1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
5 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6 xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
7 xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
8 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
9 elementFormDefault="qualified"
10 attributeFormDefault="unqualified"
11 blockDefault="substitution"
14 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
15 <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
16 <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/>
17 <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
21 2.0 schema for XML-based configuration of Shibboleth Native SP instances.
22 First appearing in Shibboleth 2.0 release.
26 <simpleType name="string">
27 <restriction base="string">
28 <minLength value="1"/>
32 <simpleType name="listOfStrings">
33 <list itemType="conf:string"/>
36 <simpleType name="listOfURIs">
37 <list itemType="anyURI"/>
40 <simpleType name="bindingBoolean">
41 <restriction base="string">
42 <enumeration value="true"/>
43 <enumeration value="false"/>
44 <enumeration value="front"/>
45 <enumeration value="back"/>
49 <simpleType name="redirectLimitType">
50 <restriction base="string">
51 <enumeration value="none"/>
52 <enumeration value="exact"/>
53 <enumeration value="host"/>
54 <enumeration value="whitelist"/>
55 <enumeration value="exact+whitelist"/>
56 <enumeration value="host+whitelist"/>
60 <complexType name="PluggableType">
62 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
64 <attribute name="type" type="conf:string" use="required"/>
65 <anyAttribute namespace="##any" processContents="lax"/>
68 <complexType name="ExtensionsType">
70 <documentation>Container for extension libraries and custom configuration</documentation>
73 <element name="Library" minOccurs="0" maxOccurs="unbounded">
76 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
78 <attribute name="path" type="anyURI" use="required"/>
79 <attribute name="fatal" type="boolean"/>
80 <anyAttribute namespace="##any" processContents="lax"/>
83 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
87 <complexType name="StorageServiceType">
89 <documentation>References StorageService plugins</documentation>
92 <restriction base="conf:PluggableType">
94 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
96 <attribute name="id" type="ID" use="required"/>
97 <attribute name="cleanupInterval" type="unsignedInt"/>
98 <anyAttribute namespace="##any" processContents="lax"/>
103 <complexType name="SessionCacheType">
105 <documentation>References SessionCache plugins</documentation>
108 <restriction base="conf:PluggableType">
110 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
112 <attribute name="StorageService" type="IDREF"/>
113 <attribute name="cacheAllowance" type="unsignedInt"/>
114 <attribute name="cacheTimeout" type="unsignedInt"/> <!-- deprecated -->
115 <anyAttribute namespace="##any" processContents="lax"/>
120 <complexType name="ReplayCacheType">
122 <documentation>Ties ReplayCache to a custom StorageService</documentation>
125 <attribute name="StorageService" type="IDREF"/>
128 <complexType name="ArtifactMapType">
130 <documentation>Customizes an ArtifactMap</documentation>
133 <attribute name="StorageService" type="IDREF"/>
134 <attribute name="context" type="conf:string"/>
135 <attribute name="artifactTTL" type="unsignedInt"/>
138 <complexType name="OutOfProcessType">
140 <documentation>Container for out-of-process (shibd) configuration</documentation>
143 <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
144 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
146 <attribute name="logger" type="anyURI"/>
147 <attribute name="tranLogFormat" type="conf:string"/>
148 <attribute name="tranLogFiller" type="conf:string"/>
149 <attribute name="catchAll" type="boolean"/>
150 <anyAttribute namespace="##other" processContents="lax"/>
153 <complexType name="InProcessType">
156 Container for configuration of locally integrated or platform-specific
157 features (e.g. web server filters)
161 <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
162 <element name="ISAPI" minOccurs="0">
165 <element name="Site" maxOccurs="unbounded">
168 <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
170 <attribute name="id" type="unsignedInt" use="required"/>
171 <attribute name="name" type="conf:string" use="required"/>
172 <attribute name="port" type="unsignedInt"/>
173 <attribute name="sslport" type="unsignedInt"/>
174 <attribute name="scheme" type="conf:string"/>
177 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
179 <attribute name="normalizeRequest" type="boolean"/>
180 <attribute name="safeHeaderNames" type="boolean"/>
181 <anyAttribute namespace="##other" processContents="lax"/>
184 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
186 <attribute name="logger" type="anyURI"/>
187 <attribute name="unsetHeaderValue" type="conf:string"/>
188 <attribute name="checkSpoofing" type="boolean"/>
189 <attribute name="spoofKey" type="conf:string"/>
190 <attribute name="catchAll" type="boolean"/>
191 <attribute name="extraAuthTypes" type="conf:listOfStrings"/>
192 <anyAttribute namespace="##other" processContents="lax"/>
195 <element name="AccessControl" type="conf:UniOperatorType">
198 A simple example access policy language extension that supersedes Apache .htaccess
202 <complexType name="UniOperatorType">
204 <element name="AND" type="conf:MultiOperatorType"/>
205 <element name="OR" type="conf:MultiOperatorType"/>
206 <element name="NOT" type="conf:UniOperatorType"/>
207 <element name="Rule" type="conf:RuleType"/>
208 <element name="RuleRegex" type="conf:RuleRegexType"/>
211 <complexType name="MultiOperatorType">
212 <choice minOccurs="2" maxOccurs="unbounded">
213 <element name="AND" type="conf:MultiOperatorType"/>
214 <element name="OR" type="conf:MultiOperatorType"/>
215 <element name="NOT" type="conf:UniOperatorType"/>
216 <element name="Rule" type="conf:RuleType"/>
217 <element name="RuleRegex" type="conf:RuleRegexType"/>
220 <complexType name="RuleType">
222 <extension base="conf:listOfStrings">
223 <attribute name="require" type="conf:string" use="required"/>
224 <attribute name="list" type="boolean"/>
228 <complexType name="RuleRegexType">
230 <extension base="conf:string">
231 <attribute name="require" type="conf:string" use="required"/>
232 <attribute name="ignoreCase" type="boolean"/>
237 <attributeGroup name="ContentSettings">
238 <attribute name="applicationId" type="conf:string"/>
239 <attribute name="authType" type="conf:string"/>
240 <attribute name="requireSession" type="boolean"/>
241 <attribute name="requireSessionWith" type="conf:string"/>
242 <attribute name="exportAssertion" type="boolean"/>
243 <attribute name="exportStdVars" type="boolean"/>
244 <attribute name="redirectToSSL" type="unsignedInt"/>
245 <attribute name="entityID" type="anyURI"/>
246 <attribute name="discoveryURL" type="anyURI"/>
247 <attribute name="isPassive" type="boolean"/>
248 <attribute name="returnOnError" type="boolean"/>
249 <attribute name="forceAuthn" type="boolean"/>
250 <attribute name="authnContextClassRef" type="conf:listOfURIs"/>
251 <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
252 <attribute name="NameIDFormat" type="anyURI"/>
253 <attribute name="SPNameQualifier" type="conf:string"/>
254 <attribute name="redirectErrors" type="anyURI"/>
255 <attribute name="sessionError" type="anyURI"/>
256 <attribute name="metadataError" type="anyURI"/>
257 <attribute name="accessError" type="anyURI"/>
258 <attribute name="sslError" type="anyURI"/>
259 <attribute name="target" type="anyURI"/>
260 <attribute name="acsIndex" type="unsignedShort"/>
261 <attribute name="REMOTE_ADDR" type="conf:string"/>
262 <attribute name="encoding" type="conf:string"/>
263 <anyAttribute namespace="##other" processContents="lax"/>
266 <element name="RequestMap">
269 Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
274 <choice minOccurs="0">
275 <element name="htaccess" type="conf:PluggableType"/>
276 <element ref="conf:AccessControl"/>
277 <element name="AccessControlProvider" type="conf:PluggableType"/>
279 <choice minOccurs="0" maxOccurs="unbounded">
280 <element name="Host" type="conf:HostType"/>
281 <element name="HostRegex" type="conf:HostRegexType"/>
283 <element ref="ds:Signature" minOccurs="0"/>
285 <attribute name="unicodeAware" type="boolean"/>
286 <attributeGroup ref="conf:ContentSettings"/>
290 <complexType name="HostType">
292 <choice minOccurs="0">
293 <element name="htaccess" type="conf:PluggableType"/>
294 <element ref="conf:AccessControl"/>
295 <element name="AccessControlProvider" type="conf:PluggableType"/>
297 <choice minOccurs="0" maxOccurs="unbounded">
298 <element name="Path" type="conf:PathType"/>
299 <element name="PathRegex" type="conf:PathRegexType"/>
300 <element name="Query" type="conf:QueryType"/>
303 <attribute name="scheme">
305 <restriction base="conf:string">
306 <enumeration value="http"/>
307 <enumeration value="https"/>
308 <enumeration value="ftp"/>
309 <enumeration value="ldap"/>
310 <enumeration value="ldaps"/>
314 <attribute name="name" type="conf:string" use="required"/>
315 <attribute name="port" type="unsignedInt"/>
316 <attributeGroup ref="conf:ContentSettings"/>
319 <complexType name="HostRegexType">
321 <choice minOccurs="0">
322 <element name="htaccess" type="conf:PluggableType"/>
323 <element ref="conf:AccessControl"/>
324 <element name="AccessControlProvider" type="conf:PluggableType"/>
326 <choice minOccurs="0" maxOccurs="unbounded">
327 <element name="Path" type="conf:PathType"/>
328 <element name="PathRegex" type="conf:PathRegexType"/>
329 <element name="Query" type="conf:QueryType"/>
332 <attribute name="regex" type="conf:string" use="required"/>
333 <attribute name="ignoreCase" type="boolean"/>
334 <attributeGroup ref="conf:ContentSettings"/>
337 <complexType name="PathType">
339 <choice minOccurs="0">
340 <element name="htaccess" type="conf:PluggableType"/>
341 <element ref="conf:AccessControl"/>
342 <element name="AccessControlProvider" type="conf:PluggableType"/>
344 <choice minOccurs="0" maxOccurs="unbounded">
345 <element name="Path" type="conf:PathType"/>
346 <element name="PathRegex" type="conf:PathRegexType"/>
347 <element name="Query" type="conf:QueryType"/>
350 <attribute name="name" type="conf:string" use="required"/>
351 <attributeGroup ref="conf:ContentSettings"/>
354 <complexType name="PathRegexType">
356 <choice minOccurs="0">
357 <element name="htaccess" type="conf:PluggableType"/>
358 <element ref="conf:AccessControl"/>
359 <element name="AccessControlProvider" type="conf:PluggableType"/>
361 <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
363 <attribute name="regex" type="conf:string" use="required"/>
364 <attribute name="ignoreCase" type="boolean"/>
365 <attributeGroup ref="conf:ContentSettings"/>
368 <complexType name="QueryType">
370 <choice minOccurs="0">
371 <element name="htaccess" type="conf:PluggableType"/>
372 <element ref="conf:AccessControl"/>
373 <element name="AccessControlProvider" type="conf:PluggableType"/>
375 <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
377 <attribute name="name" type="conf:string" use="required"/>
378 <attribute name="regex" type="conf:string"/>
379 <attributeGroup ref="conf:ContentSettings"/>
382 <complexType name="ApplicationDefaultsType">
384 <documentation>Container for default settings and application-specific overrides</documentation>
387 <element name="Sessions" type="conf:SessionsType"/>
388 <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
389 <choice minOccurs="0" maxOccurs="unbounded">
390 <element name="RelyingParty" type="conf:RelyingPartyType"/>
391 <element name="Notify" type="conf:NotifyType"/>
392 <element ref="saml:Audience"/>
393 <element name="MetadataProvider" type="conf:PluggableType"/>
394 <element name="TrustEngine" type="conf:PluggableType"/>
395 <element name="AttributeExtractor" type="conf:PluggableType"/>
396 <element name="AttributeResolver" type="conf:PluggableType"/>
397 <element name="AttributeFilter" type="conf:PluggableType"/>
398 <element name="CredentialResolver" type="conf:PluggableType"/>
399 <element name="ApplicationOverride" type="conf:ApplicationOverrideType"/>
402 <attribute name="id" type="conf:string" fixed="default"/>
403 <attribute name="entityID" type="anyURI" use="required"/>
404 <attribute name="policyId" type="conf:string"/>
405 <attributeGroup ref="conf:ApplicationGroup"/>
406 <attributeGroup ref="conf:RelyingPartyGroup"/>
407 <anyAttribute namespace="##other" processContents="lax"/>
410 <complexType name="ApplicationOverrideType">
412 <documentation>Container for application-specific overrides</documentation>
415 <element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
416 <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
417 <choice minOccurs="0" maxOccurs="unbounded">
418 <element name="RelyingParty" type="conf:RelyingPartyType"/>
419 <element name="Notify" type="conf:NotifyType"/>
420 <element ref="saml:Audience"/>
421 <element name="MetadataProvider" type="conf:PluggableType"/>
422 <element name="TrustEngine" type="conf:PluggableType"/>
423 <element name="AttributeExtractor" type="conf:PluggableType"/>
424 <element name="AttributeResolver" type="conf:PluggableType"/>
425 <element name="AttributeFilter" type="conf:PluggableType"/>
426 <element name="CredentialResolver" type="conf:PluggableType"/>
429 <attribute name="id" type="conf:string" use="required"/>
430 <attribute name="entityID" type="anyURI"/>
431 <attribute name="policyId" type="conf:string"/>
432 <attributeGroup ref="conf:ApplicationGroup"/>
433 <attributeGroup ref="conf:RelyingPartyGroup"/>
434 <anyAttribute namespace="##other" processContents="lax"/>
437 <attributeGroup name="ApplicationGroup">
438 <attribute name="homeURL" type="anyURI"/>
439 <attribute name="REMOTE_USER" type="conf:listOfStrings"/>
440 <attribute name="unsetHeaders" type="conf:listOfStrings"/>
441 <attribute name="metadataAttributePrefix" type="conf:string"/>
442 <attribute name="attributePrefix" type="conf:string"/>
445 <attributeGroup name="RelyingPartyGroup">
446 <attribute name="authType" type="conf:string"/>
447 <attribute name="authUsername" type="conf:string"/>
448 <attribute name="authPassword" type="conf:string"/>
449 <attribute name="signing" type="conf:bindingBoolean"/>
450 <attribute name="signingAlg" type="anyURI"/>
451 <attribute name="digestAlg" type="anyURI"/>
452 <attribute name="encryption" type="conf:bindingBoolean"/>
453 <attribute name="encryptionAlg" type="anyURI"/>
454 <attribute name="keyName" type="conf:string"/>
455 <attribute name="artifactEndpointIndex" type="unsignedShort"/>
456 <attribute name="chunkedEncoding" type="boolean"/>
457 <attribute name="connectTimeout" type="unsignedShort"/>
458 <attribute name="timeout" type="unsignedShort"/>
459 <attribute name="requireConfidentiality" type="boolean"/>
460 <attribute name="requireTransportAuth" type="boolean"/>
461 <attribute name="requireSignedAssertions" type="boolean"/>
462 <attribute name="sessionHook" type="anyURI"/>
465 <complexType name="SessionsType">
467 <documentation>Container for specifying protocol handlers and session policy</documentation>
470 <element name="SSO" minOccurs="0">
473 <documentation>Implicitly configures SessionInitiator and AssertionConsumerService handlers</documentation>
476 <extension base="conf:listOfStrings">
477 <attribute name="discoveryProtocol" type="conf:string"/>
478 <attribute name="discoveryURL" type="anyURI"/>
479 <attributeGroup ref="conf:SessionInitiatorGroup"/>
484 <element name="Logout" minOccurs="0">
487 <documentation>Implicitly configures LogoutInitiator and SingleLogoutService handlers</documentation>
490 <extension base="conf:listOfStrings">
491 <attributeGroup ref="conf:LogoutInitiatorGroup"/>
496 <element name="NameIDMgmt" type="conf:listOfStrings" minOccurs="0">
498 <documentation>Implicitly configures ManageNameIDService handlers</documentation>
501 <choice minOccurs="0" maxOccurs="unbounded">
502 <element ref="conf:SessionInitiator"/>
503 <element ref="conf:LogoutInitiator"/>
504 <element ref="md:AssertionConsumerService"/>
505 <element ref="md:ArtifactResolutionService"/>
506 <element ref="md:SingleLogoutService"/>
507 <element ref="md:ManageNameIDService"/>
508 <element ref="conf:Handler"/>
511 <attribute name="handlerURL" type="anyURI"/>
512 <attribute name="handlerSSL" type="boolean"/>
513 <attribute name="exportLocation" type="conf:string"/>
514 <attribute name="exportACL" type="conf:listOfStrings"/>
515 <attribute name="cookieName" type="conf:string"/>
516 <attribute name="cookieProps" type="conf:string"/>
517 <attribute name="cookieLifetime" type="unsignedInt"/>
518 <attribute name="idpHistory" type="boolean"/>
519 <attribute name="idpHistoryDays" type="unsignedInt"/>
520 <attribute name="lifetime" type="unsignedInt"/>
521 <attribute name="timeout" type="unsignedInt"/>
522 <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>
523 <attribute name="checkAddress" type="boolean"/>
524 <attribute name="consistentAddress" type="boolean"/>
525 <attribute name="postData" type="conf:string"/>
526 <attribute name="postLimit" type="positiveInteger"/>
527 <attribute name="postTemplate" type="conf:string"/>
528 <attribute name="postExpire" type="boolean"/>
529 <attribute name="relayState" type="conf:string"/>
530 <attribute name="relayStateLimit" type="conf:redirectLimitType"/>
531 <attribute name="relayStateWhitelist" type="conf:listOfURIs"/>
532 <attribute name="redirectLimit" type="conf:redirectLimitType"/>
533 <attribute name="redirectWhitelist" type="conf:listOfURIs"/>
534 <anyAttribute namespace="##other" processContents="lax"/>
537 <attribute name="policyId" type="conf:string">
539 <documentation>Used to override Policy from profile endpoints</documentation>
543 <attributeGroup name="SessionInitiatorGroup">
545 <documentation>Options common to explicit and implicit SessionInitiators</documentation>
547 <attribute name="relayState" type="conf:string"/>
548 <attribute name="entityIDParam" type="conf:string"/>
549 <attribute name="entityID" type="anyURI"/>
550 <attribute name="outgoingBindings" type="conf:listOfURIs"/>
551 <attribute name="preservedOptions" type="conf:listOfStrings"/>
552 <attribute name="template" type="anyURI"/>
553 <attribute name="postArtifact" type="boolean"/>
554 <attribute name="acsByIndex" type="boolean"/>
555 <attribute name="isPassive" type="boolean"/>
556 <attribute name="returnOnError" type="boolean"/>
557 <attribute name="forceAuthn" type="boolean"/>
558 <attribute name="authnContextClassRef" type="anyURI"/>
559 <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
560 <attribute name="NameIDFormat" type="anyURI"/>
561 <attribute name="SPNameQualifier" type="conf:string"/>
562 <attribute name="requestDelegation" type="boolean"/>
563 <attribute name="target" type="anyURI"/>
564 <anyAttribute namespace="##any" processContents="lax"/>
567 <element name="SessionInitiator">
569 <documentation>Used to specify handlers that can issue AuthnRequests or perform discovery</documentation>
573 <restriction base="conf:PluggableType">
575 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
577 <attribute name="Location" type="anyURI"/>
578 <attribute name="id" type="conf:string"/>
579 <attribute name="isDefault" type="boolean"/>
580 <attribute name="URL" type="anyURI"/>
581 <attribute name="acsIndex" type="unsignedShort"/>
582 <attribute name="defaultACSIndex" type="unsignedShort"/> <!-- deprecated -->
583 <attributeGroup ref="conf:SessionInitiatorGroup"/>
589 <attributeGroup name="LogoutInitiatorGroup">
591 <documentation>Options common to explicit and implicit LogoutInitiators</documentation>
593 <attribute name="relayState" type="conf:string"/>
594 <attribute name="outgoingBindings" type="conf:listOfURIs"/>
595 <attribute name="template" type="anyURI"/>
596 <attribute name="postArtifact" type="boolean"/>
597 <anyAttribute namespace="##any" processContents="lax"/>
600 <element name="LogoutInitiator">
602 <documentation>Used to specify handlers that can issue LogoutRequests</documentation>
606 <restriction base="conf:PluggableType">
608 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
610 <attribute name="Location" type="anyURI"/>
611 <attributeGroup ref="conf:LogoutInitiatorGroup"/>
617 <element name="Handler">
619 <documentation>Used to specify custom handlers</documentation>
623 <restriction base="conf:PluggableType">
625 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
627 <attribute name="Location" type="anyURI" use="required"/>
628 <attribute name="acl" type="conf:listOfStrings"/>
629 <anyAttribute namespace="##any" processContents="lax"/>
635 <complexType name="ErrorsType">
637 <documentation>Container for error templates and associated details</documentation>
640 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
642 <attribute name="redirectErrors" type="anyURI"/>
643 <attribute name="session" type="anyURI"/>
644 <attribute name="metadata" type="anyURI"/>
645 <attribute name="access" type="anyURI"/>
646 <attribute name="ssl" type="anyURI"/>
647 <attribute name="localLogout" type="anyURI"/>
648 <attribute name="globalLogout" type="anyURI"/>
649 <attribute name="partialLogout" type="anyURI"/>
650 <attribute name="supportContact" type="conf:string"/>
651 <attribute name="logoLocation" type="anyURI"/>
652 <attribute name="helpLocation" type="anyURI"/>
653 <attribute name="styleSheet" type="anyURI"/>
654 <anyAttribute namespace="##any" processContents="lax"/>
657 <complexType name="RelyingPartyType">
659 <documentation>Container for specifying settings to use with particular peers</documentation>
662 <attribute name="Name" type="conf:string" use="required"/>
663 <attributeGroup ref="conf:RelyingPartyGroup"/>
664 <attribute name="entityID" type="anyURI"/>
665 <anyAttribute namespace="##other" processContents="lax"/>
668 <complexType name="NotifyType">
670 <documentation>Used to specify locations to receive application notifications</documentation>
673 <attribute name="Channel" use="required">
675 <restriction base="string">
676 <enumeration value="front"/>
677 <enumeration value="back"/>
681 <attribute name="Location" type="anyURI" use="required"/>
682 <anyAttribute namespace="##any" processContents="lax"/>
685 <element name="SecurityPolicies">
688 <documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>
691 <element name="Policy" minOccurs="1" maxOccurs="unbounded">
693 <documentation>Specifies a set of SecurityPolicyRule plugins</documentation>
697 <element name="Rule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
698 <element name="PolicyRule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
700 <attribute name="id" type="conf:string" use="required"/>
701 <attribute name="validate" type="boolean"/>
702 <anyAttribute namespace="##any" processContents="lax"/>
705 <choice minOccurs="0">
706 <element name="AlgorithmWhitelist" type="conf:listOfURIs"/>
707 <element name="AlgorithmBlacklist" type="conf:listOfURIs"/>
713 <element name="TransportOption">
715 <documentation>Implementation-specific option to pass to SOAPTransport provider.</documentation>
719 <extension base="anySimpleType">
720 <attribute name="provider" type="conf:string" use="required"/>
721 <attribute name="option" type="conf:string" use="required"/>
727 <element name="SPConfig">
730 <documentation>Root of configuration</documentation>
733 <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
734 <element name="OutOfProcess" type="conf:OutOfProcessType" minOccurs="0"/>
735 <element name="InProcess" type="conf:InProcessType" minOccurs="0"/>
736 <choice minOccurs="0">
737 <element name="UnixListener">
739 <attribute name="address" type="conf:string" use="required"/>
740 <attribute name="stackSize" type="unsignedInt"/>
743 <element name="TCPListener">
745 <attribute name="address" type="conf:string" use="required"/>
746 <attribute name="port" type="unsignedInt" use="required"/>
747 <attribute name="acl" type="conf:listOfStrings"/>
748 <attribute name="stackSize" type="unsignedInt"/>
751 <element name="Listener" type="conf:PluggableType"/>
753 <element name="StorageService" type="conf:StorageServiceType" minOccurs="0" maxOccurs="unbounded"/>
754 <element name="SessionCache" type="conf:SessionCacheType" minOccurs="0"/>
755 <element name="ReplayCache" type="conf:ReplayCacheType" minOccurs="0"/>
756 <element name="ArtifactMap" type="conf:ArtifactMapType" minOccurs="0"/>
757 <element name="RequestMapper" type="conf:PluggableType" minOccurs="0"/>
758 <element name="ApplicationDefaults" type="conf:ApplicationDefaultsType"/>
760 <element name="SecurityPolicyProvider" type="conf:PluggableType"/>
761 <element ref="conf:SecurityPolicies"/> <!-- deprecated -->
763 <element name="ProtocolProvider" type="conf:PluggableType" minOccurs="0"/>
764 <element ref="conf:TransportOption" minOccurs="0" maxOccurs="unbounded"/>
765 <element ref="ds:Signature" minOccurs="0"/>
767 <attribute name="logger" type="anyURI"/>
768 <attribute name="clockSkew" type="unsignedInt"/>
769 <attribute name="unsafeChars" type="conf:string"/>
770 <attribute name="allowedSchemes" type="conf:listOfStrings"/>
771 <attribute name="langFromClient" type="boolean"/>
772 <attribute name="langPriority" type="conf:listOfStrings"/>
773 <attribute name="contactPriority" type="conf:listOfStrings"/>
774 <anyAttribute namespace="##other" processContents="lax"/>