schemas/shibboleth-2.0-attribute-map.xsd

   1 <?xml version="1.0" encoding="UTF-8"?>
   2 <schema targetNamespace="urn:mace:shibboleth:2.0:attribute-map"
   3         xmlns="http://www.w3.org/2001/XMLSchema"
   4         xmlns:am="urn:mace:shibboleth:2.0:attribute-map"
   5         xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
   6         elementFormDefault="qualified"
   7         version="2.5">
   8
   9     <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
  10
  11     <annotation>
  12         <documentation>
  13             This schema maps SAML attributes into Shibboleth internal attributes.
  14         </documentation>
  15     </annotation>
  16
  17     <simpleType name="string">
  18         <restriction base="string">
  19             <minLength value="1"/>
  20         </restriction>
  21     </simpleType>
  22
  23     <simpleType name="anyURI">
  24         <restriction base="anyURI">
  25             <minLength value="1"/>
  26         </restriction>
  27     </simpleType>
  28
  29     <simpleType name="listOfStrings">
  30         <list itemType="am:string"/>
  31     </simpleType>
  32
  33     <complexType name="PluggableType">
  34         <sequence>
  35             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  36         </sequence>
  37         <attribute name="type" type="am:string" use="required"/>
  38         <anyAttribute namespace="##any" processContents="lax"/>
  39     </complexType>
  40
  41     <element name="GSSAPIContext" type="base64Binary">
  42         <annotation>
  43             <documentation>A wrapper element for GSS-API contexts.</documentation>
  44         </annotation>
  45     </element>
  46
  47     <element name="GSSAPIName" type="base64Binary">
  48         <annotation>
  49             <documentation>A wrapper element for GSS-API composite names.</documentation>
  50         </annotation>
  51     </element>
  52
  53     <element name="Attributes">
  54         <annotation>
  55             <documentation>The set of SAML or GSS-API attribute mappings.</documentation>
  56         </annotation>
  57         <complexType>
  58             <sequence>
  59                 <element name="MetadataProvider" type="am:PluggableType" minOccurs="0"/>
  60                 <element name="TrustEngine" type="am:PluggableType" minOccurs="0"/>
  61                 <element name="AttributeFilter" type="am:PluggableType" minOccurs="0"/>
  62                 <choice maxOccurs="unbounded">
  63                     <element name="Attribute" type="am:AttributeType"/>
  64                     <element name="GSSAPIAttribute" type="am:GSSAPIAttributeType"/>
  65                 </choice>
  66                 <element ref="ds:Signature" minOccurs="0"/>
  67             </sequence>
  68             <attribute name="metadataPolicyId" type="am:string"/>
  69         </complexType>
  70     </element>
  71
  72     <complexType name="AttributeType">
  73         <annotation>
  74             <documentation>Rule for mapping a SAML attribute to an internal attribute.</documentation>
  75         </annotation>
  76         <sequence>
  77             <element name="AttributeDecoder" type="am:AttributeDecoderType" minOccurs="0"/>
  78         </sequence>
  79         <attribute name="id" type="am:string" use="required">
  80             <annotation>
  81                 <documentation>The internal attribute ID to which this SAML attribute maps.</documentation>
  82             </annotation>
  83         </attribute>
  84         <attribute name="aliases" type="am:listOfStrings">
  85             <annotation>
  86                 <documentation>Optional aliases for the internal attribute to which this SAML attribute maps.</documentation>
  87             </annotation>
  88         </attribute>
  89         <attribute name="name" type="am:string" use="required">
  90             <annotation>
  91                 <documentation>The SAML 1 AttributeName or SAML 2 Name of the attribute.</documentation>
  92             </annotation>
  93         </attribute>
  94         <attribute name="nameFormat" type="am:string">
  95             <annotation>
  96                 <documentation>The SAML 1 Namespace or SAML 2 NameFormat of the attribute.</documentation>
  97             </annotation>
  98         </attribute>
  99         <attribute name="isRequested" type="boolean">
 100           <annotation>
 101             <documentation>Marks an attribute as requested by the service.</documentation>
 102           </annotation>
 103         </attribute>
 104         <attribute name="isRequired" type="boolean">
 105           <annotation>
 106             <documentation>Marks an attribute as required by the service.</documentation>
 107           </annotation>
 108         </attribute>
 109     </complexType>
 110
 111     <complexType name="GSSAPIAttributeType">
 112         <annotation>
 113             <documentation>Rule for mapping a GSS-API naming attribute to an internal attribute.</documentation>
 114         </annotation>
 115         <attribute name="id" type="am:string" use="required">
 116             <annotation>
 117                 <documentation>The internal attribute ID to which this SAML attribute maps.</documentation>
 118             </annotation>
 119         </attribute>
 120         <attribute name="aliases" type="am:listOfStrings">
 121             <annotation>
 122                 <documentation>Optional aliases for the internal attribute to which this SAML attribute maps.</documentation>
 123             </annotation>
 124         </attribute>
 125         <attribute name="name" type="am:string" use="required">
 126             <annotation>
 127                 <documentation>The name of the naming attribute.</documentation>
 128             </annotation>
 129         </attribute>
 130         <attribute name="authenticated" type="boolean">
 131             <annotation>
 132                 <documentation>If true, only an authenticated GSS-API naming attribute will be mapped.</documentation>
 133             </annotation>
 134         </attribute>
 135         <attribute name="binary" type="boolean">
 136             <annotation>
 137                 <documentation>If true, the GSS-API naming attribute will be base64-encoded for internal use.</documentation>
 138             </annotation>
 139         </attribute>
 140         <attribute name="scopeDelimiter" type="am:string">
 141             <annotation>
 142                 <documentation>
 143                     The character(s) used to delimit the scoped information from the scope.
 144                 </documentation>
 145             </annotation>
 146         </attribute>
 147     </complexType>
 148
 149     <complexType name="AttributeDecoderType" abstract="true">
 150         <annotation>
 151             <documentation>
 152                 Decodes a SAML attribute into its Shibboleth-internal representation.
 153             </documentation>
 154         </annotation>
 155         <attribute name="caseSensitive" type="boolean">
 156             <annotation>
 157                 <documentation>
 158                     Flag controlling case sensitivity when comparisons to the attribute's values are done.
 159                 </documentation>
 160             </annotation>
 161         </attribute>
 162         <attribute name="internal" type="boolean">
 163             <annotation>
 164                 <documentation>Flag controlling whether the resulting attribute should be exported for CGI use.</documentation>
 165             </annotation>
 166         </attribute>
 167         <attribute name="hashAlg" type="am:string">
 168             <annotation>
 169                 <documentation>
 170                     Crypto-provider-specific name of hash algorithm to use,
 171                     turning the decoded result into a simple string.
 172                 </documentation>
 173             </annotation>
 174         </attribute>
 175     </complexType>
 176
 177     <complexType name="StringAttributeDecoder">
 178         <annotation>
 179             <documentation>
 180                 Decoder for attributes with string values.
 181             </documentation>
 182         </annotation>
 183         <complexContent>
 184             <extension base="am:AttributeDecoderType" />
 185         </complexContent>
 186     </complexType>
 187
 188     <complexType name="ScopedAttributeDecoder">
 189         <annotation>
 190             <documentation>
 191                 Decoder for attributes with scoped values.
 192             </documentation>
 193         </annotation>
 194         <complexContent>
 195             <extension base="am:AttributeDecoderType">
 196                 <attribute name="scopeDelimiter" type="am:string">
 197                     <annotation>
 198                         <documentation>
 199                             The character(s) used to delimit the scoped information from the scope.
 200                         </documentation>
 201                     </annotation>
 202                 </attribute>
 203             </extension>
 204         </complexContent>
 205     </complexType>
 206
 207     <complexType name="NameIDAttributeDecoder">
 208         <annotation>
 209             <documentation>
 210                 Decoder for attributes with NameID values.
 211             </documentation>
 212         </annotation>
 213         <complexContent>
 214             <extension base="am:AttributeDecoderType">
 215                 <attribute name="formatter" type="am:string">
 216                     <annotation>
 217                         <documentation>
 218                             The pattern used to generate string versions of the attribute's values.
 219                         </documentation>
 220                     </annotation>
 221                 </attribute>
 222                 <attribute name="defaultQualifiers" type="boolean">
 223                     <annotation>
 224                         <documentation>
 225                             Flag controlling whether to default in values for NameQualifier/SPNameQualifier if not set.
 226                         </documentation>
 227                     </annotation>
 228                 </attribute>
 229             </extension>
 230         </complexContent>
 231     </complexType>
 232
 233     <complexType name="NameIDFromScopedAttributeDecoder">
 234         <annotation>
 235             <documentation>
 236                 Decoder for attributes with scoped values that produces a NameID attribute with
 237                 the scope dropped and the NameQualifiers defaulted.
 238             </documentation>
 239         </annotation>
 240         <complexContent>
 241             <extension base="am:ScopedAttributeDecoder">
 242                 <attribute name="format" type="am:anyURI">
 243                     <annotation>
 244                         <documentation>
 245                             Value to use as the NameID Format.
 246                         </documentation>
 247                     </annotation>
 248                 </attribute>
 249                 <attribute name="defaultQualifiers" type="boolean">
 250                     <annotation>
 251                         <documentation>
 252                             Flag controlling whether to default in values for NameQualifier/SPNameQualifier if not set.
 253                         </documentation>
 254                     </annotation>
 255                 </attribute>
 256                 <attribute name="formatter" type="am:string">
 257                     <annotation>
 258                         <documentation>
 259                             The pattern used to generate string versions of the attribute's values.
 260                         </documentation>
 261                     </annotation>
 262                 </attribute>
 263             </extension>
 264         </complexContent>
 265     </complexType>
 266
 267     <complexType name="KeyInfoAttributeDecoder">
 268         <annotation>
 269             <documentation>
 270                 Decoder for attributes with ds:KeyInfo values.
 271             </documentation>
 272         </annotation>
 273         <complexContent>
 274             <extension base="am:AttributeDecoderType">
 275                 <sequence>
 276                     <element name="KeyInfoResolver" type="am:PluggableType" minOccurs="0"/>
 277                 </sequence>
 278                 <attribute name="hash" type="boolean">
 279                     <annotation>
 280                         <documentation>
 281                             Flag controlling whether to hash keys before base64-encoding them.
 282                         </documentation>
 283                     </annotation>
 284                 </attribute>
 285                 <attribute name="keyInfoHashAlg" type="am:string">
 286                     <annotation>
 287                         <documentation>
 288                             Crypto-provider-specific name of hash algorithm to use.
 289                         </documentation>
 290                     </annotation>
 291                 </attribute>
 292             </extension>
 293         </complexContent>
 294     </complexType>
 295
 296     <complexType name="XMLAttributeDecoder">
 297         <annotation>
 298             <documentation>
 299                 Decoder for directly serializing XML values.
 300             </documentation>
 301         </annotation>
 302         <complexContent>
 303             <extension base="am:AttributeDecoderType"/>
 304         </complexContent>
 305     </complexType>
 306
 307     <complexType name="DOMAttributeDecoder">
 308         <annotation>
 309             <documentation>
 310                 Decoder for extracting information from XML values.
 311             </documentation>
 312         </annotation>
 313         <complexContent>
 314             <extension base="am:AttributeDecoderType">
 315                 <sequence>
 316                     <element name="Mapping" minOccurs="0">
 317                         <annotation>
 318                             <documentation>Optional transform to turn qualified XML names into string names.</documentation>
 319                         </annotation>
 320                         <complexType>
 321                             <attribute name="from" type="QName" use="required"/>
 322                             <attribute name="to" type="am:string" use="required"/>
 323                         </complexType>
 324                     </element>
 325                 </sequence>
 326                 <attribute name="formatter" type="am:string">
 327                     <annotation>
 328                         <documentation>
 329                             The pattern used to generate strings from the XML.
 330                         </documentation>
 331                     </annotation>
 332                 </attribute>
 333             </extension>
 334         </complexContent>
 335     </complexType>
 336
 337     <complexType name="Base64AttributeDecoder">
 338         <annotation>
 339             <documentation>
 340                 Decoder for attributes with base64-encoded string values.
 341             </documentation>
 342         </annotation>
 343         <complexContent>
 344             <extension base="am:AttributeDecoderType" />
 345         </complexContent>
 346     </complexType>
 347
 348 </schema>