<?xml version="1.0" encoding="UTF-8"?>
-
-<schema targetNamespace="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns="http://www.w3.org/2001/XMLSchema"
- xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns:afp="urn:mace:shibboleth:2.0:afp" version="2.0">
+<schema xmlns="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns:afp="urn:mace:shibboleth:2.0:afp" targetNamespace="urn:mace:shibboleth:2.0:afp:mf:saml" elementFormDefault="qualified">
<import namespace="urn:mace:shibboleth:2.0:afp" schemaLocation="classpath:/schema/shibboleth-2.0-afp.xsd" />
<annotation>
<documentation>
- A set of SAML specific match functions. These match functions only operate against a SAMLFilterContext.
+ A set of SAML specific match functions. These match functions only operate against a
+ SAMLFilterContext.
</documentation>
</annotation>
+ <complexType name="AttributeIssuerEntityAttributeExactMatch">
+ <annotation>
+ <documentation>
+ A match function that checks if the attribute issuer contains an entity attribute with the
+ specified value.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="saml:EntityAttributeExactMatchType"/>
+ </complexContent>
+ </complexType>
+
+ <complexType name="AttributeRequesterEntityAttributeExactMatch">
+ <annotation>
+ <documentation>
+ A match function that checks if the attribute requester contains an entity attribute with the
+ specified value.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="saml:EntityAttributeExactMatchType"/>
+ </complexContent>
+ </complexType>
+
+ <complexType name="EntityAttributeExactMatchType" abstract="true">
+ <complexContent>
+ <extension base="afp:MatchFunctorType">
+ <attribute name="attributeName" type="string" use="required">
+ <annotation>
+ <documentation>The name of the entity attribute to match.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="attributeNameFormat" type="string" use="optional">
+ <annotation>
+ <documentation>The name format of the entity attribute to match.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="attributeValue" type="string" use="required">
+ <annotation>
+ <documentation>The value of the entity attribute to match.</documentation>
+ </annotation>
+ </attribute>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <complexType name="AttributeIssuerEntityAttributeRegexMatch">
+ <annotation>
+ <documentation>
+ A match function that checks if the attribute issuer contains an entity attribute with a
+ value that matches the given regular expression.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="saml:EntityAttributeRegexMatchType"/>
+ </complexContent>
+ </complexType>
+
+ <complexType name="AttributeRequesterEntityAttributeRegexMatch">
+ <annotation>
+ <documentation>
+ A match function that checks if the attribute requester contains an entity attribute with a
+ value that matches the given regular expression.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="saml:EntityAttributeRegexMatchType"/>
+ </complexContent>
+ </complexType>
+
+ <complexType name="EntityAttributeRegexMatchType" abstract="true">
+ <complexContent>
+ <extension base="afp:MatchFunctorType">
+ <attribute name="attributeName" type="string" use="required">
+ <annotation>
+ <documentation>The name of the entity attribute to match.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="attributeNameFormat" type="string" use="optional">
+ <annotation>
+ <documentation>The name format of the entity attribute to match.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="attributeValueRegex" type="string" use="required">
+ <annotation>
+ <documentation>The regular expression that must match the value of the entity attribute to
+ match.</documentation>
+ </annotation>
+ </attribute>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <complexType name="AttributeIssuerNameIDFormatExactMatch">
+ <annotation>
+ <documentation>
+ A match function that evaluates to true if the attribute issuer supports a specified
+ NameID format.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="saml:NameIDFormatExactMatchType"/>
+ </complexContent>
+ </complexType>
+
+ <complexType name="AttributeRequesterNameIDFormatExactMatch">
+ <annotation>
+ <documentation>
+ A match function that evaluates to true if the attribute requester supports a specified
+ NameID format.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="saml:NameIDFormatExactMatchType"/>
+ </complexContent>
+ </complexType>
+
+ <complexType name="NameIDFormatExactMatchType" abstract="true">
+ <complexContent>
+ <extension base="afp:MatchFunctorType">
+ <attribute name="nameIdFormat" type="string" use="required">
+ <annotation>
+ <documentation>The NameID format that needs to be supported by the entity.</documentation>
+ </annotation>
+ </attribute>
+ </extension>
+ </complexContent>
+ </complexType>
+
<complexType name="AttributeRequesterInEntityGroup">
<annotation>
<documentation>
</complexContent>
</complexType>
- <complexType name="NameIDQualifierString">
- <annotation>
- <documentation>
- A match function that ensures that a NameID-valued attribute's qualifier(s), if set, match particular values.
- </documentation>
- </annotation>
- <complexContent>
- <extension base="afp:MatchFunctorType">
- <attribute name="attributeID" type="string">
- <annotation>
+ <complexType name="NameIDQualifierString">
+ <annotation>
<documentation>
- The ID of the attribute whose qualifiers should be matched. If no attribute ID is specified the
- ID of the containing attribute rule is assumed.
+ A match function that ensures that a NameID-valued attribute's qualifier(s), if set, match particular values.
</documentation>
- </annotation>
- </attribute>
- <attribute name="NameQualifier" type="string">
- <annotation>
+ </annotation>
+ <complexContent>
+ <extension base="afp:MatchFunctorType">
+ <attribute name="attributeID" type="string">
+ <annotation>
+ <documentation>
+ The ID of the attribute whose qualifiers should be matched. If no attribute ID is specified the
+ ID of the containing attribute rule is assumed.
+ </documentation>
+ </annotation>
+ </attribute>
+ <attribute name="NameQualifier" type="string">
+ <annotation>
+ <documentation>
+ A value to require in the NameQualifier field, or if omitted, require that it match the issuing IdP's entityID.
+ </documentation>
+ </annotation>
+ </attribute>
+ <attribute name="SPNameQualifier" type="string">
+ <annotation>
+ <documentation>
+ A value to require in the SPNameQualifier field, or if omitted, require that it match the SP's entityID.
+ </documentation>
+ </annotation>
+ </attribute>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <complexType name="AttributeIssuerEntityMatcher">
+ <annotation>
<documentation>
- A value to require in the NameQualifier field, or if omitted, require that it match the issuing IdP's entityID.
+ A match function that checks if the attribute issuer matches pluggable criteria.
</documentation>
- </annotation>
- </attribute>
- <attribute name="SPNameQualifier" type="string">
- <annotation>
+ </annotation>
+ <complexContent>
+ <extension base="saml:EntityMatcherType"/>
+ </complexContent>
+ </complexType>
+
+ <complexType name="AttributeRequesterEntityMatcher">
+ <annotation>
<documentation>
- A value to require in the SPNameQualifier field, or if omitted, require that it match the SP's entityID.
+ A match function that checks if the attribute requester matches pluggable criteria.
</documentation>
- </annotation>
- </attribute>
- </extension>
- </complexContent>
- </complexType>
-
+ </annotation>
+ <complexContent>
+ <extension base="saml:EntityMatcherType"/>
+ </complexContent>
+ </complexType>
+
+ <complexType name="EntityMatcherType" abstract="true">
+ <complexContent>
+ <extension base="afp:MatchFunctorType">
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="matcher" type="string" use="required">
+ <annotation>
+ <documentation>
+ The type of plugin to apply as a matching mechanism.
+ </documentation>
+ </annotation>
+ </attribute>
+ <anyAttribute namespace="##any" processContents="lax"/>
+ </extension>
+ </complexContent>
+ </complexType>
+
</schema>
\ No newline at end of file