1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
5 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6 xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
7 xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
8 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
9 elementFormDefault="qualified"
10 attributeFormDefault="unqualified"
11 blockDefault="substitution"
14 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
15 <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
16 <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/>
17 <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
21 2.0 schema for XML-based configuration of Shibboleth Native SP instances.
22 First appearing in Shibboleth 2.0 release.
26 <simpleType name="string">
27 <restriction base="string">
28 <minLength value="1"/>
32 <simpleType name="listOfStrings">
33 <list itemType="conf:string"/>
36 <simpleType name="listOfURIs">
37 <list itemType="anyURI"/>
40 <simpleType name="bindingBoolean">
41 <restriction base="string">
42 <enumeration value="true"/>
43 <enumeration value="false"/>
44 <enumeration value="front"/>
45 <enumeration value="back"/>
46 <enumeration value="conditional" />
50 <simpleType name="redirectLimitType">
51 <restriction base="string">
52 <enumeration value="none"/>
53 <enumeration value="exact"/>
54 <enumeration value="host"/>
55 <enumeration value="whitelist"/>
56 <enumeration value="exact+whitelist"/>
57 <enumeration value="host+whitelist"/>
61 <complexType name="PluggableType">
63 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
65 <attribute name="type" type="conf:string" use="required"/>
66 <anyAttribute namespace="##any" processContents="lax"/>
69 <complexType name="ExtensionsType">
71 <documentation>Container for extension libraries and custom configuration</documentation>
74 <element name="Library" minOccurs="0" maxOccurs="unbounded">
77 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
79 <attribute name="path" type="anyURI" use="required"/>
80 <attribute name="fatal" type="boolean"/>
81 <anyAttribute namespace="##any" processContents="lax"/>
84 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
88 <complexType name="StorageServiceType">
90 <documentation>References StorageService plugins</documentation>
93 <restriction base="conf:PluggableType">
95 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
97 <attribute name="id" type="ID" use="required"/>
98 <attribute name="cleanupInterval" type="unsignedInt"/>
99 <anyAttribute namespace="##any" processContents="lax"/>
104 <complexType name="SessionCacheType">
106 <documentation>References SessionCache plugins</documentation>
109 <restriction base="conf:PluggableType">
111 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
113 <attribute name="StorageService" type="IDREF"/>
114 <attribute name="cacheAllowance" type="unsignedInt"/>
115 <attribute name="cacheTimeout" type="unsignedInt"/> <!-- deprecated -->
116 <attribute name="maintainReverseIndex" type="boolean"/>
117 <attribute name="excludeReverseIndex" type="conf:listOfStrings"/>
118 <anyAttribute namespace="##any" processContents="lax"/>
123 <complexType name="ReplayCacheType">
125 <documentation>Ties ReplayCache to a custom StorageService</documentation>
128 <attribute name="StorageService" type="IDREF"/>
131 <complexType name="ArtifactMapType">
133 <documentation>Customizes an ArtifactMap</documentation>
136 <attribute name="StorageService" type="IDREF"/>
137 <attribute name="context" type="conf:string"/>
138 <attribute name="artifactTTL" type="unsignedInt"/>
141 <complexType name="OutOfProcessType">
143 <documentation>Container for out-of-process (shibd) configuration</documentation>
146 <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
147 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
149 <attribute name="logger" type="anyURI"/>
150 <attribute name="tranLogFormat" type="conf:string"/>
151 <attribute name="tranLogFiller" type="conf:string"/>
152 <attribute name="catchAll" type="boolean"/>
153 <anyAttribute namespace="##other" processContents="lax"/>
156 <complexType name="InProcessType">
159 Container for configuration of locally integrated or platform-specific
160 features (e.g. web server filters)
164 <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
165 <element name="ISAPI" minOccurs="0">
168 <element name="Site" maxOccurs="unbounded">
171 <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
173 <attribute name="id" type="unsignedInt" use="required"/>
174 <attribute name="name" type="conf:string" use="required"/>
175 <attribute name="port" type="unsignedInt"/>
176 <attribute name="sslport" type="unsignedInt"/>
177 <attribute name="scheme" type="conf:string"/>
180 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
182 <attribute name="normalizeRequest" type="boolean"/>
183 <attribute name="safeHeaderNames" type="boolean"/>
184 <anyAttribute namespace="##other" processContents="lax"/>
187 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
189 <attribute name="logger" type="anyURI"/>
190 <attribute name="unsetHeaderValue" type="conf:string"/>
191 <attribute name="checkSpoofing" type="boolean"/>
192 <attribute name="spoofKey" type="conf:string"/>
193 <attribute name="catchAll" type="boolean"/>
194 <attribute name="extraAuthTypes" type="conf:listOfStrings"/>
195 <anyAttribute namespace="##other" processContents="lax"/>
198 <element name="AccessControl" type="conf:UniOperatorType">
201 A simple example access policy language extension that supersedes Apache .htaccess
205 <complexType name="UniOperatorType">
207 <element name="AND" type="conf:MultiOperatorType"/>
208 <element name="OR" type="conf:MultiOperatorType"/>
209 <element name="NOT" type="conf:UniOperatorType"/>
210 <element name="Rule" type="conf:RuleType"/>
211 <element name="RuleRegex" type="conf:RuleRegexType"/>
214 <complexType name="MultiOperatorType">
215 <choice minOccurs="2" maxOccurs="unbounded">
216 <element name="AND" type="conf:MultiOperatorType"/>
217 <element name="OR" type="conf:MultiOperatorType"/>
218 <element name="NOT" type="conf:UniOperatorType"/>
219 <element name="Rule" type="conf:RuleType"/>
220 <element name="RuleRegex" type="conf:RuleRegexType"/>
223 <complexType name="RuleType">
225 <extension base="conf:listOfStrings">
226 <attribute name="require" type="conf:string" use="required"/>
227 <attribute name="list" type="boolean"/>
231 <complexType name="RuleRegexType">
233 <extension base="conf:string">
234 <attribute name="require" type="conf:string" use="required"/>
235 <attribute name="ignoreCase" type="boolean"/>
240 <attributeGroup name="ContentSettings">
241 <attribute name="applicationId" type="conf:string"/>
242 <attribute name="authType" type="conf:string"/>
243 <attribute name="requireSession" type="boolean"/>
244 <attribute name="requireSessionWith" type="conf:string"/>
245 <attribute name="requireLogoutWith" type="anyURI"/>
246 <attribute name="exportAssertion" type="boolean"/>
247 <attribute name="exportStdVars" type="boolean"/>
248 <attribute name="exportCookie" type="boolean"/>
249 <attribute name="redirectToSSL" type="unsignedInt"/>
250 <attribute name="entityID" type="anyURI"/>
251 <attribute name="discoveryURL" type="anyURI"/>
252 <attribute name="discoveryPolicy" type="conf:string"/>
253 <attribute name="isPassive" type="boolean"/>
254 <attribute name="returnOnError" type="boolean"/>
255 <attribute name="forceAuthn" type="boolean"/>
256 <attribute name="authnContextClassRef" type="conf:listOfURIs"/>
257 <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
258 <attribute name="NameIDFormat" type="anyURI"/>
259 <attribute name="SPNameQualifier" type="conf:string"/>
260 <attribute name="redirectErrors" type="anyURI"/>
261 <attribute name="sessionError" type="anyURI"/>
262 <attribute name="metadataError" type="anyURI"/>
263 <attribute name="accessError" type="anyURI"/>
264 <attribute name="sslError" type="anyURI"/>
265 <attribute name="target" type="anyURI"/>
266 <attribute name="acsIndex" type="unsignedShort"/>
267 <attribute name="REMOTE_ADDR" type="conf:string"/>
268 <attribute name="encoding" type="conf:string"/>
269 <anyAttribute namespace="##other" processContents="lax"/>
272 <element name="RequestMap">
275 Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
280 <choice minOccurs="0">
281 <element name="htaccess" type="conf:PluggableType"/>
282 <element ref="conf:AccessControl"/>
283 <element name="AccessControlProvider" type="conf:PluggableType"/>
285 <choice minOccurs="0" maxOccurs="unbounded">
286 <element name="Host" type="conf:HostType"/>
287 <element name="HostRegex" type="conf:HostRegexType"/>
289 <element ref="ds:Signature" minOccurs="0"/>
291 <attribute name="unicodeAware" type="boolean"/>
292 <attributeGroup ref="conf:ContentSettings"/>
296 <complexType name="HostType">
298 <choice minOccurs="0">
299 <element name="htaccess" type="conf:PluggableType"/>
300 <element ref="conf:AccessControl"/>
301 <element name="AccessControlProvider" type="conf:PluggableType"/>
303 <choice minOccurs="0" maxOccurs="unbounded">
304 <element name="Path" type="conf:PathType"/>
305 <element name="PathRegex" type="conf:PathRegexType"/>
306 <element name="Query" type="conf:QueryType"/>
309 <attribute name="scheme">
311 <restriction base="conf:string">
312 <enumeration value="http"/>
313 <enumeration value="https"/>
314 <enumeration value="ftp"/>
315 <enumeration value="ldap"/>
316 <enumeration value="ldaps"/>
320 <attribute name="name" type="conf:string" use="required"/>
321 <attribute name="port" type="unsignedInt"/>
322 <attributeGroup ref="conf:ContentSettings"/>
325 <complexType name="HostRegexType">
327 <choice minOccurs="0">
328 <element name="htaccess" type="conf:PluggableType"/>
329 <element ref="conf:AccessControl"/>
330 <element name="AccessControlProvider" type="conf:PluggableType"/>
332 <choice minOccurs="0" maxOccurs="unbounded">
333 <element name="Path" type="conf:PathType"/>
334 <element name="PathRegex" type="conf:PathRegexType"/>
335 <element name="Query" type="conf:QueryType"/>
338 <attribute name="regex" type="conf:string" use="required"/>
339 <attribute name="ignoreCase" type="boolean"/>
340 <attributeGroup ref="conf:ContentSettings"/>
343 <complexType name="PathType">
345 <choice minOccurs="0">
346 <element name="htaccess" type="conf:PluggableType"/>
347 <element ref="conf:AccessControl"/>
348 <element name="AccessControlProvider" type="conf:PluggableType"/>
350 <choice minOccurs="0" maxOccurs="unbounded">
351 <element name="Path" type="conf:PathType"/>
352 <element name="PathRegex" type="conf:PathRegexType"/>
353 <element name="Query" type="conf:QueryType"/>
356 <attribute name="name" type="conf:string" use="required"/>
357 <attributeGroup ref="conf:ContentSettings"/>
360 <complexType name="PathRegexType">
362 <choice minOccurs="0">
363 <element name="htaccess" type="conf:PluggableType"/>
364 <element ref="conf:AccessControl"/>
365 <element name="AccessControlProvider" type="conf:PluggableType"/>
367 <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
369 <attribute name="regex" type="conf:string" use="required"/>
370 <attribute name="ignoreCase" type="boolean"/>
371 <attributeGroup ref="conf:ContentSettings"/>
374 <complexType name="QueryType">
376 <choice minOccurs="0">
377 <element name="htaccess" type="conf:PluggableType"/>
378 <element ref="conf:AccessControl"/>
379 <element name="AccessControlProvider" type="conf:PluggableType"/>
381 <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
383 <attribute name="name" type="conf:string" use="required"/>
384 <attribute name="regex" type="conf:string"/>
385 <attributeGroup ref="conf:ContentSettings"/>
388 <complexType name="ApplicationDefaultsType">
390 <documentation>Container for default settings and application-specific overrides</documentation>
393 <element name="Sessions" type="conf:SessionsType"/>
394 <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
395 <choice minOccurs="0" maxOccurs="unbounded">
396 <element name="RelyingParty" type="conf:RelyingPartyType"/>
397 <element name="Notify" type="conf:NotifyType"/>
398 <element ref="saml:Audience"/>
399 <element name="MetadataProvider" type="conf:PluggableType"/>
400 <element name="TrustEngine" type="conf:PluggableType"/>
401 <element name="AttributeExtractor" type="conf:PluggableType"/>
402 <element name="AttributeResolver" type="conf:PluggableType"/>
403 <element name="AttributeFilter" type="conf:PluggableType"/>
404 <element name="CredentialResolver" type="conf:PluggableType"/>
405 <element name="ApplicationOverride" type="conf:ApplicationOverrideType"/>
408 <attribute name="id" type="conf:string" fixed="default"/>
409 <attribute name="entityID" type="anyURI" use="required"/>
410 <attributeGroup ref="conf:ApplicationGroup"/>
411 <attributeGroup ref="conf:RelyingPartyGroup"/>
412 <anyAttribute namespace="##other" processContents="lax"/>
415 <complexType name="ApplicationOverrideType">
417 <documentation>Container for application-specific overrides</documentation>
420 <element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
421 <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
422 <choice minOccurs="0" maxOccurs="unbounded">
423 <element name="RelyingParty" type="conf:RelyingPartyType"/>
424 <element name="Notify" type="conf:NotifyType"/>
425 <element ref="saml:Audience"/>
426 <element name="MetadataProvider" type="conf:PluggableType"/>
427 <element name="TrustEngine" type="conf:PluggableType"/>
428 <element name="AttributeExtractor" type="conf:PluggableType"/>
429 <element name="AttributeResolver" type="conf:PluggableType"/>
430 <element name="AttributeFilter" type="conf:PluggableType"/>
431 <element name="CredentialResolver" type="conf:PluggableType"/>
434 <attribute name="id" type="conf:string" use="required"/>
435 <attribute name="entityID" type="anyURI"/>
436 <attributeGroup ref="conf:ApplicationGroup"/>
437 <attributeGroup ref="conf:RelyingPartyGroup"/>
438 <anyAttribute namespace="##other" processContents="lax"/>
441 <attributeGroup name="ApplicationGroup">
442 <attribute name="homeURL" type="anyURI"/>
443 <attribute name="policyId" type="conf:string"/>
444 <attribute name="REMOTE_USER" type="conf:listOfStrings"/>
445 <attribute name="unsetHeaders" type="conf:listOfStrings"/>
446 <attribute name="metadataAttributePrefix" type="conf:string"/>
447 <attribute name="attributePrefix" type="conf:string"/>
448 <attribute name="requireAuthenticatedEncryption" type="boolean"/>
451 <attributeGroup name="RelyingPartyGroup">
452 <attribute name="authType" type="conf:string"/>
453 <attribute name="authUsername" type="conf:string"/>
454 <attribute name="authPassword" type="conf:string"/>
455 <attribute name="signing" type="conf:bindingBoolean"/>
456 <attribute name="signingAlg" type="anyURI"/>
457 <attribute name="digestAlg" type="anyURI"/>
458 <attribute name="encryption" type="conf:bindingBoolean"/>
459 <attribute name="encryptionAlg" type="anyURI"/>
460 <attribute name="keyName" type="conf:string"/>
461 <attribute name="artifactEndpointIndex" type="unsignedShort"/>
462 <attribute name="chunkedEncoding" type="boolean"/>
463 <attribute name="connectTimeout" type="unsignedShort"/>
464 <attribute name="timeout" type="unsignedShort"/>
465 <attribute name="cipherSuites" type="string"/>
466 <attribute name="requireConfidentiality" type="boolean"/>
467 <attribute name="requireTransportAuth" type="boolean"/>
468 <attribute name="requireSignedAssertions" type="boolean"/>
469 <attribute name="sessionHook" type="anyURI"/>
470 <attribute name="artifactByFilesystem" type="boolean"/>
473 <complexType name="SessionsType">
475 <documentation>Container for specifying protocol handlers and session policy</documentation>
478 <element name="SSO" minOccurs="0">
481 <documentation>Implicitly configures SessionInitiator and AssertionConsumerService handlers</documentation>
484 <extension base="conf:listOfStrings">
485 <attribute name="policyId" type="conf:string"/>
486 <attribute name="ignoreNoPassive" type="boolean"/>
487 <attribute name="discoveryProtocol" type="conf:string"/>
488 <attribute name="discoveryURL" type="anyURI"/>
489 <attributeGroup ref="conf:SessionInitiatorGroup"/>
494 <element name="Logout" minOccurs="0">
497 <documentation>Implicitly configures LogoutInitiator and SingleLogoutService handlers</documentation>
500 <extension base="conf:listOfStrings">
501 <attribute name="policyId" type="conf:string"/>
502 <attributeGroup ref="conf:LogoutInitiatorGroup"/>
507 <element name="NameIDMgmt" minOccurs="0">
510 <documentation>Implicitly configures ManageNameIDService handlers</documentation>
513 <extension base="conf:listOfStrings">
514 <attribute name="policyId" type="conf:string"/>
519 <choice minOccurs="0" maxOccurs="unbounded">
520 <element ref="conf:SessionInitiator"/>
521 <element ref="conf:LogoutInitiator"/>
522 <element ref="md:AssertionConsumerService"/>
523 <element ref="md:ArtifactResolutionService"/>
524 <element ref="md:SingleLogoutService"/>
525 <element ref="md:ManageNameIDService"/>
526 <element ref="conf:Handler"/>
529 <attribute name="handlerURL" type="anyURI"/>
530 <attribute name="handlerSSL" type="boolean"/>
531 <attribute name="exportLocation" type="conf:string"/>
532 <attribute name="exportACL" type="conf:listOfStrings"/>
533 <attribute name="cookieName" type="conf:string"/>
534 <attribute name="cookieProps" type="conf:string"/>
535 <attribute name="cookieLifetime" type="unsignedInt"/>
536 <attribute name="idpHistory" type="boolean"/>
537 <attribute name="idpHistoryDays" type="unsignedInt"/>
538 <attribute name="idpHistoryProps" type="conf:string"/>
539 <attribute name="lifetime" type="unsignedInt"/>
540 <attribute name="timeout" type="unsignedInt"/>
541 <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>
542 <attribute name="checkAddress" type="boolean"/>
543 <attribute name="consistentAddress" type="boolean"/>
544 <attribute name="postData" type="conf:string"/>
545 <attribute name="postLimit" type="positiveInteger"/>
546 <attribute name="postTemplate" type="conf:string"/>
547 <attribute name="postExpire" type="boolean"/>
548 <attribute name="relayState" type="conf:string"/>
549 <attribute name="relayStateLimit" type="conf:redirectLimitType"/>
550 <attribute name="relayStateWhitelist" type="conf:listOfURIs"/>
551 <attribute name="redirectLimit" type="conf:redirectLimitType"/>
552 <attribute name="redirectWhitelist" type="conf:listOfURIs"/>
553 <anyAttribute namespace="##other" processContents="lax"/>
556 <attribute name="policyId" type="conf:string">
558 <documentation>Used to override Policy from profile endpoints</documentation>
562 <attribute name="ignoreNoPassive" type="boolean">
564 <documentation>Used to ignore NoPassive errors in AssertionConsumerService endpoints</documentation>
568 <attribute name="signing" type="conf:bindingBoolean">
570 <documentation>Used to override signing property in SingleLogoutService/etc endpoints</documentation>
574 <attribute name="encryption" type="conf:bindingBoolean">
576 <documentation>Used to override encryption property in SingleLogoutService/etc endpoints</documentation>
580 <attributeGroup name="SessionInitiatorGroup">
582 <documentation>Options common to explicit and implicit SessionInitiators</documentation>
584 <attribute name="relayState" type="conf:string"/>
585 <attribute name="entityIDParam" type="conf:string"/>
586 <attribute name="entityID" type="anyURI"/>
587 <attribute name="outgoingBindings" type="conf:listOfURIs"/>
588 <attribute name="preservedOptions" type="conf:listOfStrings"/>
589 <attribute name="template" type="anyURI"/>
590 <attribute name="postArtifact" type="boolean"/>
591 <attribute name="acsByIndex" type="boolean"/>
592 <attribute name="isPassive" type="boolean"/>
593 <attribute name="returnOnError" type="boolean"/>
594 <attribute name="forceAuthn" type="boolean"/>
595 <attribute name="authnContextClassRef" type="anyURI"/>
596 <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
597 <attribute name="NameIDFormat" type="anyURI"/>
598 <attribute name="SPNameQualifier" type="conf:string"/>
599 <attribute name="requestDelegation" type="boolean"/>
600 <attribute name="target" type="anyURI"/>
601 <attribute name="discoveryPolicy" type="conf:string"/>
602 <attribute name="signing" type="conf:bindingBoolean"/>
603 <attribute name="encryption" type="conf:bindingBoolean"/>
604 <anyAttribute namespace="##any" processContents="lax"/>
607 <element name="SessionInitiator">
609 <documentation>Used to specify handlers that can issue AuthnRequests or perform discovery</documentation>
613 <restriction base="conf:PluggableType">
615 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
617 <attribute name="Location" type="anyURI"/>
618 <attribute name="id" type="conf:string"/>
619 <attribute name="isDefault" type="boolean"/>
620 <attribute name="URL" type="anyURI"/>
621 <attribute name="acsIndex" type="unsignedShort"/>
622 <attribute name="defaultACSIndex" type="unsignedShort"/> <!-- deprecated -->
623 <attributeGroup ref="conf:SessionInitiatorGroup"/>
629 <attributeGroup name="LogoutInitiatorGroup">
631 <documentation>Options common to explicit and implicit LogoutInitiators</documentation>
633 <attribute name="relayState" type="conf:string"/>
634 <attribute name="outgoingBindings" type="conf:listOfURIs"/>
635 <attribute name="template" type="anyURI"/>
636 <attribute name="postArtifact" type="boolean"/>
637 <attribute name="signing" type="conf:bindingBoolean"/>
638 <attribute name="encryption" type="conf:bindingBoolean"/>
639 <anyAttribute namespace="##any" processContents="lax"/>
642 <element name="LogoutInitiator">
644 <documentation>Used to specify handlers that can issue LogoutRequests</documentation>
648 <restriction base="conf:PluggableType">
650 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
652 <attribute name="Location" type="anyURI"/>
653 <attributeGroup ref="conf:LogoutInitiatorGroup"/>
659 <element name="Handler">
661 <documentation>Used to specify custom handlers</documentation>
665 <restriction base="conf:PluggableType">
667 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
669 <attribute name="Location" type="anyURI" use="required"/>
670 <attribute name="acl" type="conf:listOfStrings"/>
671 <anyAttribute namespace="##any" processContents="lax"/>
677 <complexType name="ErrorsType">
679 <documentation>Container for error templates and associated details</documentation>
682 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
684 <attribute name="redirectErrors" type="anyURI"/>
685 <attribute name="session" type="anyURI"/>
686 <attribute name="metadata" type="anyURI"/>
687 <attribute name="access" type="anyURI"/>
688 <attribute name="ssl" type="anyURI"/>
689 <attribute name="localLogout" type="anyURI"/>
690 <attribute name="globalLogout" type="anyURI"/>
691 <attribute name="partialLogout" type="anyURI"/>
692 <anyAttribute namespace="##any" processContents="lax"/>
695 <complexType name="RelyingPartyType">
697 <documentation>Container for specifying settings to use with particular peers</documentation>
700 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
702 <attribute name="Name" type="conf:string"/>
703 <attribute name="type" type="conf:string"/>
704 <attributeGroup ref="conf:RelyingPartyGroup"/>
705 <attribute name="entityID" type="anyURI"/>
706 <anyAttribute namespace="##any" processContents="lax"/>
709 <complexType name="NotifyType">
711 <documentation>Used to specify locations to receive application notifications</documentation>
714 <attribute name="Channel" use="required">
716 <restriction base="string">
717 <enumeration value="front"/>
718 <enumeration value="back"/>
722 <attribute name="Location" type="anyURI" use="required"/>
723 <anyAttribute namespace="##any" processContents="lax"/>
726 <element name="SecurityPolicies">
729 <documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>
732 <element name="Policy" minOccurs="1" maxOccurs="unbounded">
734 <documentation>Specifies a set of SecurityPolicyRule plugins</documentation>
738 <element name="Rule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
739 <element name="PolicyRule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
741 <attribute name="id" type="conf:string" use="required"/>
742 <attribute name="validate" type="boolean"/>
743 <anyAttribute namespace="##any" processContents="lax"/>
746 <choice minOccurs="0">
747 <element name="AlgorithmWhitelist" type="conf:listOfURIs"/>
748 <element name="AlgorithmBlacklist">
751 <extension base="conf:listOfURIs">
752 <attribute name="includeDefaultBlacklist" type="boolean"/>
762 <element name="TransportOption">
764 <documentation>Implementation-specific option to pass to SOAPTransport provider.</documentation>
768 <extension base="anySimpleType">
769 <attribute name="provider" type="conf:string" use="required"/>
770 <attribute name="option" type="conf:string" use="required"/>
776 <element name="SPConfig">
779 <documentation>Root of configuration</documentation>
782 <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
783 <element name="OutOfProcess" type="conf:OutOfProcessType" minOccurs="0"/>
784 <element name="InProcess" type="conf:InProcessType" minOccurs="0"/>
785 <choice minOccurs="0">
786 <element name="UnixListener">
788 <attribute name="address" type="conf:string" use="required"/>
789 <attribute name="stackSize" type="unsignedInt"/>
792 <element name="TCPListener">
794 <attribute name="address" type="conf:string" use="required"/>
795 <attribute name="port" type="unsignedInt" use="required"/>
796 <attribute name="acl" type="conf:listOfStrings"/>
797 <attribute name="stackSize" type="unsignedInt"/>
800 <element name="Listener" type="conf:PluggableType"/>
802 <element name="StorageService" type="conf:StorageServiceType" minOccurs="0" maxOccurs="unbounded"/>
803 <element name="SessionCache" type="conf:SessionCacheType" minOccurs="0"/>
804 <element name="ReplayCache" type="conf:ReplayCacheType" minOccurs="0"/>
805 <element name="ArtifactMap" type="conf:ArtifactMapType" minOccurs="0"/>
806 <element name="RequestMapper" type="conf:PluggableType" minOccurs="0"/>
807 <element name="ApplicationDefaults" type="conf:ApplicationDefaultsType"/>
809 <element name="SecurityPolicyProvider" type="conf:PluggableType"/>
810 <element ref="conf:SecurityPolicies"/> <!-- deprecated -->
812 <element name="ProtocolProvider" type="conf:PluggableType" minOccurs="0"/>
813 <element ref="conf:TransportOption" minOccurs="0" maxOccurs="unbounded"/>
814 <element ref="ds:Signature" minOccurs="0"/>
816 <attribute name="logger" type="anyURI"/>
817 <attribute name="clockSkew" type="unsignedInt"/>
818 <attribute name="unsafeChars" type="conf:string"/>
819 <attribute name="allowedSchemes" type="conf:listOfStrings"/>
820 <attribute name="langFromClient" type="boolean"/>
821 <attribute name="langPriority" type="conf:listOfStrings"/>
822 <attribute name="contactPriority" type="conf:listOfStrings"/>
823 <anyAttribute namespace="##other" processContents="lax"/>