<schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
elementFormDefault="qualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
- version="2.4">
+ version="2.4.2">
<import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
</restriction>
</simpleType>
+ <simpleType name="relayStateLimitType">
+ <restriction base="string">
+ <enumeration value="none"/>
+ <enumeration value="exact"/>
+ <enumeration value="host"/>
+ <enumeration value="whitelist"/>
+ </restriction>
+ </simpleType>
+
<complexType name="PluggableType">
<sequence>
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
<attribute name="checkSpoofing" type="boolean"/>
<attribute name="spoofKey" type="conf:string"/>
<attribute name="catchAll" type="boolean"/>
+ <attribute name="extraAuthTypes" type="conf:listOfStrings"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<attribute name="target" type="anyURI"/>
<attribute name="acsIndex" type="unsignedShort"/>
<attribute name="REMOTE_ADDR" type="conf:string"/>
+ <attribute name="encoding" type="conf:string"/>
<anyAttribute namespace="##other" processContents="lax"/>
</attributeGroup>
</choice>
<element ref="ds:Signature" minOccurs="0"/>
</sequence>
+ <attribute name="unicodeAware" type="boolean"/>
<attributeGroup ref="conf:ContentSettings"/>
</complexType>
</element>
<sequence>
<element name="Sessions" type="conf:SessionsType"/>
<element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
- <element name="RelyingParty" type="conf:RelyingPartyType" minOccurs="0" maxOccurs="unbounded"/>
- <element name="Notify" type="conf:NotifyType" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
- <element name="MetadataProvider" type="conf:PluggableType"/>
- <element name="TrustEngine" type="conf:PluggableType" minOccurs="0"/>
- <element name="AttributeExtractor" type="conf:PluggableType" minOccurs="0"/>
- <element name="AttributeResolver" type="conf:PluggableType" minOccurs="0"/>
- <element name="AttributeFilter" type="conf:PluggableType" minOccurs="0"/>
- <element name="CredentialResolver" type="conf:PluggableType" minOccurs="0"/>
- <element name="ApplicationOverride" type="conf:ApplicationOverrideType" minOccurs="0" maxOccurs="unbounded"/>
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element name="RelyingParty" type="conf:RelyingPartyType"/>
+ <element name="Notify" type="conf:NotifyType"/>
+ <element ref="saml:Audience"/>
+ <element name="MetadataProvider" type="conf:PluggableType"/>
+ <element name="TrustEngine" type="conf:PluggableType"/>
+ <element name="AttributeExtractor" type="conf:PluggableType"/>
+ <element name="AttributeResolver" type="conf:PluggableType"/>
+ <element name="AttributeFilter" type="conf:PluggableType"/>
+ <element name="CredentialResolver" type="conf:PluggableType"/>
+ <element name="ApplicationOverride" type="conf:ApplicationOverrideType"/>
+ </choice>
</sequence>
<attribute name="id" type="conf:string" fixed="default"/>
<attribute name="entityID" type="anyURI" use="required"/>
<sequence>
<element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
<element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
- <element name="RelyingParty" type="conf:RelyingPartyType" minOccurs="0" maxOccurs="unbounded"/>
- <element name="Notify" type="conf:NotifyType" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
- <element name="MetadataProvider" type="conf:PluggableType" minOccurs="0"/>
- <element name="TrustEngine" type="conf:PluggableType" minOccurs="0"/>
- <element name="AttributeExtractor" type="conf:PluggableType" minOccurs="0"/>
- <element name="AttributeResolver" type="conf:PluggableType" minOccurs="0"/>
- <element name="AttributeFilter" type="conf:PluggableType" minOccurs="0"/>
- <element name="CredentialResolver" type="conf:PluggableType" minOccurs="0"/>
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element name="RelyingParty" type="conf:RelyingPartyType"/>
+ <element name="Notify" type="conf:NotifyType"/>
+ <element ref="saml:Audience"/>
+ <element name="MetadataProvider" type="conf:PluggableType"/>
+ <element name="TrustEngine" type="conf:PluggableType"/>
+ <element name="AttributeExtractor" type="conf:PluggableType"/>
+ <element name="AttributeResolver" type="conf:PluggableType"/>
+ <element name="AttributeFilter" type="conf:PluggableType"/>
+ <element name="CredentialResolver" type="conf:PluggableType"/>
+ </choice>
</sequence>
<attribute name="id" type="conf:string" use="required"/>
<attribute name="entityID" type="anyURI"/>
<attribute name="postTemplate" type="conf:string"/>
<attribute name="postExpire" type="boolean"/>
<attribute name="relayState" type="conf:string"/>
+ <attribute name="relayStateLimit" type="conf:relayStateLimitType"/>
+ <attribute name="relayStateWhitelist" type="conf:listOfURIs"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<attribute name="entityIDParam" type="conf:string"/>
<attribute name="entityID" type="anyURI"/>
<attribute name="outgoingBindings" type="conf:listOfURIs"/>
+ <attribute name="preservedOptions" type="conf:listOfStrings"/>
<attribute name="template" type="anyURI"/>
<attribute name="postArtifact" type="boolean"/>
<attribute name="acsByIndex" type="boolean"/>