projects / shibboleth / cpp-sp.git / blob
? search:


045bf3946e70ed41a68f4561dce5f1c49f636d81
[shibboleth/cpp-sp.git] / schemas / shibboleth-2.0-native-sp-config.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
3         xmlns="http://www.w3.org/2001/XMLSchema"
4         xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
5   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6         xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
7         xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
8         xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
9         elementFormDefault="qualified"
10         attributeFormDefault="unqualified"
11         blockDefault="substitution"
12         version="2.5">
13
14   <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
15   <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
16   <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/>
17   <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
18
19   <annotation>
20     <documentation>
21       2.0 schema for XML-based configuration of Shibboleth Native SP instances.
22       First appearing in Shibboleth 2.0 release.
23     </documentation>
24   </annotation>
25
26   <simpleType name="string">
27     <restriction base="string">
28       <minLength value="1"/>
29     </restriction>
30   </simpleType>
31
32   <simpleType name="listOfStrings">
33     <list itemType="conf:string"/>
34   </simpleType>
35
36   <simpleType name="listOfURIs">
37     <list itemType="anyURI"/>
38   </simpleType>
39
40   <simpleType name="bindingBoolean">
41     <restriction base="string">
42       <enumeration value="true"/>
43       <enumeration value="false"/>
44       <enumeration value="front"/>
45       <enumeration value="back"/>
46     </restriction>
47   </simpleType>
48
49   <simpleType name="redirectLimitType">
50     <restriction base="string">
51       <enumeration value="none"/>
52       <enumeration value="exact"/>
53       <enumeration value="host"/>
54       <enumeration value="whitelist"/>
55       <enumeration value="exact+whitelist"/>
56       <enumeration value="host+whitelist"/>
57     </restriction>
58   </simpleType>
59
60   <complexType name="PluggableType">
61     <sequence>
62       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
63     </sequence>
64     <attribute name="type" type="conf:string" use="required"/>
65     <anyAttribute namespace="##any" processContents="lax"/>
66   </complexType>
67
68   <complexType name="ExtensionsType">
69     <annotation>
70       <documentation>Container for extension libraries and custom configuration</documentation>
71     </annotation>
72     <sequence>
73       <element name="Library" minOccurs="0" maxOccurs="unbounded">
74         <complexType>
75           <sequence>
76             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
77           </sequence>
78           <attribute name="path" type="anyURI" use="required"/>
79           <attribute name="fatal" type="boolean"/>
80           <anyAttribute namespace="##any" processContents="lax"/>
81         </complexType>
82       </element>
83       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
84     </sequence>
85   </complexType>
86
87   <complexType name="StorageServiceType">
88     <annotation>
89       <documentation>References StorageService plugins</documentation>
90     </annotation>
91     <complexContent>
92       <restriction base="conf:PluggableType">
93         <sequence>
94           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
95         </sequence>
96         <attribute name="id" type="ID" use="required"/>
97         <attribute name="cleanupInterval" type="unsignedInt"/>
98         <anyAttribute namespace="##any" processContents="lax"/>
99       </restriction>
100     </complexContent>
101   </complexType>
102
103   <complexType name="SessionCacheType">
104     <annotation>
105       <documentation>References SessionCache plugins</documentation>
106     </annotation>
107     <complexContent>
108       <restriction base="conf:PluggableType">
109         <sequence>
110           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
111         </sequence>
112         <attribute name="StorageService" type="IDREF"/>
113         <attribute name="cacheAllowance" type="unsignedInt"/>
114         <attribute name="cacheTimeout" type="unsignedInt"/> <!-- deprecated -->
115         <anyAttribute namespace="##any" processContents="lax"/>
116       </restriction>
117     </complexContent>
118   </complexType>
119
120   <complexType name="ReplayCacheType">
121     <annotation>
122       <documentation>Ties ReplayCache to a custom StorageService</documentation>
123     </annotation>
124     <sequence/>
125     <attribute name="StorageService" type="IDREF"/>
126   </complexType>
127
128   <complexType name="ArtifactMapType">
129     <annotation>
130       <documentation>Customizes an ArtifactMap</documentation>
131     </annotation>
132     <sequence/>
133     <attribute name="StorageService" type="IDREF"/>
134     <attribute name="context" type="conf:string"/>
135     <attribute name="artifactTTL" type="unsignedInt"/>
136   </complexType>
137
138   <complexType name="OutOfProcessType">
139     <annotation>
140       <documentation>Container for out-of-process (shibd) configuration</documentation>
141     </annotation>
142     <sequence>
143       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
144       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
145     </sequence>
146     <attribute name="logger" type="anyURI"/>
147     <attribute name="tranLogFormat" type="conf:string"/>
148     <attribute name="tranLogFiller" type="conf:string"/>
149     <attribute name="catchAll" type="boolean"/>
150     <anyAttribute namespace="##other" processContents="lax"/>
151   </complexType>
152
153   <complexType name="InProcessType">
154     <annotation>
155       <documentation>
156         Container for configuration of locally integrated or platform-specific
157         features (e.g. web server filters)
158       </documentation>
159     </annotation>
160     <sequence>
161       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
162       <element name="ISAPI" minOccurs="0">
163         <complexType>
164           <sequence>
165             <element name="Site" maxOccurs="unbounded">
166               <complexType>
167                 <sequence>
168                   <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
169                 </sequence>
170                 <attribute name="id" type="unsignedInt" use="required"/>
171                 <attribute name="name" type="conf:string" use="required"/>
172                 <attribute name="port" type="unsignedInt"/>
173                 <attribute name="sslport" type="unsignedInt"/>
174                 <attribute name="scheme" type="conf:string"/>
175               </complexType>
176             </element>
177             <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
178           </sequence>
179           <attribute name="normalizeRequest" type="boolean"/>
180           <attribute name="safeHeaderNames" type="boolean"/>
181           <anyAttribute namespace="##other" processContents="lax"/>
182         </complexType>
183       </element>
184       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
185     </sequence>
186     <attribute name="logger" type="anyURI"/>
187     <attribute name="unsetHeaderValue" type="conf:string"/>
188     <attribute name="checkSpoofing" type="boolean"/>
189     <attribute name="spoofKey" type="conf:string"/>
190     <attribute name="catchAll" type="boolean"/>
191     <attribute name="extraAuthTypes" type="conf:listOfStrings"/>
192     <anyAttribute namespace="##other" processContents="lax"/>
193   </complexType>
194
195   <element name="AccessControl" type="conf:UniOperatorType">
196     <annotation>
197       <documentation>
198         A simple example access policy language extension that supersedes Apache .htaccess
199       </documentation>
200     </annotation>
201   </element>
202   <complexType name="UniOperatorType">
203     <choice>
204       <element name="AND" type="conf:MultiOperatorType"/>
205       <element name="OR" type="conf:MultiOperatorType"/>
206       <element name="NOT" type="conf:UniOperatorType"/>
207       <element name="Rule" type="conf:RuleType"/>
208       <element name="RuleRegex" type="conf:RuleRegexType"/>
209     </choice>
210   </complexType>
211   <complexType name="MultiOperatorType">
212     <choice minOccurs="2" maxOccurs="unbounded">
213       <element name="AND" type="conf:MultiOperatorType"/>
214       <element name="OR" type="conf:MultiOperatorType"/>
215       <element name="NOT" type="conf:UniOperatorType"/>
216       <element name="Rule" type="conf:RuleType"/>
217       <element name="RuleRegex" type="conf:RuleRegexType"/>
218     </choice>
219   </complexType>
220   <complexType name="RuleType">
221     <simpleContent>
222       <extension base="conf:listOfStrings">
223         <attribute name="require" type="conf:string" use="required"/>
224         <attribute name="list" type="boolean"/>
225       </extension>
226     </simpleContent>
227   </complexType>
228   <complexType name="RuleRegexType">
229     <simpleContent>
230       <extension base="conf:string">
231         <attribute name="require" type="conf:string" use="required"/>
232         <attribute name="ignoreCase" type="boolean"/>
233       </extension>
234     </simpleContent>
235   </complexType>
236
237   <attributeGroup name="ContentSettings">
238     <attribute name="applicationId" type="conf:string"/>
239     <attribute name="authType" type="conf:string"/>
240     <attribute name="requireSession" type="boolean"/>
241     <attribute name="requireSessionWith" type="conf:string"/>
242     <attribute name="exportAssertion" type="boolean"/>
243     <attribute name="exportStdVars" type="boolean"/>
244     <attribute name="redirectToSSL" type="unsignedInt"/>
245     <attribute name="entityID" type="anyURI"/>
246     <attribute name="discoveryURL" type="anyURI"/>
247     <attribute name="isPassive" type="boolean"/>
248     <attribute name="returnOnError" type="boolean"/>
249     <attribute name="forceAuthn" type="boolean"/>
250     <attribute name="authnContextClassRef" type="conf:listOfURIs"/>
251     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
252     <attribute name="NameIDFormat" type="anyURI"/>
253     <attribute name="SPNameQualifier" type="conf:string"/>
254     <attribute name="redirectErrors" type="anyURI"/>
255     <attribute name="sessionError" type="anyURI"/>
256     <attribute name="metadataError" type="anyURI"/>
257     <attribute name="accessError" type="anyURI"/>
258     <attribute name="sslError" type="anyURI"/>
259     <attribute name="target" type="anyURI"/>
260     <attribute name="acsIndex" type="unsignedShort"/>
261     <attribute name="REMOTE_ADDR" type="conf:string"/>
262     <attribute name="encoding" type="conf:string"/>
263     <anyAttribute namespace="##other" processContents="lax"/>
264   </attributeGroup>
265
266   <element name="RequestMap">
267     <annotation>
268       <documentation>
269         Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
270       </documentation>
271     </annotation>
272     <complexType>
273       <sequence>
274         <choice minOccurs="0">
275           <element name="htaccess" type="conf:PluggableType"/>
276           <element ref="conf:AccessControl"/>
277           <element name="AccessControlProvider" type="conf:PluggableType"/>
278         </choice>
279         <choice minOccurs="0" maxOccurs="unbounded">
280           <element name="Host" type="conf:HostType"/>
281           <element name="HostRegex" type="conf:HostRegexType"/>
282         </choice>
283         <element ref="ds:Signature" minOccurs="0"/>
284       </sequence>
285       <attribute name="unicodeAware" type="boolean"/>
286       <attributeGroup ref="conf:ContentSettings"/>
287     </complexType>
288   </element>
289
290   <complexType name="HostType">
291     <sequence>
292       <choice minOccurs="0">
293         <element name="htaccess" type="conf:PluggableType"/>
294         <element ref="conf:AccessControl"/>
295         <element name="AccessControlProvider" type="conf:PluggableType"/>
296       </choice>
297       <choice minOccurs="0" maxOccurs="unbounded">
298         <element name="Path" type="conf:PathType"/>
299         <element name="PathRegex" type="conf:PathRegexType"/>
300         <element name="Query" type="conf:QueryType"/>
301       </choice>
302     </sequence>
303     <attribute name="scheme">
304       <simpleType>
305         <restriction base="conf:string">
306           <enumeration value="http"/>
307           <enumeration value="https"/>
308           <enumeration value="ftp"/>
309           <enumeration value="ldap"/>
310           <enumeration value="ldaps"/>
311         </restriction>
312       </simpleType>
313     </attribute>
314     <attribute name="name" type="conf:string" use="required"/>
315     <attribute name="port" type="unsignedInt"/>
316     <attributeGroup ref="conf:ContentSettings"/>
317   </complexType>
318
319   <complexType name="HostRegexType">
320     <sequence>
321       <choice minOccurs="0">
322         <element name="htaccess" type="conf:PluggableType"/>
323         <element ref="conf:AccessControl"/>
324         <element name="AccessControlProvider" type="conf:PluggableType"/>
325       </choice>
326       <choice minOccurs="0" maxOccurs="unbounded">
327         <element name="Path" type="conf:PathType"/>
328         <element name="PathRegex" type="conf:PathRegexType"/>
329         <element name="Query" type="conf:QueryType"/>
330       </choice>
331     </sequence>
332     <attribute name="regex" type="conf:string" use="required"/>
333     <attribute name="ignoreCase" type="boolean"/>
334     <attributeGroup ref="conf:ContentSettings"/>
335   </complexType>
336
337   <complexType name="PathType">
338     <sequence>
339       <choice minOccurs="0">
340         <element name="htaccess" type="conf:PluggableType"/>
341         <element ref="conf:AccessControl"/>
342         <element name="AccessControlProvider" type="conf:PluggableType"/>
343       </choice>
344       <choice minOccurs="0" maxOccurs="unbounded">
345         <element name="Path" type="conf:PathType"/>
346         <element name="PathRegex" type="conf:PathRegexType"/>
347         <element name="Query" type="conf:QueryType"/>
348       </choice>
349     </sequence>
350     <attribute name="name" type="conf:string" use="required"/>
351     <attributeGroup ref="conf:ContentSettings"/>
352   </complexType>
353
354   <complexType name="PathRegexType">
355     <sequence>
356       <choice minOccurs="0">
357         <element name="htaccess" type="conf:PluggableType"/>
358         <element ref="conf:AccessControl"/>
359         <element name="AccessControlProvider" type="conf:PluggableType"/>
360       </choice>
361       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
362     </sequence>
363     <attribute name="regex" type="conf:string" use="required"/>
364     <attribute name="ignoreCase" type="boolean"/>
365     <attributeGroup ref="conf:ContentSettings"/>
366   </complexType>
367
368   <complexType name="QueryType">
369     <sequence>
370       <choice minOccurs="0">
371         <element name="htaccess" type="conf:PluggableType"/>
372         <element ref="conf:AccessControl"/>
373         <element name="AccessControlProvider" type="conf:PluggableType"/>
374       </choice>
375       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
376     </sequence>
377     <attribute name="name" type="conf:string" use="required"/>
378     <attribute name="regex" type="conf:string"/>
379     <attributeGroup ref="conf:ContentSettings"/>
380   </complexType>
381
382   <complexType name="ApplicationDefaultsType">
383     <annotation>
384       <documentation>Container for default settings and application-specific overrides</documentation>
385     </annotation>
386     <sequence>
387       <element name="Sessions" type="conf:SessionsType"/>
388       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
389       <choice minOccurs="0" maxOccurs="unbounded">
390         <element name="RelyingParty" type="conf:RelyingPartyType"/>
391         <element name="Notify" type="conf:NotifyType"/>
392         <element ref="saml:Audience"/>
393         <element name="MetadataProvider" type="conf:PluggableType"/>
394         <element name="TrustEngine" type="conf:PluggableType"/>
395         <element name="AttributeExtractor" type="conf:PluggableType"/>
396         <element name="AttributeResolver" type="conf:PluggableType"/>
397         <element name="AttributeFilter" type="conf:PluggableType"/>
398         <element name="CredentialResolver" type="conf:PluggableType"/>
399         <element name="ApplicationOverride" type="conf:ApplicationOverrideType"/>
400       </choice>
401     </sequence>
402     <attribute name="id" type="conf:string" fixed="default"/>
403     <attribute name="entityID" type="anyURI" use="required"/>
404     <attribute name="policyId" type="conf:string"/>
405     <attributeGroup ref="conf:ApplicationGroup"/>
406     <attributeGroup ref="conf:RelyingPartyGroup"/>
407     <anyAttribute namespace="##other" processContents="lax"/>
408   </complexType>
409
410   <complexType name="ApplicationOverrideType">
411     <annotation>
412       <documentation>Container for application-specific overrides</documentation>
413     </annotation>
414     <sequence>
415       <element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
416       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
417       <choice minOccurs="0" maxOccurs="unbounded">
418         <element name="RelyingParty" type="conf:RelyingPartyType"/>
419         <element name="Notify" type="conf:NotifyType"/>
420         <element ref="saml:Audience"/>
421         <element name="MetadataProvider" type="conf:PluggableType"/>
422         <element name="TrustEngine" type="conf:PluggableType"/>
423         <element name="AttributeExtractor" type="conf:PluggableType"/>
424         <element name="AttributeResolver" type="conf:PluggableType"/>
425         <element name="AttributeFilter" type="conf:PluggableType"/>
426         <element name="CredentialResolver" type="conf:PluggableType"/>
427       </choice>
428     </sequence>
429     <attribute name="id" type="conf:string" use="required"/>
430     <attribute name="entityID" type="anyURI"/>
431     <attribute name="policyId" type="conf:string"/>
432     <attributeGroup ref="conf:ApplicationGroup"/>
433     <attributeGroup ref="conf:RelyingPartyGroup"/>
434     <anyAttribute namespace="##other" processContents="lax"/>
435   </complexType>
436
437   <attributeGroup name="ApplicationGroup">
438     <attribute name="homeURL" type="anyURI"/>
439     <attribute name="REMOTE_USER" type="conf:listOfStrings"/>
440     <attribute name="unsetHeaders" type="conf:listOfStrings"/>
441     <attribute name="metadataAttributePrefix" type="conf:string"/>
442     <attribute name="attributePrefix" type="conf:string"/>
443   </attributeGroup>
444
445   <attributeGroup name="RelyingPartyGroup">
446     <attribute name="authType" type="conf:string"/>
447     <attribute name="authUsername" type="conf:string"/>
448     <attribute name="authPassword" type="conf:string"/>
449     <attribute name="signing" type="conf:bindingBoolean"/>
450     <attribute name="signingAlg" type="anyURI"/>
451     <attribute name="digestAlg" type="anyURI"/>
452     <attribute name="encryption" type="conf:bindingBoolean"/>
453     <attribute name="encryptionAlg" type="anyURI"/>
454     <attribute name="keyName" type="conf:string"/>
455     <attribute name="artifactEndpointIndex" type="unsignedShort"/>
456     <attribute name="chunkedEncoding" type="boolean"/>
457     <attribute name="connectTimeout" type="unsignedShort"/>
458     <attribute name="timeout" type="unsignedShort"/>
459     <attribute name="requireConfidentiality" type="boolean"/>
460     <attribute name="requireTransportAuth" type="boolean"/>
461     <attribute name="requireSignedAssertions" type="boolean"/>
462     <attribute name="sessionHook" type="anyURI"/>
463   </attributeGroup>
464     
465   <complexType name="SessionsType">
466     <annotation>
467       <documentation>Container for specifying protocol handlers and session policy</documentation>
468     </annotation>
469     <sequence>
470       <element name="SSO" minOccurs="0">
471         <complexType>
472           <annotation>
473             <documentation>Implicitly configures SessionInitiator and AssertionConsumerService handlers</documentation>
474           </annotation>
475           <simpleContent>
476             <extension base="conf:listOfStrings">
477               <attribute name="discoveryProtocol" type="conf:string"/>
478               <attribute name="discoveryURL" type="anyURI"/>
479               <attributeGroup ref="conf:SessionInitiatorGroup"/>
480             </extension>
481           </simpleContent>
482         </complexType>
483       </element>
484       <element name="Logout" minOccurs="0">
485         <complexType>
486           <annotation>
487             <documentation>Implicitly configures LogoutInitiator and SingleLogoutService handlers</documentation>
488           </annotation>
489           <simpleContent>
490             <extension base="conf:listOfStrings">
491               <attributeGroup ref="conf:LogoutInitiatorGroup"/>
492             </extension>
493           </simpleContent>
494         </complexType>
495       </element>
496       <element name="NameIDMgmt" type="conf:listOfStrings" minOccurs="0">
497         <annotation>
498           <documentation>Implicitly configures ManageNameIDService handlers</documentation>
499         </annotation>
500       </element>
501       <choice minOccurs="0" maxOccurs="unbounded">
502         <element ref="conf:SessionInitiator"/>
503         <element ref="conf:LogoutInitiator"/>
504         <element ref="md:AssertionConsumerService"/>
505         <element ref="md:ArtifactResolutionService"/>
506         <element ref="md:SingleLogoutService"/>
507         <element ref="md:ManageNameIDService"/>
508         <element ref="conf:Handler"/>
509       </choice>
510     </sequence>
511     <attribute name="handlerURL" type="anyURI"/>
512     <attribute name="handlerSSL" type="boolean"/>
513     <attribute name="exportLocation" type="conf:string"/>
514     <attribute name="exportACL" type="conf:listOfStrings"/>
515     <attribute name="cookieName" type="conf:string"/>
516     <attribute name="cookieProps" type="conf:string"/>
517     <attribute name="cookieLifetime" type="unsignedInt"/>
518     <attribute name="idpHistory" type="boolean"/>
519     <attribute name="idpHistoryDays" type="unsignedInt"/>
520     <attribute name="lifetime" type="unsignedInt"/>
521     <attribute name="timeout" type="unsignedInt"/>
522     <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>
523     <attribute name="checkAddress" type="boolean"/>
524     <attribute name="consistentAddress" type="boolean"/>
525     <attribute name="postData" type="conf:string"/>
526     <attribute name="postLimit" type="positiveInteger"/>
527     <attribute name="postTemplate" type="conf:string"/>
528     <attribute name="postExpire" type="boolean"/>
529     <attribute name="relayState" type="conf:string"/>
530     <attribute name="relayStateLimit" type="conf:redirectLimitType"/>
531     <attribute name="relayStateWhitelist" type="conf:listOfURIs"/>
532     <attribute name="redirectLimit" type="conf:redirectLimitType"/>
533     <attribute name="redirectWhitelist" type="conf:listOfURIs"/>
534     <anyAttribute namespace="##other" processContents="lax"/>
535   </complexType>
536
537   <attribute name="policyId" type="conf:string">
538     <annotation>
539       <documentation>Used to override Policy from profile endpoints</documentation>
540     </annotation>
541   </attribute>
542
543   <attributeGroup name="SessionInitiatorGroup">
544     <annotation>
545       <documentation>Options common to explicit and implicit SessionInitiators</documentation>
546     </annotation>
547     <attribute name="relayState" type="conf:string"/>
548     <attribute name="entityIDParam" type="conf:string"/>
549     <attribute name="entityID" type="anyURI"/>
550     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
551     <attribute name="preservedOptions" type="conf:listOfStrings"/>
552     <attribute name="template" type="anyURI"/>
553     <attribute name="postArtifact" type="boolean"/>
554     <attribute name="acsByIndex" type="boolean"/>
555     <attribute name="isPassive" type="boolean"/>
556     <attribute name="returnOnError" type="boolean"/>
557     <attribute name="forceAuthn" type="boolean"/>
558     <attribute name="authnContextClassRef" type="anyURI"/>
559     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
560     <attribute name="NameIDFormat" type="anyURI"/>
561     <attribute name="SPNameQualifier" type="conf:string"/>
562     <attribute name="requestDelegation" type="boolean"/>
563     <attribute name="target" type="anyURI"/>
564     <anyAttribute namespace="##any" processContents="lax"/>
565   </attributeGroup>
566
567   <element name="SessionInitiator">
568     <annotation>
569       <documentation>Used to specify handlers that can issue AuthnRequests or perform discovery</documentation>
570     </annotation>
571     <complexType>
572       <complexContent>
573         <restriction base="conf:PluggableType">
574           <sequence>
575             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
576           </sequence>
577           <attribute name="Location" type="anyURI"/>
578           <attribute name="id" type="conf:string"/>
579           <attribute name="isDefault" type="boolean"/>
580           <attribute name="URL" type="anyURI"/>
581           <attribute name="acsIndex" type="unsignedShort"/>
582           <attribute name="defaultACSIndex" type="unsignedShort"/>  <!-- deprecated -->
583           <attributeGroup ref="conf:SessionInitiatorGroup"/>
584         </restriction>
585       </complexContent>
586     </complexType>
587   </element>
588
589   <attributeGroup name="LogoutInitiatorGroup">
590     <annotation>
591       <documentation>Options common to explicit and implicit LogoutInitiators</documentation>
592     </annotation>
593     <attribute name="relayState" type="conf:string"/>
594     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
595     <attribute name="template" type="anyURI"/>
596     <attribute name="postArtifact" type="boolean"/>
597     <anyAttribute namespace="##any" processContents="lax"/>
598   </attributeGroup>
599
600   <element name="LogoutInitiator">
601     <annotation>
602       <documentation>Used to specify handlers that can issue LogoutRequests</documentation>
603     </annotation>
604     <complexType>
605       <complexContent>
606         <restriction base="conf:PluggableType">
607           <sequence>
608             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
609           </sequence>
610           <attribute name="Location" type="anyURI"/>
611           <attributeGroup ref="conf:LogoutInitiatorGroup"/>
612         </restriction>
613       </complexContent>
614     </complexType>
615   </element>
616
617   <element name="Handler">
618     <annotation>
619       <documentation>Used to specify custom handlers</documentation>
620     </annotation>
621     <complexType>
622       <complexContent>
623         <restriction base="conf:PluggableType">
624           <sequence>
625             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
626           </sequence>
627           <attribute name="Location" type="anyURI" use="required"/>
628           <attribute name="acl" type="conf:listOfStrings"/>
629           <anyAttribute namespace="##any" processContents="lax"/>
630         </restriction>
631       </complexContent>
632     </complexType>
633   </element>
634
635   <complexType name="ErrorsType">
636     <annotation>
637       <documentation>Container for error templates and associated details</documentation>
638     </annotation>
639     <sequence>
640       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
641     </sequence>
642     <attribute name="redirectErrors" type="anyURI"/>
643     <attribute name="session" type="anyURI"/>
644     <attribute name="metadata" type="anyURI"/>
645     <attribute name="access" type="anyURI"/>
646     <attribute name="ssl" type="anyURI"/>
647     <attribute name="localLogout" type="anyURI"/>
648     <attribute name="globalLogout" type="anyURI"/>
649     <attribute name="partialLogout" type="anyURI"/>
650     <attribute name="supportContact" type="conf:string"/>
651     <attribute name="logoLocation" type="anyURI"/>
652     <attribute name="helpLocation" type="anyURI"/>
653     <attribute name="styleSheet" type="anyURI"/>
654     <anyAttribute namespace="##any" processContents="lax"/>
655   </complexType>
656
657   <complexType name="RelyingPartyType">
658     <annotation>
659       <documentation>Container for specifying settings to use with particular peers</documentation>
660     </annotation>
661     <sequence/>
662     <attribute name="Name" type="conf:string" use="required"/>
663     <attributeGroup ref="conf:RelyingPartyGroup"/>
664     <attribute name="entityID" type="anyURI"/>
665     <anyAttribute namespace="##other" processContents="lax"/>
666   </complexType>
667
668   <complexType name="NotifyType">
669     <annotation>
670       <documentation>Used to specify locations to receive application notifications</documentation>
671     </annotation>
672     <sequence/>
673     <attribute name="Channel" use="required">
674       <simpleType>
675         <restriction base="string">
676           <enumeration value="front"/>
677           <enumeration value="back"/>
678         </restriction>
679       </simpleType>
680     </attribute>
681     <attribute name="Location" type="anyURI" use="required"/>
682     <anyAttribute namespace="##any" processContents="lax"/>
683   </complexType>
684
685   <element name="SecurityPolicies">
686     <complexType>
687       <annotation>
688         <documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>
689       </annotation>
690       <sequence>
691         <element name="Policy" minOccurs="1" maxOccurs="unbounded">
692           <annotation>
693             <documentation>Specifies a set of SecurityPolicyRule plugins</documentation>
694           </annotation>
695           <complexType>
696             <choice>
697               <element name="Rule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
698               <element name="PolicyRule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
699             </choice>
700             <attribute name="id" type="conf:string" use="required"/>
701             <attribute name="validate" type="boolean"/>
702             <anyAttribute namespace="##any" processContents="lax"/>
703           </complexType>
704         </element>
705         <choice minOccurs="0">
706           <element name="AlgorithmWhitelist" type="conf:listOfURIs"/>
707           <element name="AlgorithmBlacklist" type="conf:listOfURIs"/>
708         </choice>
709       </sequence>
710     </complexType>
711   </element>
712
713   <element name="TransportOption">
714     <annotation>
715       <documentation>Implementation-specific option to pass to SOAPTransport provider.</documentation>
716     </annotation>
717     <complexType>
718       <simpleContent>
719         <extension base="anySimpleType">
720           <attribute name="provider" type="conf:string" use="required"/>
721           <attribute name="option" type="conf:string" use="required"/>
722         </extension>
723       </simpleContent>
724     </complexType>
725   </element>
726
727   <element name="SPConfig">
728     <complexType>
729       <annotation>
730         <documentation>Root of configuration</documentation>
731       </annotation>
732       <sequence>
733         <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
734         <element name="OutOfProcess" type="conf:OutOfProcessType" minOccurs="0"/>
735         <element name="InProcess" type="conf:InProcessType" minOccurs="0"/>
736         <choice minOccurs="0">
737           <element name="UnixListener">
738             <complexType>
739               <attribute name="address" type="conf:string" use="required"/>
740               <attribute name="stackSize" type="unsignedInt"/>
741             </complexType>
742           </element>
743           <element name="TCPListener">
744             <complexType>
745               <attribute name="address" type="conf:string" use="required"/>
746               <attribute name="port" type="unsignedInt" use="required"/>
747               <attribute name="acl" type="conf:listOfStrings"/>
748               <attribute name="stackSize" type="unsignedInt"/>
749             </complexType>
750           </element>
751           <element name="Listener" type="conf:PluggableType"/>
752         </choice>
753         <element name="StorageService" type="conf:StorageServiceType" minOccurs="0" maxOccurs="unbounded"/>
754         <element name="SessionCache" type="conf:SessionCacheType" minOccurs="0"/>
755         <element name="ReplayCache" type="conf:ReplayCacheType" minOccurs="0"/>
756         <element name="ArtifactMap" type="conf:ArtifactMapType" minOccurs="0"/>
757         <element name="RequestMapper" type="conf:PluggableType" minOccurs="0"/>
758         <element name="ApplicationDefaults" type="conf:ApplicationDefaultsType"/>
759         <choice>
760           <element name="SecurityPolicyProvider" type="conf:PluggableType"/>
761           <element ref="conf:SecurityPolicies"/> <!-- deprecated -->
762         </choice>
763         <element name="ProtocolProvider" type="conf:PluggableType" minOccurs="0"/>
764         <element ref="conf:TransportOption" minOccurs="0" maxOccurs="unbounded"/>
765         <element ref="ds:Signature" minOccurs="0"/>
766       </sequence>
767       <attribute name="logger" type="anyURI"/>
768       <attribute name="clockSkew" type="unsignedInt"/>
769       <attribute name="unsafeChars" type="conf:string"/>
770       <attribute name="allowedSchemes" type="conf:listOfStrings"/>
771       <attribute name="langFromClient" type="boolean"/>
772       <attribute name="langPriority" type="conf:listOfStrings"/>
773       <attribute name="contactPriority" type="conf:listOfStrings"/>
774       <anyAttribute namespace="##other" processContents="lax"/>
775     </complexType>
776   </element>
777
778 </schema>
Unnamed repository; edit this file 'description' to name the repository.