projects / shibboleth / cpp-sp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
SSPCPP-689 Move up to VC14: Move header files into appropriate folders
[shibboleth/cpp-sp.git] / schemas / shibboleth-2.0-native-sp-config.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
3         xmlns="http://www.w3.org/2001/XMLSchema"
4         xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
5         xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6         xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
7         xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
8         xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
9         elementFormDefault="qualified"
10         attributeFormDefault="unqualified"
11         blockDefault="substitution"
12         version="2.6">
13
14   <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
15   <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
16   <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/>
17   <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
18
19   <annotation>
20     <documentation>
21       2.0 schema for XML-based configuration of Shibboleth Native SP instances.
22       First appearing in Shibboleth 2.0 release.
23     </documentation>
24   </annotation>
25
26   <simpleType name="string">
27     <restriction base="string">
28       <minLength value="1"/>
29     </restriction>
30   </simpleType>
31
32   <simpleType name="listOfStrings">
33     <list itemType="conf:string"/>
34   </simpleType>
35
36   <simpleType name="listOfURIs">
37     <list itemType="anyURI"/>
38   </simpleType>
39
40   <simpleType name="bindingBoolean">
41     <restriction base="string">
42       <enumeration value="true"/>
43       <enumeration value="false"/>
44       <enumeration value="front"/>
45       <enumeration value="back"/>
46       <enumeration value="conditional" />
47     </restriction>
48   </simpleType>
49
50   <simpleType name="redirectLimitType">
51     <restriction base="string">
52       <enumeration value="none"/>
53       <enumeration value="exact"/>
54       <enumeration value="host"/>
55       <enumeration value="whitelist"/>
56       <enumeration value="exact+whitelist"/>
57       <enumeration value="host+whitelist"/>
58     </restriction>
59   </simpleType>
60
61   <complexType name="PluggableType">
62     <sequence>
63       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
64     </sequence>
65     <attribute name="type" type="conf:string" use="required"/>
66     <anyAttribute namespace="##any" processContents="lax"/>
67   </complexType>
68
69   <complexType name="ExtensionsType">
70     <annotation>
71       <documentation>Container for extension libraries and custom configuration</documentation>
72     </annotation>
73     <sequence>
74       <element name="Library" minOccurs="0" maxOccurs="unbounded">
75         <complexType>
76           <sequence>
77             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
78           </sequence>
79           <attribute name="path" type="anyURI" use="required"/>
80           <attribute name="fatal" type="boolean"/>
81           <anyAttribute namespace="##any" processContents="lax"/>
82         </complexType>
83       </element>
84       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
85     </sequence>
86   </complexType>
87
88   <complexType name="StorageServiceType">
89     <annotation>
90       <documentation>References StorageService plugins</documentation>
91     </annotation>
92     <complexContent>
93       <restriction base="conf:PluggableType">
94         <sequence>
95           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
96         </sequence>
97         <attribute name="id" type="ID" use="required"/>
98         <attribute name="cleanupInterval" type="unsignedInt"/>
99         <anyAttribute namespace="##any" processContents="lax"/>
100       </restriction>
101     </complexContent>
102   </complexType>
103
104   <complexType name="SessionCacheType">
105     <annotation>
106       <documentation>References SessionCache plugins</documentation>
107     </annotation>
108     <complexContent>
109       <restriction base="conf:PluggableType">
110         <sequence>
111           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
112         </sequence>
113         <attribute name="StorageService" type="IDREF"/>
114         <attribute name="cacheAllowance" type="unsignedInt"/>
115         <attribute name="cacheTimeout" type="unsignedInt"/> <!-- deprecated -->
116         <attribute name="maintainReverseIndex" type="boolean"/>
117         <attribute name="excludeReverseIndex" type="conf:listOfStrings"/>
118         <anyAttribute namespace="##any" processContents="lax"/>
119       </restriction>
120     </complexContent>
121   </complexType>
122
123   <complexType name="ReplayCacheType">
124     <annotation>
125       <documentation>Ties ReplayCache to a custom StorageService</documentation>
126     </annotation>
127     <sequence/>
128     <attribute name="StorageService" type="IDREF"/>
129   </complexType>
130
131   <complexType name="ArtifactMapType">
132     <annotation>
133       <documentation>Customizes an ArtifactMap</documentation>
134     </annotation>
135     <sequence/>
136     <attribute name="StorageService" type="IDREF"/>
137     <attribute name="context" type="conf:string"/>
138     <attribute name="artifactTTL" type="unsignedInt"/>
139   </complexType>
140
141   <complexType name="OutOfProcessType">
142     <annotation>
143       <documentation>Container for out-of-process (shibd) configuration</documentation>
144     </annotation>
145     <sequence>
146       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
147       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
148     </sequence>
149     <attribute name="logger" type="anyURI"/>
150     <attribute name="tranLogFormat" type="conf:string"/>
151     <attribute name="tranLogFiller" type="conf:string"/>
152     <attribute name="catchAll" type="boolean"/>
153     <anyAttribute namespace="##other" processContents="lax"/>
154   </complexType>
155
156   <complexType name="InProcessType">
157     <annotation>
158       <documentation>
159         Container for configuration of locally integrated or platform-specific
160         features (e.g. web server filters)
161       </documentation>
162     </annotation>
163     <sequence>
164       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
165       <element name="ISAPI" minOccurs="0">
166         <complexType>
167           <sequence>
168             <element name="Site" maxOccurs="unbounded">
169               <complexType>
170                 <sequence>
171                   <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
172                 </sequence>
173                 <attribute name="id" type="unsignedInt" use="required"/>
174                 <attribute name="name" type="conf:string" use="required"/>
175                 <attribute name="port" type="unsignedInt"/>
176                 <attribute name="sslport" type="unsignedInt"/>
177                 <attribute name="scheme" type="conf:string"/>
178               </complexType>
179             </element>
180             <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
181           </sequence>
182           <attribute name="normalizeRequest" type="boolean"/>
183           <attribute name="safeHeaderNames" type="boolean"/>
184           <anyAttribute namespace="##other" processContents="lax"/>
185         </complexType>
186       </element>
187       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
188     </sequence>
189     <attribute name="logger" type="anyURI"/>
190     <attribute name="unsetHeaderValue" type="conf:string"/>
191     <attribute name="checkSpoofing" type="boolean"/>
192     <attribute name="spoofKey" type="conf:string"/>
193     <attribute name="catchAll" type="boolean"/>
194     <attribute name="extraAuthTypes" type="conf:listOfStrings"/>
195     <anyAttribute namespace="##other" processContents="lax"/>
196   </complexType>
197
198   <element name="AccessControl" type="conf:UniOperatorType">
199     <annotation>
200       <documentation>
201         A simple example access policy language extension that supersedes Apache .htaccess
202       </documentation>
203     </annotation>
204   </element>
205   <complexType name="UniOperatorType">
206     <choice>
207       <element name="AND" type="conf:MultiOperatorType"/>
208       <element name="OR" type="conf:MultiOperatorType"/>
209       <element name="NOT" type="conf:UniOperatorType"/>
210       <element name="Rule" type="conf:RuleType"/>
211       <element name="RuleRegex" type="conf:RuleRegexType"/>
212     </choice>
213   </complexType>
214   <complexType name="MultiOperatorType">
215     <choice minOccurs="2" maxOccurs="unbounded">
216       <element name="AND" type="conf:MultiOperatorType"/>
217       <element name="OR" type="conf:MultiOperatorType"/>
218       <element name="NOT" type="conf:UniOperatorType"/>
219       <element name="Rule" type="conf:RuleType"/>
220       <element name="RuleRegex" type="conf:RuleRegexType"/>
221     </choice>
222   </complexType>
223   <complexType name="RuleType">
224     <simpleContent>
225       <extension base="conf:listOfStrings">
226         <attribute name="require" type="conf:string" use="required"/>
227         <attribute name="list" type="boolean"/>
228       </extension>
229     </simpleContent>
230   </complexType>
231   <complexType name="RuleRegexType">
232     <simpleContent>
233       <extension base="conf:string">
234         <attribute name="require" type="conf:string" use="required"/>
235         <attribute name="ignoreCase" type="boolean"/>
236       </extension>
237     </simpleContent>
238   </complexType>
239
240   <attributeGroup name="ContentSettings">
241     <attribute name="applicationId" type="conf:string"/>
242     <attribute name="authType" type="conf:string"/>
243     <attribute name="requireSession" type="boolean"/>
244     <attribute name="requireSessionWith" type="conf:string"/>
245     <attribute name="requireLogoutWith" type="anyURI"/>
246     <attribute name="exportAssertion" type="boolean"/>
247     <attribute name="exportStdVars" type="boolean"/>
248     <attribute name="exportCookie" type="boolean"/>
249     <attribute name="redirectToSSL" type="unsignedInt"/>
250     <attribute name="entityID" type="anyURI"/>
251     <attribute name="discoveryURL" type="anyURI"/>
252     <attribute name="discoveryPolicy" type="conf:string"/>
253     <attribute name="isPassive" type="boolean"/>
254     <attribute name="returnOnError" type="boolean"/>
255     <attribute name="forceAuthn" type="boolean"/>
256     <attribute name="authnContextClassRef" type="conf:listOfURIs"/>
257     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
258     <attribute name="NameIDFormat" type="anyURI"/>
259     <attribute name="SPNameQualifier" type="conf:string"/>
260     <attribute name="redirectErrors" type="anyURI"/>
261     <attribute name="sessionError" type="anyURI"/>
262     <attribute name="metadataError" type="anyURI"/>
263     <attribute name="accessError" type="anyURI"/>
264     <attribute name="sslError" type="anyURI"/>
265     <attribute name="target" type="anyURI"/>
266     <attribute name="acsIndex" type="unsignedShort"/>
267     <attribute name="REMOTE_ADDR" type="conf:string"/>
268     <attribute name="encoding" type="conf:string"/>
269     <anyAttribute namespace="##other" processContents="lax"/>
270   </attributeGroup>
271
272   <element name="RequestMap">
273     <annotation>
274       <documentation>
275         Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
276       </documentation>
277     </annotation>
278     <complexType>
279       <sequence>
280         <choice minOccurs="0">
281           <element name="htaccess" type="conf:PluggableType"/>
282           <element ref="conf:AccessControl"/>
283           <element name="AccessControlProvider" type="conf:PluggableType"/>
284         </choice>
285         <choice minOccurs="0" maxOccurs="unbounded">
286           <element name="Host" type="conf:HostType"/>
287           <element name="HostRegex" type="conf:HostRegexType"/>
288         </choice>
289         <element ref="ds:Signature" minOccurs="0"/>
290       </sequence>
291       <attribute name="unicodeAware" type="boolean"/>
292       <attributeGroup ref="conf:ContentSettings"/>
293     </complexType>
294   </element>
295
296   <complexType name="HostType">
297     <sequence>
298       <choice minOccurs="0">
299         <element name="htaccess" type="conf:PluggableType"/>
300         <element ref="conf:AccessControl"/>
301         <element name="AccessControlProvider" type="conf:PluggableType"/>
302       </choice>
303       <choice minOccurs="0" maxOccurs="unbounded">
304         <element name="Path" type="conf:PathType"/>
305         <element name="PathRegex" type="conf:PathRegexType"/>
306         <element name="Query" type="conf:QueryType"/>
307       </choice>
308     </sequence>
309     <attribute name="scheme">
310       <simpleType>
311         <restriction base="conf:string">
312           <enumeration value="http"/>
313           <enumeration value="https"/>
314           <enumeration value="ftp"/>
315           <enumeration value="ldap"/>
316           <enumeration value="ldaps"/>
317         </restriction>
318       </simpleType>
319     </attribute>
320     <attribute name="name" type="conf:string" use="required"/>
321     <attribute name="port" type="unsignedInt"/>
322     <attributeGroup ref="conf:ContentSettings"/>
323   </complexType>
324
325   <complexType name="HostRegexType">
326     <sequence>
327       <choice minOccurs="0">
328         <element name="htaccess" type="conf:PluggableType"/>
329         <element ref="conf:AccessControl"/>
330         <element name="AccessControlProvider" type="conf:PluggableType"/>
331       </choice>
332       <choice minOccurs="0" maxOccurs="unbounded">
333         <element name="Path" type="conf:PathType"/>
334         <element name="PathRegex" type="conf:PathRegexType"/>
335         <element name="Query" type="conf:QueryType"/>
336       </choice>
337     </sequence>
338     <attribute name="regex" type="conf:string" use="required"/>
339     <attribute name="ignoreCase" type="boolean"/>
340     <attributeGroup ref="conf:ContentSettings"/>
341   </complexType>
342
343   <complexType name="PathType">
344     <sequence>
345       <choice minOccurs="0">
346         <element name="htaccess" type="conf:PluggableType"/>
347         <element ref="conf:AccessControl"/>
348         <element name="AccessControlProvider" type="conf:PluggableType"/>
349       </choice>
350       <choice minOccurs="0" maxOccurs="unbounded">
351         <element name="Path" type="conf:PathType"/>
352         <element name="PathRegex" type="conf:PathRegexType"/>
353         <element name="Query" type="conf:QueryType"/>
354       </choice>
355     </sequence>
356     <attribute name="name" type="conf:string" use="required"/>
357     <attributeGroup ref="conf:ContentSettings"/>
358   </complexType>
359
360   <complexType name="PathRegexType">
361     <sequence>
362       <choice minOccurs="0">
363         <element name="htaccess" type="conf:PluggableType"/>
364         <element ref="conf:AccessControl"/>
365         <element name="AccessControlProvider" type="conf:PluggableType"/>
366       </choice>
367       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
368     </sequence>
369     <attribute name="regex" type="conf:string" use="required"/>
370     <attribute name="ignoreCase" type="boolean"/>
371     <attributeGroup ref="conf:ContentSettings"/>
372   </complexType>
373
374   <complexType name="QueryType">
375     <sequence>
376       <choice minOccurs="0">
377         <element name="htaccess" type="conf:PluggableType"/>
378         <element ref="conf:AccessControl"/>
379         <element name="AccessControlProvider" type="conf:PluggableType"/>
380       </choice>
381       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
382     </sequence>
383     <attribute name="name" type="conf:string" use="required"/>
384     <attribute name="regex" type="conf:string"/>
385     <attributeGroup ref="conf:ContentSettings"/>
386   </complexType>
387
388   <complexType name="ApplicationDefaultsType">
389     <annotation>
390       <documentation>Container for default settings and application-specific overrides</documentation>
391     </annotation>
392     <sequence>
393       <element name="Sessions" type="conf:SessionsType"/>
394       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
395       <choice minOccurs="0" maxOccurs="unbounded">
396         <element name="RelyingParty" type="conf:RelyingPartyType"/>
397         <element name="Notify" type="conf:NotifyType"/>
398         <element ref="saml:Audience"/>
399         <element name="MetadataProvider" type="conf:PluggableType"/>
400         <element name="TrustEngine" type="conf:PluggableType"/>
401         <element name="AttributeExtractor" type="conf:PluggableType"/>
402         <element name="AttributeResolver" type="conf:PluggableType"/>
403         <element name="AttributeFilter" type="conf:PluggableType"/>
404         <element name="CredentialResolver" type="conf:PluggableType"/>
405         <element name="ApplicationOverride" type="conf:ApplicationOverrideType"/>
406       </choice>
407     </sequence>
408     <attribute name="id" type="conf:string" fixed="default"/>
409     <attribute name="entityID" type="anyURI" use="required"/>
410     <attributeGroup ref="conf:ApplicationGroup"/>
411     <attributeGroup ref="conf:RelyingPartyGroup"/>
412     <anyAttribute namespace="##other" processContents="lax"/>
413   </complexType>
414
415   <complexType name="ApplicationOverrideType">
416     <annotation>
417       <documentation>Container for application-specific overrides</documentation>
418     </annotation>
419     <sequence>
420       <element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
421       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
422       <choice minOccurs="0" maxOccurs="unbounded">
423         <element name="RelyingParty" type="conf:RelyingPartyType"/>
424         <element name="Notify" type="conf:NotifyType"/>
425         <element ref="saml:Audience"/>
426         <element name="MetadataProvider" type="conf:PluggableType"/>
427         <element name="TrustEngine" type="conf:PluggableType"/>
428         <element name="AttributeExtractor" type="conf:PluggableType"/>
429         <element name="AttributeResolver" type="conf:PluggableType"/>
430         <element name="AttributeFilter" type="conf:PluggableType"/>
431         <element name="CredentialResolver" type="conf:PluggableType"/>
432       </choice>
433     </sequence>
434     <attribute name="id" type="conf:string" use="required"/>
435     <attribute name="entityID" type="anyURI"/>
436     <attributeGroup ref="conf:ApplicationGroup"/>
437     <attributeGroup ref="conf:RelyingPartyGroup"/>
438     <anyAttribute namespace="##other" processContents="lax"/>
439   </complexType>
440
441   <attributeGroup name="ApplicationGroup">
442     <attribute name="homeURL" type="anyURI"/>
443     <attribute name="policyId" type="conf:string"/>
444     <attribute name="REMOTE_USER" type="conf:listOfStrings"/>
445     <attribute name="unsetHeaders" type="conf:listOfStrings"/>
446     <attribute name="metadataAttributePrefix" type="conf:string"/>
447     <attribute name="attributePrefix" type="conf:string"/>
448     <attribute name="requireAuthenticatedEncryption" type="boolean"/>
449   </attributeGroup>
450
451   <attributeGroup name="RelyingPartyGroup">
452     <attribute name="authType" type="conf:string"/>
453     <attribute name="authUsername" type="conf:string"/>
454     <attribute name="authPassword" type="conf:string"/>
455     <attribute name="signing" type="conf:bindingBoolean"/>
456     <attribute name="signingAlg" type="anyURI"/>
457     <attribute name="digestAlg" type="anyURI"/>
458     <attribute name="encryption" type="conf:bindingBoolean"/>
459     <attribute name="encryptionAlg" type="anyURI"/>
460     <attribute name="keyName" type="conf:string"/>
461     <attribute name="artifactEndpointIndex" type="unsignedShort"/>
462     <attribute name="chunkedEncoding" type="boolean"/>
463     <attribute name="connectTimeout" type="unsignedShort"/>
464     <attribute name="timeout" type="unsignedShort"/>
465     <attribute name="cipherSuites" type="string"/>
466     <attribute name="requireConfidentiality" type="boolean"/>
467     <attribute name="requireTransportAuth" type="boolean"/>
468     <attribute name="requireSignedAssertions" type="boolean"/>
469     <attribute name="sessionHook" type="anyURI"/>
470     <attribute name="artifactByFilesystem" type="boolean"/>
471   </attributeGroup>
472     
473   <complexType name="SessionsType">
474     <annotation>
475       <documentation>Container for specifying protocol handlers and session policy</documentation>
476     </annotation>
477     <sequence>
478       <element name="SSO" minOccurs="0">
479         <complexType>
480           <annotation>
481             <documentation>Implicitly configures SessionInitiator and AssertionConsumerService handlers</documentation>
482           </annotation>
483           <simpleContent>
484             <extension base="conf:listOfStrings">
485               <attribute name="policyId" type="conf:string"/>
486               <attribute name="ignoreNoPassive" type="boolean"/>
487               <attribute name="discoveryProtocol" type="conf:string"/>
488               <attribute name="discoveryURL" type="anyURI"/>
489               <attributeGroup ref="conf:SessionInitiatorGroup"/>
490             </extension>
491           </simpleContent>
492         </complexType>
493       </element>
494       <element name="Logout" minOccurs="0">
495         <complexType>
496           <annotation>
497             <documentation>Implicitly configures LogoutInitiator and SingleLogoutService handlers</documentation>
498           </annotation>
499           <simpleContent>
500             <extension base="conf:listOfStrings">
501               <attribute name="policyId" type="conf:string"/>
502               <attributeGroup ref="conf:LogoutInitiatorGroup"/>
503             </extension>
504           </simpleContent>
505         </complexType>
506       </element>
507       <element name="NameIDMgmt" minOccurs="0">
508         <complexType>
509           <annotation>
510             <documentation>Implicitly configures ManageNameIDService handlers</documentation>
511           </annotation>
512           <simpleContent>
513             <extension base="conf:listOfStrings">
514               <attribute name="policyId" type="conf:string"/>
515             </extension>
516           </simpleContent>
517         </complexType>
518       </element>
519       <choice minOccurs="0" maxOccurs="unbounded">
520         <element ref="conf:SessionInitiator"/>
521         <element ref="conf:LogoutInitiator"/>
522         <element ref="md:AssertionConsumerService"/>
523         <element ref="md:ArtifactResolutionService"/>
524         <element ref="md:SingleLogoutService"/>
525         <element ref="md:ManageNameIDService"/>
526         <element ref="conf:Handler"/>
527       </choice>
528     </sequence>
529     <attribute name="handlerURL" type="anyURI"/>
530     <attribute name="handlerSSL" type="boolean"/>
531     <attribute name="exportLocation" type="conf:string"/>
532     <attribute name="exportACL" type="conf:listOfStrings"/>
533     <attribute name="cookieName" type="conf:string"/>
534     <attribute name="cookieProps" type="conf:string"/>
535     <attribute name="cookieLifetime" type="unsignedInt"/>
536     <attribute name="idpHistory" type="boolean"/>
537     <attribute name="idpHistoryDays" type="unsignedInt"/>
538     <attribute name="idpHistoryProps" type="conf:string"/>
539     <attribute name="lifetime" type="unsignedInt"/>
540     <attribute name="timeout" type="unsignedInt"/>
541     <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>
542     <attribute name="checkAddress" type="boolean"/>
543     <attribute name="consistentAddress" type="boolean"/>
544     <attribute name="postData" type="conf:string"/>
545     <attribute name="postLimit" type="positiveInteger"/>
546     <attribute name="postTemplate" type="conf:string"/>
547     <attribute name="postExpire" type="boolean"/>
548     <attribute name="relayState" type="conf:string"/>
549     <attribute name="relayStateLimit" type="conf:redirectLimitType"/>
550     <attribute name="relayStateWhitelist" type="conf:listOfURIs"/>
551     <attribute name="redirectLimit" type="conf:redirectLimitType"/>
552     <attribute name="redirectWhitelist" type="conf:listOfURIs"/>
553     <anyAttribute namespace="##other" processContents="lax"/>
554   </complexType>
555
556   <attribute name="policyId" type="conf:string">
557     <annotation>
558       <documentation>Used to override Policy from profile endpoints</documentation>
559     </annotation>
560   </attribute>
561
562   <attribute name="ignoreNoPassive" type="boolean">
563     <annotation>
564       <documentation>Used to ignore NoPassive errors in AssertionConsumerService endpoints</documentation>
565     </annotation>
566   </attribute>
567
568   <attribute name="signing" type="conf:bindingBoolean">
569     <annotation>
570       <documentation>Used to override signing property in SingleLogoutService/etc endpoints</documentation>
571     </annotation>
572   </attribute>
573
574   <attribute name="encryption" type="conf:bindingBoolean">
575     <annotation>
576       <documentation>Used to override encryption property in SingleLogoutService/etc endpoints</documentation>
577     </annotation>
578   </attribute>
579   
580   <attributeGroup name="SessionInitiatorGroup">
581     <annotation>
582       <documentation>Options common to explicit and implicit SessionInitiators</documentation>
583     </annotation>
584     <attribute name="relayState" type="conf:string"/>
585     <attribute name="entityIDParam" type="conf:string"/>
586     <attribute name="entityID" type="anyURI"/>
587     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
588     <attribute name="preservedOptions" type="conf:listOfStrings"/>
589     <attribute name="template" type="anyURI"/>
590     <attribute name="postArtifact" type="boolean"/>
591     <attribute name="acsByIndex" type="boolean"/>
592     <attribute name="isPassive" type="boolean"/>
593     <attribute name="returnOnError" type="boolean"/>
594     <attribute name="forceAuthn" type="boolean"/>
595     <attribute name="authnContextClassRef" type="anyURI"/>
596     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
597     <attribute name="NameIDFormat" type="anyURI"/>
598     <attribute name="SPNameQualifier" type="conf:string"/>
599     <attribute name="requestDelegation" type="boolean"/>
600     <attribute name="target" type="anyURI"/>
601     <attribute name="discoveryPolicy" type="conf:string"/>
602     <attribute name="signing" type="conf:bindingBoolean"/>
603     <attribute name="encryption" type="conf:bindingBoolean"/>    
604     <anyAttribute namespace="##any" processContents="lax"/>
605   </attributeGroup>
606
607   <element name="SessionInitiator">
608     <annotation>
609       <documentation>Used to specify handlers that can issue AuthnRequests or perform discovery</documentation>
610     </annotation>
611     <complexType>
612       <complexContent>
613         <restriction base="conf:PluggableType">
614           <sequence>
615             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
616           </sequence>
617           <attribute name="Location" type="anyURI"/>
618           <attribute name="id" type="conf:string"/>
619           <attribute name="isDefault" type="boolean"/>
620           <attribute name="URL" type="anyURI"/>
621           <attribute name="acsIndex" type="unsignedShort"/>
622           <attribute name="defaultACSIndex" type="unsignedShort"/>  <!-- deprecated -->
623           <attributeGroup ref="conf:SessionInitiatorGroup"/>
624         </restriction>
625       </complexContent>
626     </complexType>
627   </element>
628
629   <attributeGroup name="LogoutInitiatorGroup">
630     <annotation>
631       <documentation>Options common to explicit and implicit LogoutInitiators</documentation>
632     </annotation>
633     <attribute name="relayState" type="conf:string"/>
634     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
635     <attribute name="template" type="anyURI"/>
636     <attribute name="postArtifact" type="boolean"/>
637     <attribute name="signing" type="conf:bindingBoolean"/>
638     <attribute name="encryption" type="conf:bindingBoolean"/>    
639     <anyAttribute namespace="##any" processContents="lax"/>
640   </attributeGroup>
641
642   <element name="LogoutInitiator">
643     <annotation>
644       <documentation>Used to specify handlers that can issue LogoutRequests</documentation>
645     </annotation>
646     <complexType>
647       <complexContent>
648         <restriction base="conf:PluggableType">
649           <sequence>
650             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
651           </sequence>
652           <attribute name="Location" type="anyURI"/>
653           <attributeGroup ref="conf:LogoutInitiatorGroup"/>
654         </restriction>
655       </complexContent>
656     </complexType>
657   </element>
658
659   <element name="Handler">
660     <annotation>
661       <documentation>Used to specify custom handlers</documentation>
662     </annotation>
663     <complexType>
664       <complexContent>
665         <restriction base="conf:PluggableType">
666           <sequence>
667             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
668           </sequence>
669           <attribute name="Location" type="anyURI" use="required"/>
670           <attribute name="acl" type="conf:listOfStrings"/>
671           <anyAttribute namespace="##any" processContents="lax"/>
672         </restriction>
673       </complexContent>
674     </complexType>
675   </element>
676
677   <complexType name="ErrorsType">
678     <annotation>
679       <documentation>Container for error templates and associated details</documentation>
680     </annotation>
681     <sequence>
682       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
683     </sequence>
684     <attribute name="redirectErrors" type="anyURI"/>
685     <attribute name="session" type="anyURI"/>
686     <attribute name="metadata" type="anyURI"/>
687     <attribute name="access" type="anyURI"/>
688     <attribute name="ssl" type="anyURI"/>
689     <attribute name="localLogout" type="anyURI"/>
690     <attribute name="globalLogout" type="anyURI"/>
691     <attribute name="partialLogout" type="anyURI"/>
692     <anyAttribute namespace="##any" processContents="lax"/>
693   </complexType>
694
695   <complexType name="RelyingPartyType">
696     <annotation>
697       <documentation>Container for specifying settings to use with particular peers</documentation>
698     </annotation>
699     <sequence>
700       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
701     </sequence>
702     <attribute name="Name" type="conf:string"/>
703     <attribute name="type" type="conf:string"/>
704     <attributeGroup ref="conf:RelyingPartyGroup"/>
705     <attribute name="entityID" type="anyURI"/>
706     <anyAttribute namespace="##any" processContents="lax"/>
707   </complexType>
708
709   <complexType name="NotifyType">
710     <annotation>
711       <documentation>Used to specify locations to receive application notifications</documentation>
712     </annotation>
713     <sequence/>
714     <attribute name="Channel" use="required">
715       <simpleType>
716         <restriction base="string">
717           <enumeration value="front"/>
718           <enumeration value="back"/>
719         </restriction>
720       </simpleType>
721     </attribute>
722     <attribute name="Location" type="anyURI" use="required"/>
723     <anyAttribute namespace="##any" processContents="lax"/>
724   </complexType>
725
726   <element name="SecurityPolicies">
727     <complexType>
728       <annotation>
729         <documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>
730       </annotation>
731       <sequence>
732         <element name="Policy" minOccurs="1" maxOccurs="unbounded">
733           <annotation>
734             <documentation>Specifies a set of SecurityPolicyRule plugins</documentation>
735           </annotation>
736           <complexType>
737             <choice>
738               <element name="Rule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
739               <element name="PolicyRule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
740             </choice>
741             <attribute name="id" type="conf:string" use="required"/>
742             <attribute name="validate" type="boolean"/>
743             <anyAttribute namespace="##any" processContents="lax"/>
744           </complexType>
745         </element>
746         <choice minOccurs="0">
747           <element name="AlgorithmWhitelist" type="conf:listOfURIs"/>
748           <element name="AlgorithmBlacklist">
749             <complexType>
750               <simpleContent>
751                 <extension base="conf:listOfURIs">
752                   <attribute name="includeDefaultBlacklist" type="boolean"/>
753                 </extension>
754               </simpleContent>
755             </complexType>
756           </element>
757         </choice>
758       </sequence>
759     </complexType>
760   </element>
761
762   <element name="TransportOption">
763     <annotation>
764       <documentation>Implementation-specific option to pass to SOAPTransport provider.</documentation>
765     </annotation>
766     <complexType>
767       <simpleContent>
768         <extension base="anySimpleType">
769           <attribute name="provider" type="conf:string" use="required"/>
770           <attribute name="option" type="conf:string" use="required"/>
771         </extension>
772       </simpleContent>
773     </complexType>
774   </element>
775
776   <element name="SPConfig">
777     <complexType>
778       <annotation>
779         <documentation>Root of configuration</documentation>
780       </annotation>
781       <sequence>
782         <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
783         <element name="OutOfProcess" type="conf:OutOfProcessType" minOccurs="0"/>
784         <element name="InProcess" type="conf:InProcessType" minOccurs="0"/>
785         <choice minOccurs="0">
786           <element name="UnixListener">
787             <complexType>
788               <attribute name="address" type="conf:string" use="required"/>
789               <attribute name="stackSize" type="unsignedInt"/>
790             </complexType>
791           </element>
792           <element name="TCPListener">
793             <complexType>
794               <attribute name="address" type="conf:string" use="required"/>
795               <attribute name="port" type="unsignedInt" use="required"/>
796               <attribute name="acl" type="conf:listOfStrings"/>
797               <attribute name="stackSize" type="unsignedInt"/>
798             </complexType>
799           </element>
800           <element name="Listener" type="conf:PluggableType"/>
801         </choice>
802         <element name="StorageService" type="conf:StorageServiceType" minOccurs="0" maxOccurs="unbounded"/>
803         <element name="SessionCache" type="conf:SessionCacheType" minOccurs="0"/>
804         <element name="ReplayCache" type="conf:ReplayCacheType" minOccurs="0"/>
805         <element name="ArtifactMap" type="conf:ArtifactMapType" minOccurs="0"/>
806         <element name="RequestMapper" type="conf:PluggableType" minOccurs="0"/>
807         <element name="ApplicationDefaults" type="conf:ApplicationDefaultsType"/>
808         <choice>
809           <element name="SecurityPolicyProvider" type="conf:PluggableType"/>
810           <element ref="conf:SecurityPolicies"/> <!-- deprecated -->
811         </choice>
812         <element name="ProtocolProvider" type="conf:PluggableType" minOccurs="0"/>
813         <element ref="conf:TransportOption" minOccurs="0" maxOccurs="unbounded"/>
814         <element ref="ds:Signature" minOccurs="0"/>
815       </sequence>
816       <attribute name="logger" type="anyURI"/>
817       <attribute name="clockSkew" type="unsignedInt"/>
818       <attribute name="unsafeChars" type="conf:string"/>
819       <attribute name="allowedSchemes" type="conf:listOfStrings"/>
820       <attribute name="langFromClient" type="boolean"/>
821       <attribute name="langPriority" type="conf:listOfStrings"/>
822       <attribute name="contactPriority" type="conf:listOfStrings"/>
823       <anyAttribute namespace="##other" processContents="lax"/>
824     </complexType>
825   </element>
826
827 </schema>
Unnamed repository; edit this file 'description' to name the repository.