xmlns:am="urn:mace:shibboleth:2.0:attribute-map"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
elementFormDefault="qualified"
- version="2.3">
+ version="2.5">
<import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
<anyAttribute namespace="##any" processContents="lax"/>
</complexType>
+ <element name="GSSAPIContext" type="base64Binary">
+ <annotation>
+ <documentation>A wrapper element for GSS-API contexts.</documentation>
+ </annotation>
+ </element>
+
+ <element name="GSSAPIName" type="base64Binary">
+ <annotation>
+ <documentation>A wrapper element for GSS-API composite names.</documentation>
+ </annotation>
+ </element>
+
<element name="Attributes">
<annotation>
- <documentation>The set of SAML 1/2 attribute mappings.</documentation>
+ <documentation>The set of SAML or GSS-API attribute mappings.</documentation>
</annotation>
<complexType>
<sequence>
<element name="MetadataProvider" type="am:PluggableType" minOccurs="0"/>
<element name="TrustEngine" type="am:PluggableType" minOccurs="0"/>
<element name="AttributeFilter" type="am:PluggableType" minOccurs="0"/>
- <element name="Attribute" type="am:AttributeType" maxOccurs="unbounded"/>
+ <choice maxOccurs="unbounded">
+ <element name="Attribute" type="am:AttributeType"/>
+ <element name="GSSAPIAttribute" type="am:GSSAPIAttributeType"/>
+ </choice>
<element ref="ds:Signature" minOccurs="0"/>
</sequence>
+ <attribute name="metadataAttributeCaching" type="boolean"/>
<attribute name="metadataPolicyId" type="am:string"/>
</complexType>
</element>
<complexType name="AttributeType">
<annotation>
- <documentation>Rule for mapping a SAML 1/2 attribute to an internal attribute.</documentation>
+ <documentation>Rule for mapping a SAML attribute to an internal attribute.</documentation>
</annotation>
<sequence>
<element name="AttributeDecoder" type="am:AttributeDecoderType" minOccurs="0"/>
</annotation>
</attribute>
</complexType>
+
+ <complexType name="GSSAPIAttributeType">
+ <annotation>
+ <documentation>Rule for mapping a GSS-API naming attribute to an internal attribute.</documentation>
+ </annotation>
+ <attribute name="id" type="am:string" use="required">
+ <annotation>
+ <documentation>The internal attribute ID to which this SAML attribute maps.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="aliases" type="am:listOfStrings">
+ <annotation>
+ <documentation>Optional aliases for the internal attribute to which this SAML attribute maps.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="name" type="am:string" use="required">
+ <annotation>
+ <documentation>The name of the naming attribute.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="authenticated" type="boolean">
+ <annotation>
+ <documentation>If true, only an authenticated GSS-API naming attribute will be mapped.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="binary" type="boolean">
+ <annotation>
+ <documentation>If true, the GSS-API naming attribute will be base64-encoded for internal use.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="scopeDelimiter" type="am:string">
+ <annotation>
+ <documentation>
+ The character(s) used to delimit the scoped information from the scope.
+ </documentation>
+ </annotation>
+ </attribute>
+ </complexType>
<complexType name="AttributeDecoderType" abstract="true">
<annotation>
</attribute>
<attribute name="internal" type="boolean">
<annotation>
- <documentation>Flag controlling whether the resulting attribute should be exported for CGI use.</documentation>
+ <documentation>
+ Flag controlling whether the resulting attribute should be exported for CGI use.
+ </documentation>
+ </annotation>
+ </attribute>
+ <attribute name="langAware" type="boolean">
+ <annotation>
+ <documentation>
+ Flag controlling whether the decoder should select only the best matching value by language.
+ </documentation>
</annotation>
</attribute>
<attribute name="hashAlg" type="am:string">