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:target:config:1.0"
3         xmlns="http://www.w3.org/2001/XMLSchema"
4         xmlns:conf="urn:mace:shibboleth:target:config:1.0"
5         xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
6         xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
7         elementFormDefault="qualified"
8         attributeFormDefault="unqualified"
9         blockDefault="substitution"
10         version="1.1">
11
12         <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
13         <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
14
15         <annotation>
16                 <documentation>
17         1.0 schema for XML-based configuration of Shibboleth target libraries and modules.
18         First appearing in Shibboleth 1.2 release.
19         </documentation>
20     </annotation>
21
22         <complexType name="PluggableType">
23                 <sequence>
24                         <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
25                 </sequence>
26                 <attribute name="type" type="string" use="required"/>
27                 <attribute name="uri" type="anyURI" use="optional"/>
28                 <anyAttribute namespace="##any" processContents="lax"/>
29         </complexType>
30
31         <element name="ShibbolethTargetConfig" type="conf:SPConfigType"/>
32         <element name="SPConfig" type="conf:SPConfigType"/>
33         <complexType name="SPConfigType">
34                 <annotation>
35                         <documentation>Root element of configuration file</documentation>
36                 </annotation>
37                 <sequence>
38                         <element ref="conf:Extensions" minOccurs="0"/>
39                         <choice minOccurs="0">
40                                 <element name="Global" type="conf:GlobalConfigurationType"/>
41                                 <element name="SHAR" type="conf:GlobalConfigurationType"/>
42                         </choice>
43                         <choice minOccurs="0">
44                                 <element name="Local" type="conf:LocalConfigurationType"/>
45                                 <element name="SHIRE" type="conf:LocalConfigurationType"/>
46                         </choice>
47                         <element ref="conf:Applications"/>
48                         <element name="CredentialsProvider" type="conf:PluggableType" minOccurs="0" maxOccurs="unbounded"/>
49                 </sequence>
50                 <attribute name="logger" type="anyURI" use="optional"/>
51                 <attribute name="clockSkew" type="unsignedInt" use="optional"/>
52                 <anyAttribute namespace="##other" processContents="lax"/>
53         </complexType>
54
55         <element name="Extensions">
56                 <annotation>
57                         <documentation>Container for extension libraries and custom configuration</documentation>
58                 </annotation>
59                 <complexType>
60                         <sequence>
61                                 <element name="Library" minOccurs="0" maxOccurs="unbounded">
62                                         <complexType>
63                                                 <sequence>
64                                                         <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
65                                                 </sequence>
66                                                 <attribute name="path" type="anyURI" use="required"/>
67                                                 <attribute name="fatal" type="boolean" use="optional"/>
68                                                 <anyAttribute namespace="##other" processContents="lax"/>
69                                         </complexType>
70                                 </element>
71                                 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
72                         </sequence>
73                 </complexType>
74         </element>
75
76         <complexType name="GlobalConfigurationType">
77                 <annotation>
78                         <documentation>Container for global (server independent) configuration</documentation>
79                 </annotation>
80                 <sequence>
81                         <element ref="conf:Extensions" minOccurs="0"/>
82                         <choice>
83                                 <element name="UnixListener">
84                                         <complexType>
85                                                 <attribute name="address" type="string" use="required"/>
86                                         </complexType>
87                                 </element>
88                                 <element name="TCPListener">
89                                         <complexType>
90                                                 <attribute name="address" type="string" use="required"/>
91                                                 <attribute name="port" type="unsignedInt" use="required"/>
92                                                 <attribute name="acl" use="optional" default="127.0.0.1">
93                                                         <simpleType>
94                                                                 <list itemType="string"/>
95                                                         </simpleType>
96                                                 </attribute>
97                                         </complexType>
98                                 </element>
99                                 <element name="Listener" type="conf:PluggableType"/>
100                         </choice>
101                         <choice>
102                                 <element name="MemorySessionCache">
103                                         <complexType>
104                                                 <attributeGroup ref="conf:SessionCacheProperties"/>
105                                                 <anyAttribute namespace="##other" processContents="lax"/>
106                                         </complexType>
107                                 </element>
108                                 <element name="MySQLSessionCache">
109                                         <complexType>
110                                                 <sequence>
111                                                         <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
112                                                 </sequence>
113                                                 <attributeGroup ref="conf:SessionCacheProperties"/>
114                                                 <attribute name="mysqlTimeout" type="unsignedInt" use="optional" default="14400"/>
115                                                 <attribute name="storeAttributes" type="boolean" use="optional" default="false"/>
116                                                 <anyAttribute namespace="##other" processContents="lax"/>
117                                         </complexType>
118                                 </element>
119                                 <element name="SessionCache">
120                                         <complexType>
121                                                 <complexContent>
122                                                         <extension base="conf:PluggableType">
123                                                                 <attributeGroup ref="conf:SessionCacheProperties"/>
124                                                         </extension>
125                                                 </complexContent>
126                                         </complexType>
127                                 </element>
128                         </choice>
129                         <choice minOccurs="0">
130                                 <element name="MySQLReplayCache">
131                                         <complexType>
132                                                 <sequence>
133                                                         <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
134                                                 </sequence>
135                                                 <anyAttribute namespace="##other" processContents="lax"/>
136                                         </complexType>
137                                 </element>
138                                 <element name="ReplayCache" type="conf:PluggableType"/>
139                         </choice>
140                         <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
141                 </sequence>
142                 <attribute name="logger" type="anyURI" use="optional"/>
143                 <anyAttribute namespace="##other" processContents="lax"/>
144         </complexType>
145
146         <attributeGroup name="SessionCacheProperties">
147         <attribute name="cleanupInterval" type="unsignedInt" use="optional" default="300"/>
148         <attribute name="cacheTimeout" type="unsignedInt" use="optional" default="28800"/>
149                 <attribute name="AAConnectTimeout" type="unsignedInt" use="optional" default="15"/>
150                 <attribute name="AATimeout" type="unsignedInt" use="optional" default="30"/>
151                 <attribute name="defaultLifetime" type="unsignedInt" use="optional" default="1800"/>
152                 <attribute name="retryInterval" type="unsignedInt" use="optional" default="300"/>
153                 <attribute name="strictValidity" type="boolean" use="optional" default="true"/>
154                 <attribute name="propagateErrors" type="boolean" use="optional" default="false"/>
155         </attributeGroup>
156
157         <complexType name="LocalConfigurationType">
158                 <annotation>
159                         <documentation>
160                         Container for configuration of locally integrated or platform-specific
161                         features (e.g. web server filters)
162                         </documentation>
163                 </annotation>
164                 <sequence>
165                         <element ref="conf:Extensions" minOccurs="0"/>
166                         <element name="RequestMapProvider" type="conf:PluggableType" minOccurs="0"/>
167                         <element name="Implementation" minOccurs="0">
168                                 <complexType>
169                                         <choice maxOccurs="unbounded">
170                                                 <element ref="conf:ISAPI"/>
171                                                 <any namespace="##other" processContents="lax"/>
172                                         </choice>
173                                 </complexType>
174                         </element>
175                         <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
176                 </sequence>
177                 <attribute name="logger" type="anyURI" use="optional"/>
178                 <attribute name="localRelayState" type="boolean" use="optional" default="false"/>
179                 <anyAttribute namespace="##other" processContents="lax"/>
180         </complexType>
181         
182         <element name="ISAPI">
183                 <complexType>
184                         <sequence>
185                                 <element name="Site" maxOccurs="unbounded">
186                                         <complexType>
187                                                 <sequence>
188                                                         <element name="Alias" type="string" minOccurs="0" maxOccurs="unbounded"/>
189                                                 </sequence>
190                                                 <attribute name="id" type="unsignedInt" use="required"/>
191                                                 <attribute name="name" type="string" use="required"/>
192                                                 <attribute name="port" type="unsignedInt" use="optional"/>
193                                                 <attribute name="sslport" type="unsignedInt" use="optional"/>
194                                                 <attribute name="scheme" type="string" use="optional"/>
195                                         </complexType>
196                                 </element>
197                                 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
198                         </sequence>
199                         <attribute name="normalizeRequest" type="boolean" use="optional"/>
200                         <anyAttribute namespace="##other" processContents="lax"/>
201                 </complexType>
202         </element>
203         <element name="NSAPI" type="anyType"/>
204         <element name="Java" type="anyType"/>
205
206         <element name="AccessControl" type="conf:UniOperatorType">
207                 <annotation>
208                         <documentation>
209                         A simple example access policy language extension that supersedes Apache .htaccess
210                         </documentation>
211                 </annotation>
212         </element>
213         <element name="OR" type="conf:MultiOperatorType"/>
214         <element name="AND" type="conf:MultiOperatorType"/>
215         <element name="NOT" type="conf:UniOperatorType"/>
216         <complexType name="UniOperatorType">
217                 <choice>
218                         <element ref="conf:AND"/>
219                         <element ref="conf:OR"/>
220                         <element ref="conf:NOT"/>
221                         <element ref="conf:Rule"/>
222                 </choice>
223         </complexType>
224         <complexType name="MultiOperatorType">
225                 <choice minOccurs="2" maxOccurs="unbounded">
226                         <element ref="conf:AND"/>
227                         <element ref="conf:OR"/>
228                         <element ref="conf:NOT"/>
229                         <element ref="conf:Rule"/>
230                 </choice>
231         </complexType>
232         <element name="Rule">
233                 <complexType>
234                         <simpleContent>
235                                 <extension base="conf:listOfStrings">
236                                         <attribute name="require" type="string" use="required"/>
237                                 </extension>
238                         </simpleContent>
239                 </complexType>
240         </element>
241         <simpleType name="listOfStrings">
242                 <list itemType="string"/>
243         </simpleType>
244         
245         <attributeGroup name="ContentSettings">
246                 <attribute name="authType" type="string" use="optional"/>
247                 <attribute name="requireSession" type="boolean" use="optional"/>
248                 <attribute name="requireSessionWith" type="string" use="optional"/>
249                 <attribute name="exportAssertion" type="boolean" use="optional"/>
250                 <anyAttribute namespace="##other" processContents="lax"/>
251         </attributeGroup>
252         <element name="AccessControlProvider" type="conf:PluggableType"/>
253         <element name="htaccess" type="conf:PluggableType"/>
254
255     <element name="RequestMap">
256                 <annotation>
257                         <documentation>
258                         Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
259                         </documentation>
260                 </annotation>
261         <complexType>
262             <sequence>
263                 <choice minOccurs="0">
264                         <element ref="conf:htaccess"/>
265                                         <element ref="conf:AccessControl"/>
266                         <element ref="conf:AccessControlProvider"/>
267                     </choice>
268                 <element ref="conf:Host" minOccurs="0" maxOccurs="unbounded"/>
269             </sequence>
270             <attribute name="applicationId" type="string" fixed="default"/>
271                 <attributeGroup ref="conf:ContentSettings"/>
272         </complexType>
273     </element>
274
275     <element name="Host">
276         <complexType>
277                 <sequence>
278                 <choice minOccurs="0">
279                         <element ref="conf:htaccess"/>
280                                         <element ref="conf:AccessControl"/>
281                         <element ref="conf:AccessControlProvider"/>
282                     </choice>
283                         <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
284                 </sequence>
285                 <attribute name="scheme" use="optional">
286                             <simpleType>
287                                 <restriction base="string">
288                                     <enumeration value="http"/>
289                                     <enumeration value="https"/>
290                                     <enumeration value="ftp"/>
291                                     <enumeration value="ldap"/>
292                                     <enumeration value="ldaps"/>
293                                 </restriction>
294                             </simpleType>
295                 </attribute>
296                 <attribute name="name" type="string" use="required"/>
297                 <attribute name="port" type="unsignedInt" use="optional"/>
298                 <attribute name="applicationId" type="string" use="optional"/>
299                 <attributeGroup ref="conf:ContentSettings"/>
300         </complexType>
301     </element>
302
303     <element name="Path">
304         <complexType>
305                 <sequence>
306                 <choice minOccurs="0">
307                         <element ref="conf:htaccess"/>
308                                         <element ref="conf:AccessControl"/>
309                         <element ref="conf:AccessControlProvider"/>
310                     </choice>
311                         <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
312                 </sequence>
313                 <attribute name="name" type="string" use="required"/>
314                 <attribute name="applicationId" type="string" use="optional"/>
315                 <attributeGroup ref="conf:ContentSettings"/>
316         </complexType>
317     </element>
318
319         <element name="Applications">
320                 <annotation>
321                         <documentation>Container for global target settings and application-specific overrides</documentation>
322                 </annotation>
323                 <complexType>
324                         <sequence>
325                                 <element ref="conf:Sessions"/>
326                                 <element ref="conf:Errors"/>
327                                 <element ref="conf:CredentialUse" minOccurs="0"/>
328                                 <choice minOccurs="0" maxOccurs="unbounded">
329                     <element ref="saml:AttributeDesignator"/>
330                     <element ref="saml:Audience"/>
331                     <element name="AAPProvider" type="conf:PluggableType"/>
332                     <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
333                     <element name="MetadataProvider" type="conf:PluggableType"/>
334                     <element name="TrustProvider" type="conf:PluggableType"/>
335                                 </choice>
336                                 <element ref="conf:Application" minOccurs="0" maxOccurs="unbounded"/>
337                         </sequence>
338                         <attribute name="id" type="string" fixed="default"/>
339                         <attribute name="providerId" type="anyURI" use="required"/>
340                         <attribute name="homeURL" type="anyURI" use="optional"/>
341                 <anyAttribute namespace="##other" processContents="lax"/>
342                 </complexType>
343         </element>
344         
345         <element name="Application">
346                 <annotation>
347                         <documentation>Container for application-specific overrides</documentation>
348                 </annotation>
349                 <complexType>
350                         <sequence>
351                                 <element ref="conf:Sessions" minOccurs="0"/>
352                                 <element ref="conf:Errors" minOccurs="0"/>
353                                 <element ref="conf:CredentialUse" minOccurs="0"/>
354                                 <choice minOccurs="0" maxOccurs="unbounded">
355                     <element ref="saml:AttributeDesignator"/>
356                     <element ref="saml:Audience"/>
357                     <element name="AAPProvider" type="conf:PluggableType"/>
358                     <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
359                     <element name="MetadataProvider" type="conf:PluggableType"/>
360                     <element name="TrustProvider" type="conf:PluggableType"/>
361                                 </choice>
362                         </sequence>
363                         <attribute name="id" type="string" use="required"/>
364                         <attribute name="providerId" type="anyURI" use="optional"/>
365                         <attribute name="homeURL" type="anyURI" use="optional"/>
366                 <anyAttribute namespace="##other" processContents="lax"/>
367                 </complexType>
368         </element>
369
370         <element name="KeyInfoResolver" type="conf:PluggableType">
371                 <annotation>
372                         <documentation>
373                         Custom plug-in that resolves ds:KeyInfo elements into public keys, used in
374                         TrustProvider elements.
375                         </documentation>
376                 </annotation>
377         </element>
378
379         <element name="Sessions">
380                 <annotation>
381                         <documentation>Container for specifying app session establishment and policy</documentation>
382                 </annotation>
383                 <complexType>
384                         <choice minOccurs="0" maxOccurs="unbounded">
385                                 <element ref="conf:SessionInitiator"/>
386                                 <element ref="md:AssertionConsumerService"/>
387                                 <element ref="md:SingleLogoutService"/>
388                         </choice>
389                         <!-- deprecated --> <attribute name="wayfURL" type="anyURI" use="optional"/>
390                         <!-- deprecated --> <attribute name="shireURL" type="anyURI" use="optional"/>
391                         <!-- deprecated --> <attribute name="shireSSL" type="boolean" use="optional"/>
392                         <attribute name="handlerURL" type="anyURI" use="optional"/>
393                         <attribute name="handlerSSL" type="boolean" use="optional" default="true"/>
394                         <attribute name="cookieName" type="string" use="optional"/>
395                         <attribute name="cookieProps" type="string" use="optional"/>
396                         <attribute name="idpHistory" type="boolean" use="optional" default="true"/>
397                         <attribute name="idpHistoryDays" type="unsignedInt" use="optional"/>
398                         <attribute name="lifetime" type="unsignedInt" use="optional"/>
399                         <attribute name="timeout" type="unsignedInt" use="optional"/>
400                         <attribute name="checkAddress" type="boolean" use="optional"/>
401                         <attribute name="checkReplay" type="boolean" use="optional" default="true"/>
402                         <anyAttribute namespace="##other" processContents="lax"/>
403                 </complexType>
404         </element>
405         <element name="SessionInitiator">
406                 <annotation>
407                         <documentation>Used to specify WAYF/Discovery services (external or internal)</documentation>
408                 </annotation>
409                 <complexType>
410                         <sequence>
411                                 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
412                         </sequence>
413                         <attribute name="Location" type="anyURI" use="required"/>
414                         <attribute name="Binding" type="anyURI" use="required"/>
415                         <attribute name="wayfURL" type="anyURI" use="optional"/>
416                         <attribute name="wayfBinding" type="anyURI" use="optional"/>
417                         <attribute name="checkCDC" type="anyURI" use="optional"/>
418                         <attribute name="isDefault" type="boolean" use="optional"/>
419                         <attribute name="id" type="string" use="optional"/>
420                 </complexType>
421         </element>
422
423         <element name="Errors">
424                 <annotation>
425                         <documentation>Container for error templates and associated details</documentation>
426                 </annotation>
427                 <complexType>
428                         <sequence>
429                                 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
430                         </sequence>
431                         <!-- deprecated --> <attribute name="shire" type="anyURI" use="optional"/>
432                         <attribute name="session" type="anyURI" use="optional"/>
433                         <attribute name="metadata" type="anyURI" use="optional"/>
434                         <attribute name="rm" type="anyURI" use="required"/>
435                         <attribute name="access" type="anyURI" use="optional"/>
436                         <attribute name="supportContact" type="string" use="optional"/>
437                         <attribute name="logoLocation" type="anyURI" use="optional"/>
438                         <attribute name="styleSheet" type="anyURI" use="optional"/>
439                         <anyAttribute namespace="##any" processContents="lax"/>
440                 </complexType>
441         </element>
442
443         <attributeGroup name="CredentialUseGroup">
444                 <attribute name="TLS" type="string" use="required"/>
445                 <attribute name="Signing" type="string" use="required"/>
446                 <attribute name="signRequest" type="boolean" use="optional" default="false"/>
447                 <attribute name="signedResponse" type="boolean" use="optional" default="false"/>
448                 <attribute name="signedAssertions" type="boolean" use="optional" default="false"/>
449         </attributeGroup>
450
451         <element name="CredentialUse">
452                 <annotation>
453                         <documentation>Container for specifying credentials to use</documentation>
454                 </annotation>
455                 <complexType>
456                         <sequence>
457                                 <element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
458                                         <complexType>
459                                                 <sequence>
460                                                         <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
461                                                 </sequence>
462                                                 <attribute name="Name" type="string" use="required"/>
463                                                 <attributeGroup ref="conf:CredentialUseGroup"/>
464                                                 <anyAttribute namespace="##other" processContents="lax"/>
465                                         </complexType>
466                                 </element>
467                                 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
468                         </sequence>
469                         <attributeGroup ref="conf:CredentialUseGroup"/>
470                 <anyAttribute namespace="##other" processContents="lax"/>
471                 </complexType>
472         </element>
473 </schema>
474
Shibboleth SP