+ </element>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="logger" type="anyURI"/>
+ <attribute name="unsetHeaderValue" type="conf:string"/>
+ <attribute name="checkSpoofing" type="boolean"/>
+ <attribute name="spoofKey" type="conf:string"/>
+ <attribute name="catchAll" type="boolean"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </complexType>
+
+ <element name="AccessControl" type="conf:UniOperatorType">
+ <annotation>
+ <documentation>
+ A simple example access policy language extension that supersedes Apache .htaccess
+ </documentation>
+ </annotation>
+ </element>
+ <complexType name="UniOperatorType">
+ <choice>
+ <element name="AND" type="conf:MultiOperatorType"/>
+ <element name="OR" type="conf:MultiOperatorType"/>
+ <element name="NOT" type="conf:UniOperatorType"/>
+ <element name="Rule" type="conf:RuleType"/>
+ <element name="RuleRegex" type="conf:RuleRegexType"/>
+ </choice>
+ </complexType>
+ <complexType name="MultiOperatorType">
+ <choice minOccurs="2" maxOccurs="unbounded">
+ <element name="AND" type="conf:MultiOperatorType"/>
+ <element name="OR" type="conf:MultiOperatorType"/>
+ <element name="NOT" type="conf:UniOperatorType"/>
+ <element name="Rule" type="conf:RuleType"/>
+ <element name="RuleRegex" type="conf:RuleRegexType"/>
+ </choice>
+ </complexType>
+ <complexType name="RuleType">
+ <simpleContent>
+ <extension base="conf:listOfStrings">
+ <attribute name="require" type="conf:string" use="required"/>
+ <attribute name="list" type="boolean"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <complexType name="RuleRegexType">
+ <simpleContent>
+ <extension base="conf:string">
+ <attribute name="require" type="conf:string" use="required"/>
+ <attribute name="ignoreCase" type="boolean"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+ <attributeGroup name="ContentSettings">
+ <attribute name="authType" type="conf:string"/>
+ <attribute name="requireSession" type="boolean"/>
+ <attribute name="requireSessionWith" type="conf:string"/>
+ <attribute name="exportAssertion" type="boolean"/>
+ <attribute name="redirectToSSL" type="unsignedInt"/>
+ <attribute name="entityID" type="anyURI"/>
+ <attribute name="discoveryURL" type="anyURI"/>
+ <attribute name="isPassive" type="boolean"/>
+ <attribute name="returnOnError" type="boolean"/>
+ <attribute name="forceAuthn" type="boolean"/>
+ <attribute name="authnContextClassRef" type="anyURI"/>
+ <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
+ <attribute name="NameIDFormat" type="anyURI"/>
+ <attribute name="SPNameQualifier" type="conf:string"/>
+ <attribute name="redirectErrors" type="anyURI"/>
+ <attribute name="sessionError" type="anyURI"/>
+ <attribute name="metadataError" type="anyURI"/>
+ <attribute name="accessError" type="anyURI"/>
+ <attribute name="sslError" type="anyURI"/>
+ <attribute name="target" type="anyURI"/>
+ <attribute name="acsIndex" type="unsignedShort"/>
+ <attribute name="REMOTE_ADDR" type="conf:string"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </attributeGroup>
+
+ <element name="RequestMap">
+ <annotation>
+ <documentation>
+ Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
+ </documentation>
+ </annotation>
+ <complexType>
+ <sequence>
+ <choice minOccurs="0">
+ <element name="htaccess" type="conf:PluggableType"/>
+ <element ref="conf:AccessControl"/>
+ <element name="AccessControlProvider" type="conf:PluggableType"/>
+ </choice>
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element name="Host" type="conf:HostType"/>
+ <element name="HostRegex" type="conf:HostRegexType"/>
+ </choice>
+ </sequence>
+ <attribute name="applicationId" type="conf:string" fixed="default"/>
+ <attributeGroup ref="conf:ContentSettings"/>
+ </complexType>
+ </element>
+
+ <complexType name="HostType">
+ <sequence>
+ <choice minOccurs="0">
+ <element name="htaccess" type="conf:PluggableType"/>
+ <element ref="conf:AccessControl"/>
+ <element name="AccessControlProvider" type="conf:PluggableType"/>
+ </choice>
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element name="Path" type="conf:PathType"/>
+ <element name="PathRegex" type="conf:PathRegexType"/>
+ <element name="Query" type="conf:QueryType"/>
+ </choice>
+ </sequence>
+ <attribute name="scheme">
+ <simpleType>
+ <restriction base="conf:string">
+ <enumeration value="http"/>
+ <enumeration value="https"/>
+ <enumeration value="ftp"/>
+ <enumeration value="ldap"/>
+ <enumeration value="ldaps"/>
+ </restriction>
+ </simpleType>
+ </attribute>
+ <attribute name="name" type="conf:string" use="required"/>
+ <attribute name="port" type="unsignedInt"/>
+ <attribute name="applicationId" type="conf:string"/>
+ <attributeGroup ref="conf:ContentSettings"/>
+ </complexType>
+
+ <complexType name="HostRegexType">
+ <sequence>
+ <choice minOccurs="0">
+ <element name="htaccess" type="conf:PluggableType"/>
+ <element ref="conf:AccessControl"/>
+ <element name="AccessControlProvider" type="conf:PluggableType"/>
+ </choice>
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element name="Path" type="conf:PathType"/>
+ <element name="PathRegex" type="conf:PathRegexType"/>
+ <element name="Query" type="conf:QueryType"/>
+ </choice>
+ </sequence>
+ <attribute name="regex" type="conf:string" use="required"/>
+ <attribute name="ignoreCase" type="boolean"/>
+ <attribute name="applicationId" type="conf:string"/>
+ <attributeGroup ref="conf:ContentSettings"/>
+ </complexType>
+
+ <complexType name="PathType">
+ <sequence>
+ <choice minOccurs="0">
+ <element name="htaccess" type="conf:PluggableType"/>
+ <element ref="conf:AccessControl"/>
+ <element name="AccessControlProvider" type="conf:PluggableType"/>
+ </choice>
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element name="Path" type="conf:PathType"/>
+ <element name="PathRegex" type="conf:PathRegexType"/>
+ <element name="Query" type="conf:QueryType"/>
+ </choice>
+ </sequence>
+ <attribute name="name" type="conf:string" use="required"/>
+ <attribute name="applicationId" type="conf:string"/>
+ <attributeGroup ref="conf:ContentSettings"/>
+ </complexType>
+
+ <complexType name="PathRegexType">
+ <sequence>
+ <choice minOccurs="0">
+ <element name="htaccess" type="conf:PluggableType"/>
+ <element ref="conf:AccessControl"/>
+ <element name="AccessControlProvider" type="conf:PluggableType"/>
+ </choice>
+ <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="regex" type="conf:string" use="required"/>
+ <attribute name="ignoreCase" type="boolean"/>
+ <attribute name="applicationId" type="conf:string"/>
+ <attributeGroup ref="conf:ContentSettings"/>
+ </complexType>
+
+ <complexType name="QueryType">
+ <sequence>
+ <choice minOccurs="0">
+ <element name="htaccess" type="conf:PluggableType"/>
+ <element ref="conf:AccessControl"/>
+ <element name="AccessControlProvider" type="conf:PluggableType"/>
+ </choice>
+ <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="name" type="conf:string" use="required"/>
+ <attribute name="regex" type="conf:string"/>
+ <attributeGroup ref="conf:ContentSettings"/>
+ </complexType>
+
+ <complexType name="ApplicationDefaultsType">
+ <annotation>
+ <documentation>Container for default settings and application-specific overrides</documentation>
+ </annotation>
+ <sequence>
+ <element name="Sessions" type="conf:SessionsType"/>
+ <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
+ <element name="RelyingParty" type="conf:RelyingPartyType" minOccurs="0" maxOccurs="unbounded"/>
+ <element name="Notify" type="conf:NotifyType" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
+ <element name="MetadataProvider" type="conf:PluggableType"/>
+ <element name="TrustEngine" type="conf:PluggableType"/>
+ <element name="AttributeExtractor" type="conf:PluggableType" minOccurs="0"/>
+ <element name="AttributeResolver" type="conf:PluggableType" minOccurs="0"/>
+ <element name="AttributeFilter" type="conf:PluggableType" minOccurs="0"/>
+ <element name="CredentialResolver" type="conf:PluggableType" minOccurs="0"/>
+ <element name="ApplicationOverride" type="conf:ApplicationOverrideType" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="id" type="conf:string" fixed="default"/>
+ <attribute name="entityID" type="anyURI" use="required"/>
+ <attribute name="policyId" type="conf:string" use="required"/>
+ <attributeGroup ref="conf:ApplicationGroup"/>
+ <attributeGroup ref="conf:RelyingPartyGroup"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </complexType>
+
+ <complexType name="ApplicationOverrideType">
+ <annotation>
+ <documentation>Container for application-specific overrides</documentation>
+ </annotation>
+ <sequence>
+ <element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
+ <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
+ <element name="RelyingParty" type="conf:RelyingPartyType" minOccurs="0" maxOccurs="unbounded"/>
+ <element name="Notify" type="conf:NotifyType" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
+ <element name="MetadataProvider" type="conf:PluggableType" minOccurs="0"/>
+ <element name="TrustEngine" type="conf:PluggableType" minOccurs="0"/>
+ <element name="AttributeExtractor" type="conf:PluggableType" minOccurs="0"/>
+ <element name="AttributeResolver" type="conf:PluggableType" minOccurs="0"/>
+ <element name="AttributeFilter" type="conf:PluggableType" minOccurs="0"/>
+ <element name="CredentialResolver" type="conf:PluggableType" minOccurs="0"/>
+ </sequence>
+ <attribute name="id" type="conf:string" use="required"/>
+ <attribute name="entityID" type="anyURI"/>
+ <attribute name="policyId" type="conf:string"/>
+ <attributeGroup ref="conf:ApplicationGroup"/>
+ <attributeGroup ref="conf:RelyingPartyGroup"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </complexType>
+
+ <attributeGroup name="ApplicationGroup">
+ <attribute name="homeURL" type="anyURI"/>
+ <attribute name="REMOTE_USER" type="conf:listOfStrings"/>
+ <attribute name="unsetHeaders" type="conf:listOfStrings"/>
+ <attribute name="metadataAttributePrefix" type="conf:string"/>
+ <attribute name="attributePrefix" type="conf:string"/>
+ </attributeGroup>
+
+ <attributeGroup name="RelyingPartyGroup">
+ <attribute name="authType" type="conf:string"/>
+ <attribute name="authUsername" type="conf:string"/>
+ <attribute name="authPassword" type="conf:string"/>
+ <attribute name="signing" type="conf:bindingBoolean"/>
+ <attribute name="signingAlg" type="anyURI"/>
+ <attribute name="digestAlg" type="anyURI"/>
+ <attribute name="encryption" type="conf:bindingBoolean"/>
+ <attribute name="encryptionAlg" type="anyURI"/>
+ <attribute name="keyName" type="conf:string"/>
+ <attribute name="artifactEndpointIndex" type="unsignedShort"/>
+ <attribute name="chunkedEncoding" type="boolean"/>
+ <attribute name="connectTimeout" type="unsignedShort"/>
+ <attribute name="timeout" type="unsignedShort"/>
+ <attribute name="requireConfidentiality" type="boolean"/>
+ <attribute name="requireTransportAuth" type="boolean"/>
+ <attribute name="requireSignedAssertions" type="boolean"/>
+ </attributeGroup>
+
+ <complexType name="SessionsType">
+ <annotation>
+ <documentation>Container for specifying protocol handlers and session policy</documentation>
+ </annotation>
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="conf:SessionInitiator"/>
+ <element ref="conf:LogoutInitiator"/>
+ <element ref="md:AssertionConsumerService"/>
+ <element ref="md:ArtifactResolutionService"/>
+ <element ref="md:SingleLogoutService"/>
+ <element ref="md:ManageNameIDService"/>
+ <element name="Handler">