blockDefault="substitution"\r
version="2.0">\r
\r
- <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="../../cpp-opensaml2/schemas/saml-schema-assertion-2.0.xsd"/>\r
- <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="../../cpp-opensaml2/schemas/saml-schema-metadata-2.0.xsd"/>\r
+ <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>\r
+ <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>\r
\r
<annotation>\r
<documentation>\r
<element ref="conf:OutOfProcess"/>
<element ref="conf:InProcess"/>
<element ref="conf:Applications"/>
- <element ref="conf:Credentials" minOccurs="0"/>
<element ref="conf:SecurityPolicies"/>
</sequence>
<attribute name="logger" type="anyURI"/>
<sequence>\r
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>\r
</sequence>\r
- <attribute name="id" type="conf:string" use="required"/>\r
+ <attribute name="id" type="ID" use="required"/>\r
<attribute name="cleanupInterval" type="unsignedInt" default="900"/>\r
<anyAttribute namespace="##any" processContents="lax"/>\r
</restriction>\r
<sequence>\r
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>\r
</sequence>\r
+ <attribute name="StorageService" type="IDREF"/>\r
<attribute name="cacheTimeout" type="unsignedInt" default="28800"/>\r
<anyAttribute namespace="##any" processContents="lax"/>\r
</restriction>\r
\r
<element name="ReplayCache">
<annotation>\r
- <documentation>Ties ReplayCache to custom StorageService</documentation>\r
+ <documentation>Ties ReplayCache to a custom StorageService</documentation>\r
</annotation>\r
- <complexType>
- <sequence/>\r
- <attribute name="StorageService" type="conf:string" use="required"/>
+ <complexType>\r
+ <sequence/>
+ <attribute name="StorageService" type="IDREF" use="required"/>\r
+ </complexType>\r
+ </element>
+ \r
+ <element name="ArtifactMap">
+ <annotation>\r
+ <documentation>Customizes an ArtifactMap</documentation>\r
+ </annotation>\r
+ <complexType>\r
+ <sequence/>
+ <attribute name="StorageService" type="IDREF"/>
+ <attribute name="context" type="conf:string"/>
+ <attribute name="artifactTTL" type="unsignedInt" default="180"/>\r
</complexType>
</element>\r
\r
</choice>
<element ref="conf:StorageService" minOccurs="0" maxOccurs="unbounded"/>
<element ref="conf:SessionCache" minOccurs="0"/>
- <element ref="conf:ReplayCache" minOccurs="0"/>
+ <element ref="conf:ReplayCache" minOccurs="0"/>\r
+ <element ref="conf:ArtifactMap" minOccurs="0"/>
<any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="logger" type="anyURI"/>
<complexType>\r
<sequence>
<element ref="conf:Extensions" minOccurs="0"/>
+ <element ref="conf:SessionCache" minOccurs="0"/>\r
<element name="RequestMapper" type="conf:PluggableType"/>
<element name="Implementation" minOccurs="0">
<complexType>
<any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="logger" type="anyURI"/>
- <attribute name="localRelayState" type="boolean" default="false"/>
<anyAttribute namespace="##other" processContents="lax"/>\r
</complexType>\r
</element>\r
<sequence>\r
<element ref="conf:Sessions"/>\r
<element ref="conf:Errors"/>\r
- <element ref="conf:CredentialUse" minOccurs="0"/>\r
+ <element ref="conf:DefaultRelyingParty"/>\r
<element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
<element name="MetadataProvider" type="conf:PluggableType"/>
<element name="TrustEngine" type="conf:PluggableType"/>\r
+ <element name="AttributeResolver" type="conf:PluggableType"/>\r
+ <element name="CredentialResolver" type="conf:PluggableType" minOccurs="0"/>\r
<element ref="conf:Application" minOccurs="0" maxOccurs="unbounded"/>\r
</sequence>\r
<attribute name="id" type="conf:string" fixed="default"/>\r
<attribute name="providerId" type="anyURI" use="required"/>\r
<attribute name="policyId" type="conf:string" use="required"/>\r
<attribute name="homeURL" type="anyURI"/>\r
+ <attribute name="attributeIds" type="conf:listOfStrings"/>\r
<anyAttribute namespace="##other" processContents="lax"/>\r
</complexType>\r
</element>\r
<sequence>\r
<element ref="conf:Sessions" minOccurs="0"/>\r
<element ref="conf:Errors" minOccurs="0"/>\r
- <element ref="conf:CredentialUse" minOccurs="0"/>\r
+ <element ref="conf:DefaultRelyingParty" minOccurs="0"/>\r
<element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>\r
<element name="MetadataProvider" type="conf:PluggableType" minOccurs="0"/>\r
<element name="TrustEngine" type="conf:PluggableType" minOccurs="0"/>\r
+ <element name="AttributeResolver" type="conf:PluggableType" minOccurs="0"/>\r
+ <element name="CredentialResolver" type="conf:PluggableType" minOccurs="0"/>\r
</sequence>\r
<attribute name="id" type="conf:string" use="required"/>\r
<attribute name="providerId" type="anyURI"/>\r
<attribute name="policyId" type="conf:string"/>\r
<attribute name="homeURL" type="anyURI"/>\r
- <anyAttribute namespace="##other" processContents="lax"/>\r
+ <attribute name="attributeIds" type="conf:listOfStrings"/>\r
+ <anyAttribute namespace="##other" processContents="lax"/>\r
</complexType>\r
</element>\r
\r
</choice>\r
<attribute name="handlerURL" type="anyURI"/>\r
<attribute name="handlerSSL" type="boolean" default="true"/>\r
+ <attribute name="redirectErrors" type="anyURI"/>\r
<attribute name="cookieName" type="conf:string"/>\r
<attribute name="cookieProps" type="conf:string"/>\r
<attribute name="idpHistory" type="boolean" default="true"/>\r
<anyAttribute namespace="##other" processContents="lax"/>\r
</complexType>\r
</element>\r
+ \r
+ <attribute name="policyId" type="conf:string">
+ <annotation>
+ <documentation>Used to reference Policy elements from profile endpoints.</documentation>
+ </annotation>
+ </attribute>\r
+\r
<element name="SessionInitiator">\r
<annotation>\r
<documentation>Used to specify handlers that can issue AuthnRequests</documentation>\r
</sequence>\r
<attribute name="Location" type="anyURI" use="required"/>\r
<attribute name="Binding" type="anyURI" use="required"/>\r
+ <attribute name="id" type="conf:string"/>\r
+ <attribute name="isDefault" type="boolean"/>\r
<attribute name="wayfURL" type="anyURI"/>\r
<attribute name="wayfBinding" type="anyURI"/>\r
- <attribute name="isDefault" type="boolean"/>\r
- <attribute name="id" type="conf:string"/>\r
+ <attribute name="relayState" type="conf:string"/>\r
<anyAttribute namespace="##any" processContents="lax"/>\r
</complexType>\r
</element>\r
</complexType>\r
</element>\r
\r
- <attributeGroup name="CredentialUseGroup">\r
- <attribute name="TLS" type="conf:string"/>\r
- <attribute name="Signing" type="conf:string"/>\r
- <attribute name="signRequests" type="boolean" default="false"/>\r
- <attribute name="signatureAlg" type="anyURI"/>\r
- <attribute name="authType">\r
- <simpleType>\r
- <restriction base="conf:string">\r
- <enumeration value="basic"/>\r
- <enumeration value="digest"/>\r
- <enumeration value="ntlm"/>\r
- <enumeration value="gss"/>\r
- </restriction>\r
- </simpleType>\r
- </attribute>\r
- <attribute name="authUsername"/>\r
- <attribute name="authPassword"/>\r
- </attributeGroup>\r
-\r
- <element name="CredentialUse">\r
+ <element name="DefaultRelyingParty">\r
<annotation>\r
<documentation>Container for specifying security methods to use with particular peers</documentation>\r
</annotation>\r
<sequence>\r
<element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">\r
<complexType>\r
- <sequence>\r
- <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>\r
- </sequence>\r
+ <sequence/>\r
<attribute name="Name" type="conf:string" use="required"/>\r
- <attributeGroup ref="conf:CredentialUseGroup"/>\r
+ <attributeGroup ref="conf:RelyingPartyGroup"/>\r
<anyAttribute namespace="##other" processContents="lax"/>\r
</complexType>\r
</element>\r
- <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>\r
</sequence>\r
- <attributeGroup ref="conf:CredentialUseGroup"/>\r
+ <attributeGroup ref="conf:RelyingPartyGroup"/>\r
<anyAttribute namespace="##other" processContents="lax"/>\r
</complexType>\r
</element>\r
\r
- <element name="Credentials">
- <annotation>\r
- <documentation>Container for specifying sources of credentials</documentation>\r
- </annotation>\r
- <complexType>\r
- <sequence>\r
- <element name="CredentialResolver" minOccurs="1" maxOccurs="unbounded">
- <annotation>\r
- <documentation>References CredentialResolver plugins</documentation>\r
- </annotation>\r
- <complexType>
- <complexContent>
- <restriction base="conf:PluggableType">
- <sequence>
- <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="id" type="conf:string" use="required"/>\r
- <anyAttribute namespace="##any" processContents="lax"/>
- </restriction>
- </complexContent>
- </complexType>
- </element>\r
- </sequence>
- </complexType>
- </element>\r
+ <attributeGroup name="RelyingPartyGroup">\r
+ <attribute name="authType" type="conf:string" default="TLS"/>\r
+ <attribute name="authUsername" type="conf:string"/>\r
+ <attribute name="authPassword" type="conf:string"/>\r
+ <attribute name="signRequests" type="boolean" default="false"/>
+ <attribute name="signatureAlg" type="anyURI"/>\r
+ <attribute name="encryptRequests" type="boolean" default="true"/>\r
+ </attributeGroup>\r
\r
<element name="SecurityPolicies">
<annotation>\r