schemas/shibboleth-2.0-attribute-map.xsd

   1 <?xml version="1.0" encoding="UTF-8"?>
   2 <schema targetNamespace="urn:mace:shibboleth:2.0:attribute-map"
   3         xmlns="http://www.w3.org/2001/XMLSchema"
   4         xmlns:am="urn:mace:shibboleth:2.0:attribute-map"
   5         xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
   6         elementFormDefault="qualified"
   7         version="2.5">
   8
   9     <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
  10
  11     <annotation>
  12         <documentation>
  13             This schema maps SAML attributes into Shibboleth internal attributes.
  14         </documentation>
  15     </annotation>
  16
  17     <simpleType name="string">
  18         <restriction base="string">
  19             <minLength value="1"/>
  20         </restriction>
  21     </simpleType>
  22
  23     <simpleType name="anyURI">
  24         <restriction base="anyURI">
  25             <minLength value="1"/>
  26         </restriction>
  27     </simpleType>
  28
  29     <simpleType name="listOfStrings">
  30         <list itemType="am:string"/>
  31     </simpleType>
  32
  33     <complexType name="PluggableType">
  34         <sequence>
  35             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  36         </sequence>
  37         <attribute name="type" type="am:string" use="required"/>
  38         <anyAttribute namespace="##any" processContents="lax"/>
  39     </complexType>
  40
  41     <element name="GSSAPIContext" type="base64Binary">
  42         <annotation>
  43             <documentation>A wrapper element for GSS-API contexts.</documentation>
  44         </annotation>
  45     </element>
  46
  47     <element name="GSSAPIName" type="base64Binary">
  48         <annotation>
  49             <documentation>A wrapper element for GSS-API composite names.</documentation>
  50         </annotation>
  51     </element>
  52
  53     <element name="Attributes">
  54         <annotation>
  55             <documentation>The set of SAML or GSS-API attribute mappings.</documentation>
  56         </annotation>
  57         <complexType>
  58             <sequence>
  59                 <element name="MetadataProvider" type="am:PluggableType" minOccurs="0"/>
  60                 <element name="TrustEngine" type="am:PluggableType" minOccurs="0"/>
  61                 <element name="AttributeFilter" type="am:PluggableType" minOccurs="0"/>
  62                 <choice maxOccurs="unbounded">
  63                     <element name="Attribute" type="am:AttributeType"/>
  64                     <element name="GSSAPIAttribute" type="am:GSSAPIAttributeType"/>
  65                 </choice>
  66                 <element ref="ds:Signature" minOccurs="0"/>
  67             </sequence>
  68             <attribute name="metadataAttributeCaching" type="boolean"/>
  69             <attribute name="metadataPolicyId" type="am:string"/>
  70         </complexType>
  71     </element>
  72
  73     <complexType name="AttributeType">
  74         <annotation>
  75             <documentation>Rule for mapping a SAML attribute to an internal attribute.</documentation>
  76         </annotation>
  77         <sequence>
  78             <element name="AttributeDecoder" type="am:AttributeDecoderType" minOccurs="0"/>
  79         </sequence>
  80         <attribute name="id" type="am:string" use="required">
  81             <annotation>
  82                 <documentation>The internal attribute ID to which this SAML attribute maps.</documentation>
  83             </annotation>
  84         </attribute>
  85         <attribute name="aliases" type="am:listOfStrings">
  86             <annotation>
  87                 <documentation>Optional aliases for the internal attribute to which this SAML attribute maps.</documentation>
  88             </annotation>
  89         </attribute>
  90         <attribute name="name" type="am:string" use="required">
  91             <annotation>
  92                 <documentation>The SAML 1 AttributeName or SAML 2 Name of the attribute.</documentation>
  93             </annotation>
  94         </attribute>
  95         <attribute name="nameFormat" type="am:string">
  96             <annotation>
  97                 <documentation>The SAML 1 Namespace or SAML 2 NameFormat of the attribute.</documentation>
  98             </annotation>
  99         </attribute>
 100         <attribute name="isRequested" type="boolean">
 101           <annotation>
 102             <documentation>Marks an attribute as requested by the service.</documentation>
 103           </annotation>
 104         </attribute>
 105         <attribute name="isRequired" type="boolean">
 106           <annotation>
 107             <documentation>Marks an attribute as required by the service.</documentation>
 108           </annotation>
 109         </attribute>
 110     </complexType>
 111
 112     <complexType name="GSSAPIAttributeType">
 113         <annotation>
 114             <documentation>Rule for mapping a GSS-API naming attribute to an internal attribute.</documentation>
 115         </annotation>
 116         <attribute name="id" type="am:string" use="required">
 117             <annotation>
 118                 <documentation>The internal attribute ID to which this SAML attribute maps.</documentation>
 119             </annotation>
 120         </attribute>
 121         <attribute name="aliases" type="am:listOfStrings">
 122             <annotation>
 123                 <documentation>Optional aliases for the internal attribute to which this SAML attribute maps.</documentation>
 124             </annotation>
 125         </attribute>
 126         <attribute name="name" type="am:string" use="required">
 127             <annotation>
 128                 <documentation>The name of the naming attribute.</documentation>
 129             </annotation>
 130         </attribute>
 131         <attribute name="authenticated" type="boolean">
 132             <annotation>
 133                 <documentation>If true, only an authenticated GSS-API naming attribute will be mapped.</documentation>
 134             </annotation>
 135         </attribute>
 136         <attribute name="binary" type="boolean">
 137             <annotation>
 138                 <documentation>If true, the GSS-API naming attribute will be base64-encoded for internal use.</documentation>
 139             </annotation>
 140         </attribute>
 141         <attribute name="scopeDelimiter" type="am:string">
 142             <annotation>
 143                 <documentation>
 144                     The character(s) used to delimit the scoped information from the scope.
 145                 </documentation>
 146             </annotation>
 147         </attribute>
 148     </complexType>
 149
 150     <complexType name="AttributeDecoderType" abstract="true">
 151         <annotation>
 152             <documentation>
 153                 Decodes a SAML attribute into its Shibboleth-internal representation.
 154             </documentation>
 155         </annotation>
 156         <attribute name="caseSensitive" type="boolean">
 157             <annotation>
 158                 <documentation>
 159                     Flag controlling case sensitivity when comparisons to the attribute's values are done.
 160                 </documentation>
 161             </annotation>
 162         </attribute>
 163         <attribute name="internal" type="boolean">
 164             <annotation>
 165                 <documentation>
 166                     Flag controlling whether the resulting attribute should be exported for CGI use.
 167                 </documentation>
 168             </annotation>
 169         </attribute>
 170         <attribute name="langAware" type="boolean">
 171             <annotation>
 172                 <documentation>
 173                     Flag controlling whether the decoder should select only the best matching value by language.
 174                 </documentation>
 175             </annotation>
 176         </attribute>
 177         <attribute name="hashAlg" type="am:string">
 178             <annotation>
 179                 <documentation>
 180                     Crypto-provider-specific name of hash algorithm to use,
 181                     turning the decoded result into a simple string.
 182                 </documentation>
 183             </annotation>
 184         </attribute>
 185     </complexType>
 186
 187     <complexType name="StringAttributeDecoder">
 188         <annotation>
 189             <documentation>
 190                 Decoder for attributes with string values.
 191             </documentation>
 192         </annotation>
 193         <complexContent>
 194             <extension base="am:AttributeDecoderType" />
 195         </complexContent>
 196     </complexType>
 197
 198     <complexType name="ScopedAttributeDecoder">
 199         <annotation>
 200             <documentation>
 201                 Decoder for attributes with scoped values.
 202             </documentation>
 203         </annotation>
 204         <complexContent>
 205             <extension base="am:AttributeDecoderType">
 206                 <attribute name="scopeDelimiter" type="am:string">
 207                     <annotation>
 208                         <documentation>
 209                             The character(s) used to delimit the scoped information from the scope.
 210                         </documentation>
 211                     </annotation>
 212                 </attribute>
 213             </extension>
 214         </complexContent>
 215     </complexType>
 216
 217     <complexType name="NameIDAttributeDecoder">
 218         <annotation>
 219             <documentation>
 220                 Decoder for attributes with NameID values.
 221             </documentation>
 222         </annotation>
 223         <complexContent>
 224             <extension base="am:AttributeDecoderType">
 225                 <attribute name="formatter" type="am:string">
 226                     <annotation>
 227                         <documentation>
 228                             The pattern used to generate string versions of the attribute's values.
 229                         </documentation>
 230                     </annotation>
 231                 </attribute>
 232                 <attribute name="defaultQualifiers" type="boolean">
 233                     <annotation>
 234                         <documentation>
 235                             Flag controlling whether to default in values for NameQualifier/SPNameQualifier if not set.
 236                         </documentation>
 237                     </annotation>
 238                 </attribute>
 239             </extension>
 240         </complexContent>
 241     </complexType>
 242
 243     <complexType name="NameIDFromScopedAttributeDecoder">
 244         <annotation>
 245             <documentation>
 246                 Decoder for attributes with scoped values that produces a NameID attribute with
 247                 the scope dropped and the NameQualifiers defaulted.
 248             </documentation>
 249         </annotation>
 250         <complexContent>
 251             <extension base="am:ScopedAttributeDecoder">
 252                 <attribute name="format" type="am:anyURI">
 253                     <annotation>
 254                         <documentation>
 255                             Value to use as the NameID Format.
 256                         </documentation>
 257                     </annotation>
 258                 </attribute>
 259                 <attribute name="defaultQualifiers" type="boolean">
 260                     <annotation>
 261                         <documentation>
 262                             Flag controlling whether to default in values for NameQualifier/SPNameQualifier if not set.
 263                         </documentation>
 264                     </annotation>
 265                 </attribute>
 266                 <attribute name="formatter" type="am:string">
 267                     <annotation>
 268                         <documentation>
 269                             The pattern used to generate string versions of the attribute's values.
 270                         </documentation>
 271                     </annotation>
 272                 </attribute>
 273             </extension>
 274         </complexContent>
 275     </complexType>
 276
 277     <complexType name="KeyInfoAttributeDecoder">
 278         <annotation>
 279             <documentation>
 280                 Decoder for attributes with ds:KeyInfo values.
 281             </documentation>
 282         </annotation>
 283         <complexContent>
 284             <extension base="am:AttributeDecoderType">
 285                 <sequence>
 286                     <element name="KeyInfoResolver" type="am:PluggableType" minOccurs="0"/>
 287                 </sequence>
 288                 <attribute name="hash" type="boolean">
 289                     <annotation>
 290                         <documentation>
 291                             Flag controlling whether to hash keys before base64-encoding them.
 292                         </documentation>
 293                     </annotation>
 294                 </attribute>
 295                 <attribute name="keyInfoHashAlg" type="am:string">
 296                     <annotation>
 297                         <documentation>
 298                             Crypto-provider-specific name of hash algorithm to use.
 299                         </documentation>
 300                     </annotation>
 301                 </attribute>
 302             </extension>
 303         </complexContent>
 304     </complexType>
 305
 306     <complexType name="XMLAttributeDecoder">
 307         <annotation>
 308             <documentation>
 309                 Decoder for directly serializing XML values.
 310             </documentation>
 311         </annotation>
 312         <complexContent>
 313             <extension base="am:AttributeDecoderType"/>
 314         </complexContent>
 315     </complexType>
 316
 317     <complexType name="DOMAttributeDecoder">
 318         <annotation>
 319             <documentation>
 320                 Decoder for extracting information from XML values.
 321             </documentation>
 322         </annotation>
 323         <complexContent>
 324             <extension base="am:AttributeDecoderType">
 325                 <sequence>
 326                     <element name="Mapping" minOccurs="0">
 327                         <annotation>
 328                             <documentation>Optional transform to turn qualified XML names into string names.</documentation>
 329                         </annotation>
 330                         <complexType>
 331                             <attribute name="from" type="QName" use="required"/>
 332                             <attribute name="to" type="am:string" use="required"/>
 333                         </complexType>
 334                     </element>
 335                 </sequence>
 336                 <attribute name="formatter" type="am:string">
 337                     <annotation>
 338                         <documentation>
 339                             The pattern used to generate strings from the XML.
 340                         </documentation>
 341                     </annotation>
 342                 </attribute>
 343             </extension>
 344         </complexContent>
 345     </complexType>
 346
 347     <complexType name="Base64AttributeDecoder">
 348         <annotation>
 349             <documentation>
 350                 Decoder for attributes with base64-encoded string values.
 351             </documentation>
 352         </annotation>
 353         <complexContent>
 354             <extension base="am:AttributeDecoderType" />
 355         </complexContent>
 356     </complexType>
 357
 358 </schema>