1 <?xml version="1.0" encoding="UTF-8"?>
2 <schema targetNamespace="urn:mace:shibboleth:2.0:attribute-map"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:am="urn:mace:shibboleth:2.0:attribute-map"
5 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6 elementFormDefault="qualified"
9 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
13 This schema maps SAML attributes into Shibboleth internal attributes.
17 <simpleType name="string">
18 <restriction base="string">
19 <minLength value="1"/>
23 <simpleType name="anyURI">
24 <restriction base="anyURI">
25 <minLength value="1"/>
29 <simpleType name="listOfStrings">
30 <list itemType="am:string"/>
33 <complexType name="PluggableType">
35 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
37 <attribute name="type" type="am:string" use="required"/>
38 <anyAttribute namespace="##any" processContents="lax"/>
41 <element name="GSSAPIContext" type="base64Binary">
43 <documentation>A wrapper element for GSS-API contexts.</documentation>
47 <element name="GSSAPIName" type="base64Binary">
49 <documentation>A wrapper element for GSS-API composite names.</documentation>
53 <element name="Attributes">
55 <documentation>The set of SAML or GSS-API attribute mappings.</documentation>
59 <element name="MetadataProvider" type="am:PluggableType" minOccurs="0"/>
60 <element name="TrustEngine" type="am:PluggableType" minOccurs="0"/>
61 <element name="AttributeFilter" type="am:PluggableType" minOccurs="0"/>
62 <choice maxOccurs="unbounded">
63 <element name="Attribute" type="am:AttributeType"/>
64 <element name="GSSAPIAttribute" type="am:GSSAPIAttributeType"/>
66 <element ref="ds:Signature" minOccurs="0"/>
68 <attribute name="metadataPolicyId" type="am:string"/>
72 <complexType name="AttributeType">
74 <documentation>Rule for mapping a SAML attribute to an internal attribute.</documentation>
77 <element name="AttributeDecoder" type="am:AttributeDecoderType" minOccurs="0"/>
79 <attribute name="id" type="am:string" use="required">
81 <documentation>The internal attribute ID to which this SAML attribute maps.</documentation>
84 <attribute name="aliases" type="am:listOfStrings">
86 <documentation>Optional aliases for the internal attribute to which this SAML attribute maps.</documentation>
89 <attribute name="name" type="am:string" use="required">
91 <documentation>The SAML 1 AttributeName or SAML 2 Name of the attribute.</documentation>
94 <attribute name="nameFormat" type="am:string">
96 <documentation>The SAML 1 Namespace or SAML 2 NameFormat of the attribute.</documentation>
99 <attribute name="isRequested" type="boolean">
101 <documentation>Marks an attribute as requested by the service.</documentation>
104 <attribute name="isRequired" type="boolean">
106 <documentation>Marks an attribute as required by the service.</documentation>
111 <complexType name="GSSAPIAttributeType">
113 <documentation>Rule for mapping a GSS-API naming attribute to an internal attribute.</documentation>
115 <attribute name="id" type="am:string" use="required">
117 <documentation>The internal attribute ID to which this SAML attribute maps.</documentation>
120 <attribute name="aliases" type="am:listOfStrings">
122 <documentation>Optional aliases for the internal attribute to which this SAML attribute maps.</documentation>
125 <attribute name="name" type="am:string" use="required">
127 <documentation>The name of the naming attribute.</documentation>
130 <attribute name="authenticated" type="boolean">
132 <documentation>If true, only an authenticated GSS-API naming attribute will be mapped.</documentation>
135 <attribute name="binary" type="boolean">
137 <documentation>If true, the GSS-API naming attribute will be base64-encoded for internal use.</documentation>
140 <attribute name="scopeDelimiter" type="am:string">
143 The character(s) used to delimit the scoped information from the scope.
149 <complexType name="AttributeDecoderType" abstract="true">
152 Decodes a SAML attribute into its Shibboleth-internal representation.
155 <attribute name="caseSensitive" type="boolean">
158 Flag controlling case sensitivity when comparisons to the attribute's values are done.
162 <attribute name="internal" type="boolean">
164 <documentation>Flag controlling whether the resulting attribute should be exported for CGI use.</documentation>
167 <attribute name="hashAlg" type="am:string">
170 Crypto-provider-specific name of hash algorithm to use,
171 turning the decoded result into a simple string.
177 <complexType name="StringAttributeDecoder">
180 Decoder for attributes with string values.
184 <extension base="am:AttributeDecoderType" />
188 <complexType name="ScopedAttributeDecoder">
191 Decoder for attributes with scoped values.
195 <extension base="am:AttributeDecoderType">
196 <attribute name="scopeDelimiter" type="am:string">
199 The character(s) used to delimit the scoped information from the scope.
207 <complexType name="NameIDAttributeDecoder">
210 Decoder for attributes with NameID values.
214 <extension base="am:AttributeDecoderType">
215 <attribute name="formatter" type="am:string">
218 The pattern used to generate string versions of the attribute's values.
222 <attribute name="defaultQualifiers" type="boolean">
225 Flag controlling whether to default in values for NameQualifier/SPNameQualifier if not set.
233 <complexType name="NameIDFromScopedAttributeDecoder">
236 Decoder for attributes with scoped values that produces a NameID attribute with
237 the scope dropped and the NameQualifiers defaulted.
241 <extension base="am:ScopedAttributeDecoder">
242 <attribute name="format" type="am:anyURI">
245 Value to use as the NameID Format.
249 <attribute name="defaultQualifiers" type="boolean">
252 Flag controlling whether to default in values for NameQualifier/SPNameQualifier if not set.
256 <attribute name="formatter" type="am:string">
259 The pattern used to generate string versions of the attribute's values.
267 <complexType name="KeyInfoAttributeDecoder">
270 Decoder for attributes with ds:KeyInfo values.
274 <extension base="am:AttributeDecoderType">
276 <element name="KeyInfoResolver" type="am:PluggableType" minOccurs="0"/>
278 <attribute name="hash" type="boolean">
281 Flag controlling whether to hash keys before base64-encoding them.
285 <attribute name="keyInfoHashAlg" type="am:string">
288 Crypto-provider-specific name of hash algorithm to use.
296 <complexType name="XMLAttributeDecoder">
299 Decoder for directly serializing XML values.
303 <extension base="am:AttributeDecoderType"/>
307 <complexType name="DOMAttributeDecoder">
310 Decoder for extracting information from XML values.
314 <extension base="am:AttributeDecoderType">
316 <element name="Mapping" minOccurs="0">
318 <documentation>Optional transform to turn qualified XML names into string names.</documentation>
321 <attribute name="from" type="QName" use="required"/>
322 <attribute name="to" type="am:string" use="required"/>
326 <attribute name="formatter" type="am:string">
329 The pattern used to generate strings from the XML.
337 <complexType name="Base64AttributeDecoder">
340 Decoder for attributes with base64-encoded string values.
344 <extension base="am:AttributeDecoderType" />