blockDefault="substitution"
version="1.1">
- <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
<import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
<import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
<sequence>
<element ref="conf:Extensions" minOccurs="0"/>
<choice minOccurs="0">
+ <element name="OutOfProcess" type="conf:GlobalConfigurationType"/>
<element name="Global" type="conf:GlobalConfigurationType"/>
<element name="SHAR" type="conf:GlobalConfigurationType"/>
</choice>
<choice minOccurs="0">
+ <element name="InProcess" type="conf:LocalConfigurationType"/>
<element name="Local" type="conf:LocalConfigurationType"/>
<element name="SHIRE" type="conf:LocalConfigurationType"/>
</choice>
<element ref="conf:Applications"/>
<element name="CredentialsProvider" type="conf:PluggableType" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="conf:AttributeFactory" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="logger" type="anyURI" use="optional"/>
<attribute name="clockSkew" type="unsignedInt" use="optional"/>
</attribute>
</complexType>
</element>
+ <element name="MemoryListener" type="conf:PluggableType"/>
<element name="Listener" type="conf:PluggableType"/>
</choice>
<choice>
<complexType>
<choice maxOccurs="unbounded">
<element ref="conf:ISAPI"/>
- <element ref="conf:NSAPI"/>
- <element ref="conf:Java"/>
<any namespace="##other" processContents="lax"/>
</choice>
</complexType>
</annotation>
<complexType>
<sequence>
- <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
<element ref="conf:Sessions"/>
<element ref="conf:Errors"/>
<element ref="conf:CredentialUse" minOccurs="0"/>
</annotation>
<complexType>
<sequence>
- <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
<element ref="conf:Sessions" minOccurs="0"/>
<element ref="conf:Errors" minOccurs="0"/>
<element ref="conf:CredentialUse" minOccurs="0"/>
<element ref="conf:SessionInitiator"/>
<element ref="md:AssertionConsumerService"/>
<element ref="md:SingleLogoutService"/>
+ <element ref="conf:DiagnosticService"/>
+ <element name="ExtensionService" type="conf:PluggableType"/>
</choice>
<!-- deprecated --> <attribute name="wayfURL" type="anyURI" use="optional"/>
<!-- deprecated --> <attribute name="shireURL" type="anyURI" use="optional"/>
<attribute name="lifetime" type="unsignedInt" use="optional"/>
<attribute name="timeout" type="unsignedInt" use="optional"/>
<attribute name="checkAddress" type="boolean" use="optional"/>
+ <attribute name="consistentAddress" type="boolean" use="optional" default="true"/>
<attribute name="checkReplay" type="boolean" use="optional" default="true"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<attribute name="checkCDC" type="anyURI" use="optional"/>
<attribute name="isDefault" type="boolean" use="optional"/>
<attribute name="id" type="string" use="optional"/>
+ <anyAttribute namespace="##any" processContents="lax"/>
+ </complexType>
+ </element>
+ <element name="DiagnosticService">
+ <annotation>
+ <documentation>Used to specify internal diagnostic capabilities</documentation>
+ </annotation>
+ <complexType>
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Location" type="anyURI" use="required"/>
+ <attribute name="Binding" type="anyURI" use="required"/>
+ <attribute name="echo" type="boolean" use="optional"/>
+ <attribute name="log" type="boolean" use="optional"/>
+ <attribute name="config" type="boolean" use="optional"/>
+ <attribute name="acl" use="optional">
+ <simpleType>
+ <list itemType="string"/>
+ </simpleType>
+ </attribute>
+ <anyAttribute namespace="##any" processContents="lax"/>
</complexType>
</element>
</element>
<attributeGroup name="CredentialUseGroup">
- <attribute name="TLS" type="string" use="required"/>
- <attribute name="Signing" type="string" use="required"/>
+ <attribute name="TLS" type="string" use="optional"/>
+ <attribute name="Signing" type="string" use="optional"/>
<attribute name="signRequest" type="boolean" use="optional" default="false"/>
+ <attribute name="signatureAlg" type="anyURI" use="optional"/>
+ <attribute name="digestAlg" type="anyURI" use="optional"/>
<attribute name="signedResponse" type="boolean" use="optional" default="false"/>
<attribute name="signedAssertions" type="boolean" use="optional" default="false"/>
+ <attribute name="authType" use="optional">
+ <simpleType>
+ <restriction base="string">
+ <enumeration value="basic"/>
+ <enumeration value="digest"/>
+ <enumeration value="ntlm"/>
+ <enumeration value="gss"/>
+ </restriction>
+ </simpleType>
+ </attribute>
+ <attribute name="authUsername" use="optional"/>
+ <attribute name="authPassword" use="optional"/>
</attributeGroup>
<element name="CredentialUse">
<complexType>
<sequence>
<element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
- <complexType mixed="false">
- <complexContent>
- <restriction base="anyType">
- <attribute name="Name" type="string" use="required"/>
- <attributeGroup ref="conf:CredentialUseGroup"/>
- </restriction>
- </complexContent>
+ <complexType>
+ <sequence>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Name" type="string" use="required"/>
+ <attributeGroup ref="conf:CredentialUseGroup"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
</complexType>
</element>
<any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
</element>
+
+ <element name="AttributeFactory">
+ <annotation>
+ <documentation>Specifies a plugin that implements a specialized SAML attribute</documentation>
+ </annotation>
+ <complexType>
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="type" type="string" use="required"/>
+ <attribute name="AttributeName" type="string" use="required"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </complexType>
+ </element>
+
</schema>