1 <?xml version="1.0" encoding="UTF-8"?>
\r
3 targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
\r
4 xmlns="http://www.w3.org/2001/XMLSchema"
\r
5 xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
\r
6 xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
\r
7 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
\r
8 elementFormDefault="unqualified"
\r
9 attributeFormDefault="unqualified"
\r
10 blockDefault="substitution"
\r
12 <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
\r
13 schemaLocation="saml-schema-assertion-2.0.xsd"/>
\r
14 <import namespace="http://www.w3.org/2000/09/xmldsig#"
\r
15 schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
\r
18 Document identifier: saml-schema-protocol-2.0
\r
19 Location: http://docs.oasis-open.org/security/saml/v2.0/
\r
21 V1.0 (November, 2002):
\r
22 Initial Standard Schema.
\r
23 V1.1 (September, 2003):
\r
24 Updates within the same V1.0 namespace.
\r
26 New protocol schema based in a SAML V2.0 namespace.
\r
29 <complexType name="RequestAbstractType" abstract="true">
\r
31 <element ref="saml:Issuer" minOccurs="0"/>
\r
32 <element ref="ds:Signature" minOccurs="0"/>
\r
33 <element ref="samlp:Extensions" minOccurs="0"/>
\r
35 <attribute name="ID" type="ID" use="required"/>
\r
36 <attribute name="Version" type="string" use="required"/>
\r
37 <attribute name="IssueInstant" type="dateTime" use="required"/>
\r
38 <attribute name="Destination" type="anyURI" use="optional"/>
\r
39 <attribute name="Consent" type="anyURI" use="optional"/>
\r
41 <element name="Extensions" type="samlp:ExtensionsType"/>
\r
42 <complexType name="ExtensionsType">
\r
44 <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
\r
47 <complexType name="StatusResponseType">
\r
49 <element ref="saml:Issuer" minOccurs="0"/>
\r
50 <element ref="ds:Signature" minOccurs="0"/>
\r
51 <element ref="samlp:Extensions" minOccurs="0"/>
\r
52 <element ref="samlp:Status"/>
\r
54 <attribute name="ID" type="ID" use="required"/>
\r
55 <attribute name="InResponseTo" type="NCName" use="optional"/>
\r
56 <attribute name="Version" type="string" use="required"/>
\r
57 <attribute name="IssueInstant" type="dateTime" use="required"/>
\r
58 <attribute name="Destination" type="anyURI" use="optional"/>
\r
59 <attribute name="Consent" type="anyURI" use="optional"/>
\r
61 <element name="Status" type="samlp:StatusType"/>
\r
62 <complexType name="StatusType">
\r
64 <element ref="samlp:StatusCode"/>
\r
65 <element ref="samlp:StatusMessage" minOccurs="0"/>
\r
66 <element ref="samlp:StatusDetail" minOccurs="0"/>
\r
69 <element name="StatusCode" type="samlp:StatusCodeType"/>
\r
70 <complexType name="StatusCodeType">
\r
72 <element ref="samlp:StatusCode" minOccurs="0"/>
\r
74 <attribute name="Value" type="anyURI" use="required"/>
\r
76 <element name="StatusMessage" type="string"/>
\r
77 <element name="StatusDetail" type="samlp:StatusDetailType"/>
\r
78 <complexType name="StatusDetailType">
\r
80 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
\r
83 <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
\r
84 <complexType name="AssertionIDRequestType">
\r
86 <extension base="samlp:RequestAbstractType">
\r
88 <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
\r
93 <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
\r
94 <complexType name="SubjectQueryAbstractType" abstract="true">
\r
96 <extension base="samlp:RequestAbstractType">
\r
98 <element ref="saml:Subject"/>
\r
103 <element name="AuthnQuery" type="samlp:AuthnQueryType"/>
\r
104 <complexType name="AuthnQueryType">
\r
106 <extension base="samlp:SubjectQueryAbstractType">
\r
108 <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
\r
110 <attribute name="SessionIndex" type="string" use="optional"/>
\r
114 <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
\r
115 <complexType name="RequestedAuthnContextType">
\r
117 <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
\r
118 <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
\r
120 <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
\r
122 <simpleType name="AuthnContextComparisonType">
\r
123 <restriction base="string">
\r
124 <enumeration value="exact"/>
\r
125 <enumeration value="minimum"/>
\r
126 <enumeration value="maximum"/>
\r
127 <enumeration value="better"/>
\r
130 <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
\r
131 <complexType name="AttributeQueryType">
\r
133 <extension base="samlp:SubjectQueryAbstractType">
\r
135 <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
\r
140 <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
\r
141 <complexType name="AuthzDecisionQueryType">
\r
143 <extension base="samlp:SubjectQueryAbstractType">
\r
145 <element ref="saml:Action" maxOccurs="unbounded"/>
\r
146 <element ref="saml:Evidence" minOccurs="0"/>
\r
148 <attribute name="Resource" type="anyURI" use="required"/>
\r
152 <element name="AuthnRequest" type="samlp:AuthnRequestType"/>
\r
153 <complexType name="AuthnRequestType">
\r
155 <extension base="samlp:RequestAbstractType">
\r
157 <element ref="saml:Subject" minOccurs="0"/>
\r
158 <element ref="samlp:NameIDPolicy" minOccurs="0"/>
\r
159 <element ref="saml:Conditions" minOccurs="0"/>
\r
160 <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
\r
161 <element ref="samlp:Scoping" minOccurs="0"/>
\r
163 <attribute name="ForceAuthn" type="boolean" use="optional"/>
\r
164 <attribute name="IsPassive" type="boolean" use="optional"/>
\r
165 <attribute name="ProtocolBinding" type="anyURI" use="optional"/>
\r
166 <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
\r
167 <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
\r
168 <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
\r
169 <attribute name="ProviderName" type="string" use="optional"/>
\r
173 <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
\r
174 <complexType name="NameIDPolicyType">
\r
175 <attribute name="Format" type="anyURI" use="optional"/>
\r
176 <attribute name="SPNameQualifier" type="string" use="optional"/>
\r
177 <attribute name="AllowCreate" type="boolean" use="optional"/>
\r
179 <element name="Scoping" type="samlp:ScopingType"/>
\r
180 <complexType name="ScopingType">
\r
182 <element ref="samlp:IDPList" minOccurs="0"/>
\r
183 <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
\r
185 <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
\r
187 <element name="RequesterID" type="anyURI"/>
\r
188 <element name="IDPList" type="samlp:IDPListType"/>
\r
189 <complexType name="IDPListType">
\r
191 <element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
\r
192 <element ref="samlp:GetComplete" minOccurs="0"/>
\r
195 <element name="IDPEntry" type="samlp:IDPEntryType"/>
\r
196 <complexType name="IDPEntryType">
\r
197 <attribute name="ProviderID" type="anyURI" use="required"/>
\r
198 <attribute name="Name" type="string" use="optional"/>
\r
199 <attribute name="Loc" type="anyURI" use="optional"/>
\r
201 <element name="GetComplete" type="anyURI"/>
\r
202 <element name="Response" type="samlp:ResponseType"/>
\r
203 <complexType name="ResponseType">
\r
205 <extension base="samlp:StatusResponseType">
\r
206 <choice minOccurs="0" maxOccurs="unbounded">
\r
207 <element ref="saml:Assertion"/>
\r
208 <element ref="saml:EncryptedAssertion"/>
\r
213 <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
\r
214 <complexType name="ArtifactResolveType">
\r
216 <extension base="samlp:RequestAbstractType">
\r
218 <element ref="samlp:Artifact"/>
\r
223 <element name="Artifact" type="string"/>
\r
224 <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
\r
225 <complexType name="ArtifactResponseType">
\r
227 <extension base="samlp:StatusResponseType">
\r
229 <any namespace="##any" processContents="lax" minOccurs="0"/>
\r
234 <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
\r
235 <complexType name="ManageNameIDRequestType">
\r
237 <extension base="samlp:RequestAbstractType">
\r
240 <element ref="saml:NameID"/>
\r
241 <element ref="saml:EncryptedID"/>
\r
244 <element ref="samlp:NewID"/>
\r
245 <element ref="samlp:NewEncryptedID"/>
\r
246 <element ref="samlp:Terminate"/>
\r
252 <element name="NewID" type="string"/>
\r
253 <element name="NewEncryptedID" type="saml:EncryptedElementType"/>
\r
254 <element name="Terminate" type="samlp:TerminateType"/>
\r
255 <complexType name="TerminateType"/>
\r
256 <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
\r
257 <element name="LogoutRequest" type="samlp:LogoutRequestType"/>
\r
258 <complexType name="LogoutRequestType">
\r
260 <extension base="samlp:RequestAbstractType">
\r
263 <element ref="saml:BaseID"/>
\r
264 <element ref="saml:NameID"/>
\r
265 <element ref="saml:EncryptedID"/>
\r
267 <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
\r
269 <attribute name="Reason" type="string" use="optional"/>
\r
270 <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
\r
274 <element name="SessionIndex" type="string"/>
\r
275 <element name="LogoutResponse" type="samlp:StatusResponseType"/>
\r
276 <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
\r
277 <complexType name="NameIDMappingRequestType">
\r
279 <extension base="samlp:RequestAbstractType">
\r
282 <element ref="saml:BaseID"/>
\r
283 <element ref="saml:NameID"/>
\r
284 <element ref="saml:EncryptedID"/>
\r
286 <element ref="samlp:NameIDPolicy"/>
\r
291 <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
\r
292 <complexType name="NameIDMappingResponseType">
\r
294 <extension base="samlp:StatusResponseType">
\r
296 <element ref="saml:NameID"/>
\r
297 <element ref="saml:EncryptedID"/>
\r