1 <?xml version="1.0" encoding="UTF-8"?>
2 <schema xmlns="http://www.w3.org/2001/XMLSchema"
3 xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml"
4 xmlns:afp="urn:mace:shibboleth:2.0:afp"
5 targetNamespace="urn:mace:shibboleth:2.0:afp:mf:saml"
6 elementFormDefault="qualified"
9 <import namespace="urn:mace:shibboleth:2.0:afp" schemaLocation="classpath:/schema/shibboleth-2.0-afp.xsd" />
13 A set of SAML specific match functions. These match functions only operate against a
18 <complexType name="AttributeIssuerEntityAttributeExactMatch">
21 A match function that checks if the attribute issuer contains an entity attribute with the
26 <extension base="saml:EntityAttributeExactMatchType"/>
30 <complexType name="EntityAttributeExactMatch">
33 A match function that checks if the attribute requester contains an entity attribute with the
38 <extension base="saml:EntityAttributeExactMatchType"/>
42 <complexType name="AttributeRequesterEntityAttributeExactMatch">
45 A match function that checks if the attribute requester contains an entity attribute with the
48 Deprecated in favor of "EntityAttributeExactMatch".
52 <extension base="saml:EntityAttributeExactMatchType"/>
56 <complexType name="EntityAttributeExactMatchType" abstract="true">
58 <extension base="afp:MatchFunctorType">
59 <attribute name="attributeName" type="string" use="required">
61 <documentation>The name of the entity attribute to match.</documentation>
64 <attribute name="attributeNameFormat" type="string" use="optional">
66 <documentation>The name format of the entity attribute to match.</documentation>
69 <attribute name="attributeValue" type="string" use="required">
71 <documentation>The value of the entity attribute to match.</documentation>
78 <complexType name="AttributeIssuerEntityAttributeRegexMatch">
81 A match function that checks if the attribute issuer contains an entity attribute with a
82 value that matches the given regular expression.
86 <extension base="saml:EntityAttributeRegexMatchType"/>
90 <complexType name="EntityAttributeRegexMatch">
93 A match function that checks if the attribute requester contains an entity attribute with a
94 value that matches the given regular expression.
98 <extension base="saml:EntityAttributeRegexMatchType"/>
102 <complexType name="AttributeRequesterEntityAttributeRegexMatch">
105 A match function that checks if the attribute requester contains an entity attribute with a
106 value that matches the given regular expression.
108 Deprecated in favor of "EntityAttributeRegexMatch".
112 <extension base="saml:EntityAttributeRegexMatchType"/>
116 <complexType name="EntityAttributeRegexMatchType" abstract="true">
118 <extension base="afp:MatchFunctorType">
119 <attribute name="attributeName" type="string" use="required">
121 <documentation>The name of the entity attribute to match.</documentation>
124 <attribute name="attributeNameFormat" type="string" use="optional">
126 <documentation>The name format of the entity attribute to match.</documentation>
129 <attribute name="attributeValueRegex" type="string" use="required">
131 <documentation>The regular expression that must match the value of the entity attribute to
132 match.</documentation>
139 <complexType name="AttributeIssuerNameIDFormatExactMatch">
142 A match function that evaluates to true if the attribute issuer supports a specified
147 <extension base="saml:NameIDFormatExactMatchType"/>
151 <complexType name="NameIDFormatExactMatch">
154 A match function that evaluates to true if the attribute requester supports a specified
159 <extension base="saml:NameIDFormatExactMatchType"/>
163 <complexType name="AttributeRequesterNameIDFormatExactMatch">
166 A match function that evaluates to true if the attribute requester supports a specified
169 Deprecated in favor of "NameIDFormatExactMatch".
173 <extension base="saml:NameIDFormatExactMatchType"/>
177 <complexType name="NameIDFormatExactMatchType" abstract="true">
179 <extension base="afp:MatchFunctorType">
180 <attribute name="nameIdFormat" type="string" use="required">
182 <documentation>The NameID format that needs to be supported by the entity.</documentation>
189 <complexType name="AttributeRequesterInEntityGroup">
192 A match function that evaluates to true if the attribute requester is found in metadata and is a member
193 of the given entity group.
195 Deprecated in favor of "InEntityGroup".
199 <extension base="saml:EntityGroupMatchType" />
203 <complexType name="InEntityGroup">
206 A match function that evaluates to true if the attribute requester is found in metadata and
207 is a member of the given entity group.
211 <extension base="saml:EntityGroupMatchType"/>
215 <complexType name="AttributeIssuerInEntityGroup">
218 A match function that evaluates to true if the attribute issuer is found in metadata and is a member
219 of the given entity group.
223 <extension base="saml:EntityGroupMatchType" />
227 <complexType name="EntityGroupMatchType" abstract="true">
229 <extension base="afp:MatchFunctorType">
230 <attribute name="groupID" type="string" use="required">
232 <documentation>The entity group ID that an entity must be in.</documentation>
239 <complexType name="AttributeScopeMatchesShibMDScope">
242 A match function that ensures that an attribute value's scope matches a scope given in metadata for the entity or role.
246 <extension base="afp:MatchFunctorType" />
250 <complexType name="AttributeIssuerRegistrationAuthority">
253 A match function that matches the attribute issuer's MDRPI content against a list of potential values.
257 <extension base="saml:RegistrationAuthorityMatchType" />
261 <complexType name="RegistrationAuthority">
264 A match function that matches the SP (requester) MDRPI against a list of potential values.
268 <extension base="saml:RegistrationAuthorityMatchType" />
272 <complexType name="RegistrationAuthorityMatchType" abstract="true">
274 <extension base="afp:MatchFunctorType">
275 <attribute name="registrars" type="saml:anyURIListType" use="required">
277 <documentation>The string values to match.</documentation>
280 <attribute name="matchIfMetadataSilent" type="boolean">
283 A boolean flag indicating whether a match should occur if the metadata does
284 not contain an MDRPI statement (coded) default is false.
292 <complexType name="NameIDQualifierString">
295 A match function that ensures that a NameID-valued attribute's qualifier(s), if set, match particular values.
299 <extension base="afp:MatchFunctorType">
300 <attribute name="attributeID" type="string">
303 The ID of the attribute whose qualifiers should be matched. If no attribute ID is specified the
304 ID of the containing attribute rule is assumed.
308 <attribute name="NameQualifier" type="string">
311 A value to require in the NameQualifier field, or if omitted, require that it match the issuing IdP's entityID.
315 <attribute name="SPNameQualifier" type="string">
318 A value to require in the SPNameQualifier field, or if omitted, require that it match the SP's entityID.
326 <complexType name="AttributeIssuerEntityMatcher">
329 A match function that checks if the attribute issuer matches pluggable criteria.
333 <extension base="saml:EntityMatcherType"/>
337 <complexType name="AttributeRequesterEntityMatcher">
340 A match function that checks if the attribute requester matches pluggable criteria.
344 <extension base="saml:EntityMatcherType"/>
348 <complexType name="EntityMatcherType" abstract="true">
350 <extension base="afp:MatchFunctorType">
352 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
354 <attribute name="matcher" type="string" use="required">
357 The type of plugin to apply as a matching mechanism.
361 <anyAttribute namespace="##any" processContents="lax"/>
366 <simpleType name="anyURIListType">
367 <list itemType="string"/>