projects / shibboleth / cpp-sp.git / blob
? search:


582ed12afb7fa93e12d0225469efc3f2dff04e8b
[shibboleth/cpp-sp.git] / schemas / shibboleth-2.0-native-sp-config.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
3         xmlns="http://www.w3.org/2001/XMLSchema"
4         xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
5         xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6         xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
7         xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
8         xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
9         elementFormDefault="qualified"
10         attributeFormDefault="unqualified"
11         blockDefault="substitution"
12         version="2.6">
13
14   <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
15   <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
16   <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/>
17   <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
18
19   <annotation>
20     <documentation>
21       2.0 schema for XML-based configuration of Shibboleth Native SP instances.
22       First appearing in Shibboleth 2.0 release.
23     </documentation>
24   </annotation>
25
26   <simpleType name="string">
27     <restriction base="string">
28       <minLength value="1"/>
29     </restriction>
30   </simpleType>
31
32   <simpleType name="listOfStrings">
33     <list itemType="conf:string"/>
34   </simpleType>
35
36   <simpleType name="listOfURIs">
37     <list itemType="anyURI"/>
38   </simpleType>
39
40   <simpleType name="bindingBoolean">
41     <restriction base="string">
42       <enumeration value="true"/>
43       <enumeration value="false"/>
44       <enumeration value="front"/>
45       <enumeration value="back"/>
46       <enumeration value="conditional" />
47     </restriction>
48   </simpleType>
49
50   <simpleType name="redirectLimitType">
51     <restriction base="string">
52       <enumeration value="none"/>
53       <enumeration value="exact"/>
54       <enumeration value="host"/>
55       <enumeration value="whitelist"/>
56       <enumeration value="exact+whitelist"/>
57       <enumeration value="host+whitelist"/>
58     </restriction>
59   </simpleType>
60
61   <complexType name="PluggableType">
62     <sequence>
63       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
64     </sequence>
65     <attribute name="type" type="conf:string" use="required"/>
66     <anyAttribute namespace="##any" processContents="lax"/>
67   </complexType>
68
69   <complexType name="ExtensionsType">
70     <annotation>
71       <documentation>Container for extension libraries and custom configuration</documentation>
72     </annotation>
73     <sequence>
74       <element name="Library" minOccurs="0" maxOccurs="unbounded">
75         <complexType>
76           <sequence>
77             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
78           </sequence>
79           <attribute name="path" type="anyURI" use="required"/>
80           <attribute name="fatal" type="boolean"/>
81           <anyAttribute namespace="##any" processContents="lax"/>
82         </complexType>
83       </element>
84       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
85     </sequence>
86   </complexType>
87
88   <complexType name="StorageServiceType">
89     <annotation>
90       <documentation>References StorageService plugins</documentation>
91     </annotation>
92     <complexContent>
93       <restriction base="conf:PluggableType">
94         <sequence>
95           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
96         </sequence>
97         <attribute name="id" type="ID" use="required"/>
98         <attribute name="cleanupInterval" type="unsignedInt"/>
99         <anyAttribute namespace="##any" processContents="lax"/>
100       </restriction>
101     </complexContent>
102   </complexType>
103
104   <complexType name="SessionCacheType">
105     <annotation>
106       <documentation>References SessionCache plugins</documentation>
107     </annotation>
108     <complexContent>
109       <restriction base="conf:PluggableType">
110         <sequence>
111           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
112         </sequence>
113         <attribute name="StorageService" type="IDREF"/>
114         <attribute name="cacheAllowance" type="unsignedInt"/>
115         <attribute name="cacheTimeout" type="unsignedInt"/> <!-- deprecated -->
116         <attribute name="maintainReverseIndex" type="boolean"/>
117         <attribute name="excludeReverseIndex" type="conf:listOfStrings"/>
118         <anyAttribute namespace="##any" processContents="lax"/>
119       </restriction>
120     </complexContent>
121   </complexType>
122
123   <complexType name="ReplayCacheType">
124     <annotation>
125       <documentation>Ties ReplayCache to a custom StorageService</documentation>
126     </annotation>
127     <sequence/>
128     <attribute name="StorageService" type="IDREF"/>
129   </complexType>
130
131   <complexType name="ArtifactMapType">
132     <annotation>
133       <documentation>Customizes an ArtifactMap</documentation>
134     </annotation>
135     <sequence/>
136     <attribute name="StorageService" type="IDREF"/>
137     <attribute name="context" type="conf:string"/>
138     <attribute name="artifactTTL" type="unsignedInt"/>
139   </complexType>
140
141   <complexType name="OutOfProcessType">
142     <annotation>
143       <documentation>Container for out-of-process (shibd) configuration</documentation>
144     </annotation>
145     <sequence>
146       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
147       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
148     </sequence>
149     <attribute name="logger" type="anyURI"/>
150     <attribute name="tranLogFormat" type="conf:string"/>
151     <attribute name="tranLogFiller" type="conf:string"/>
152     <attribute name="catchAll" type="boolean"/>
153     <anyAttribute namespace="##other" processContents="lax"/>
154   </complexType>
155
156   <complexType name="InProcessType">
157     <annotation>
158       <documentation>
159         Container for configuration of locally integrated or platform-specific
160         features (e.g. web server filters)
161       </documentation>
162     </annotation>
163     <sequence>
164       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
165       <element name="ISAPI" minOccurs="0">
166         <complexType>
167           <sequence>
168             <element name="Site" maxOccurs="unbounded">
169               <complexType>
170                 <sequence>
171                   <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
172                 </sequence>
173                 <attribute name="id" type="unsignedInt" use="required"/>
174                 <attribute name="name" type="conf:string" use="required"/>
175                 <attribute name="port" type="unsignedInt"/>
176                 <attribute name="sslport" type="unsignedInt"/>
177                 <attribute name="scheme" type="conf:string"/>
178               </complexType>
179             </element>
180             <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
181           </sequence>
182           <attribute name="normalizeRequest" type="boolean"/>
183           <attribute name="safeHeaderNames" type="boolean"/>
184           <anyAttribute namespace="##other" processContents="lax"/>
185         </complexType>
186       </element>
187       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
188     </sequence>
189     <attribute name="logger" type="anyURI"/>
190     <attribute name="unsetHeaderValue" type="conf:string"/>
191     <attribute name="checkSpoofing" type="boolean"/>
192     <attribute name="spoofKey" type="conf:string"/>
193     <attribute name="catchAll" type="boolean"/>
194     <attribute name="extraAuthTypes" type="conf:listOfStrings"/>
195     <anyAttribute namespace="##other" processContents="lax"/>
196   </complexType>
197
198   <element name="AccessControl" type="conf:UniOperatorType">
199     <annotation>
200       <documentation>
201         A simple example access policy language extension that supersedes Apache .htaccess
202       </documentation>
203     </annotation>
204   </element>
205   <complexType name="UniOperatorType">
206     <choice>
207       <element name="AND" type="conf:MultiOperatorType"/>
208       <element name="OR" type="conf:MultiOperatorType"/>
209       <element name="NOT" type="conf:UniOperatorType"/>
210       <element name="Rule" type="conf:RuleType"/>
211       <element name="RuleRegex" type="conf:RuleRegexType"/>
212     </choice>
213   </complexType>
214   <complexType name="MultiOperatorType">
215     <choice minOccurs="2" maxOccurs="unbounded">
216       <element name="AND" type="conf:MultiOperatorType"/>
217       <element name="OR" type="conf:MultiOperatorType"/>
218       <element name="NOT" type="conf:UniOperatorType"/>
219       <element name="Rule" type="conf:RuleType"/>
220       <element name="RuleRegex" type="conf:RuleRegexType"/>
221     </choice>
222   </complexType>
223   <complexType name="RuleType">
224     <simpleContent>
225       <extension base="conf:listOfStrings">
226         <attribute name="require" type="conf:string" use="required"/>
227         <attribute name="list" type="boolean"/>
228       </extension>
229     </simpleContent>
230   </complexType>
231   <complexType name="RuleRegexType">
232     <simpleContent>
233       <extension base="conf:string">
234         <attribute name="require" type="conf:string" use="required"/>
235         <attribute name="ignoreCase" type="boolean"/>
236       </extension>
237     </simpleContent>
238   </complexType>
239
240   <attributeGroup name="ContentSettings">
241     <attribute name="applicationId" type="conf:string"/>
242     <attribute name="authType" type="conf:string"/>
243     <attribute name="requireSession" type="boolean"/>
244     <attribute name="requireSessionWith" type="conf:string"/>
245     <attribute name="requireLogoutWith" type="anyURI"/>
246     <attribute name="exportAssertion" type="boolean"/>
247     <attribute name="exportStdVars" type="boolean"/>
248     <attribute name="exportCookie" type="boolean"/>
249     <attribute name="redirectToSSL" type="unsignedInt"/>
250     <attribute name="entityID" type="anyURI"/>
251     <attribute name="discoveryURL" type="anyURI"/>
252     <attribute name="discoveryPolicy" type="conf:string"/>
253     <attribute name="isPassive" type="boolean"/>
254     <attribute name="returnOnError" type="boolean"/>
255     <attribute name="forceAuthn" type="boolean"/>
256     <attribute name="authnContextClassRef" type="conf:listOfURIs"/>
257     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
258     <attribute name="NameIDFormat" type="anyURI"/>
259     <attribute name="SPNameQualifier" type="conf:string"/>
260     <attribute name="redirectErrors" type="anyURI"/>
261     <attribute name="sessionError" type="anyURI"/>
262     <attribute name="metadataError" type="anyURI"/>
263     <attribute name="accessError" type="anyURI"/>
264     <attribute name="sslError" type="anyURI"/>
265     <attribute name="target" type="anyURI"/>
266     <attribute name="acsIndex" type="unsignedShort"/>
267     <attribute name="REMOTE_ADDR" type="conf:string"/>
268     <attribute name="encoding" type="conf:string"/>
269     <anyAttribute namespace="##other" processContents="lax"/>
270   </attributeGroup>
271
272   <element name="RequestMap">
273     <annotation>
274       <documentation>
275         Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
276       </documentation>
277     </annotation>
278     <complexType>
279       <sequence>
280         <choice minOccurs="0">
281           <element name="htaccess" type="conf:PluggableType"/>
282           <element ref="conf:AccessControl"/>
283           <element name="AccessControlProvider" type="conf:PluggableType"/>
284         </choice>
285         <choice minOccurs="0" maxOccurs="unbounded">
286           <element name="Host" type="conf:HostType"/>
287           <element name="HostRegex" type="conf:HostRegexType"/>
288         </choice>
289         <element ref="ds:Signature" minOccurs="0"/>
290       </sequence>
291       <attribute name="unicodeAware" type="boolean"/>
292       <attributeGroup ref="conf:ContentSettings"/>
293     </complexType>
294   </element>
295
296   <complexType name="HostType">
297     <sequence>
298       <choice minOccurs="0">
299         <element name="htaccess" type="conf:PluggableType"/>
300         <element ref="conf:AccessControl"/>
301         <element name="AccessControlProvider" type="conf:PluggableType"/>
302       </choice>
303       <choice minOccurs="0" maxOccurs="unbounded">
304         <element name="Path" type="conf:PathType"/>
305         <element name="PathRegex" type="conf:PathRegexType"/>
306         <element name="Query" type="conf:QueryType"/>
307       </choice>
308     </sequence>
309     <attribute name="scheme">
310       <simpleType>
311         <restriction base="conf:string">
312           <enumeration value="http"/>
313           <enumeration value="https"/>
314           <enumeration value="ftp"/>
315           <enumeration value="ldap"/>
316           <enumeration value="ldaps"/>
317         </restriction>
318       </simpleType>
319     </attribute>
320     <attribute name="name" type="conf:string" use="required"/>
321     <attribute name="port" type="unsignedInt"/>
322     <attributeGroup ref="conf:ContentSettings"/>
323   </complexType>
324
325   <complexType name="HostRegexType">
326     <sequence>
327       <choice minOccurs="0">
328         <element name="htaccess" type="conf:PluggableType"/>
329         <element ref="conf:AccessControl"/>
330         <element name="AccessControlProvider" type="conf:PluggableType"/>
331       </choice>
332       <choice minOccurs="0" maxOccurs="unbounded">
333         <element name="Path" type="conf:PathType"/>
334         <element name="PathRegex" type="conf:PathRegexType"/>
335         <element name="Query" type="conf:QueryType"/>
336       </choice>
337     </sequence>
338     <attribute name="regex" type="conf:string" use="required"/>
339     <attribute name="ignoreCase" type="boolean"/>
340     <attributeGroup ref="conf:ContentSettings"/>
341   </complexType>
342
343   <complexType name="PathType">
344     <sequence>
345       <choice minOccurs="0">
346         <element name="htaccess" type="conf:PluggableType"/>
347         <element ref="conf:AccessControl"/>
348         <element name="AccessControlProvider" type="conf:PluggableType"/>
349       </choice>
350       <choice minOccurs="0" maxOccurs="unbounded">
351         <element name="Path" type="conf:PathType"/>
352         <element name="PathRegex" type="conf:PathRegexType"/>
353         <element name="Query" type="conf:QueryType"/>
354       </choice>
355     </sequence>
356     <attribute name="name" type="conf:string" use="required"/>
357     <attributeGroup ref="conf:ContentSettings"/>
358   </complexType>
359
360   <complexType name="PathRegexType">
361     <sequence>
362       <choice minOccurs="0">
363         <element name="htaccess" type="conf:PluggableType"/>
364         <element ref="conf:AccessControl"/>
365         <element name="AccessControlProvider" type="conf:PluggableType"/>
366       </choice>
367       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
368     </sequence>
369     <attribute name="regex" type="conf:string" use="required"/>
370     <attribute name="ignoreCase" type="boolean"/>
371     <attributeGroup ref="conf:ContentSettings"/>
372   </complexType>
373
374   <complexType name="QueryType">
375     <sequence>
376       <choice minOccurs="0">
377         <element name="htaccess" type="conf:PluggableType"/>
378         <element ref="conf:AccessControl"/>
379         <element name="AccessControlProvider" type="conf:PluggableType"/>
380       </choice>
381       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
382     </sequence>
383     <attribute name="name" type="conf:string" use="required"/>
384     <attribute name="regex" type="conf:string"/>
385     <attributeGroup ref="conf:ContentSettings"/>
386   </complexType>
387
388   <complexType name="ApplicationDefaultsType">
389     <annotation>
390       <documentation>Container for default settings and application-specific overrides</documentation>
391     </annotation>
392     <sequence>
393       <element name="Sessions" type="conf:SessionsType"/>
394       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
395       <choice minOccurs="0" maxOccurs="unbounded">
396         <element name="RelyingParty" type="conf:RelyingPartyType"/>
397         <element name="Notify" type="conf:NotifyType"/>
398         <element ref="saml:Audience"/>
399         <element name="MetadataProvider" type="conf:PluggableType"/>
400         <element name="TrustEngine" type="conf:PluggableType"/>
401         <element name="AttributeExtractor" type="conf:PluggableType"/>
402         <element name="AttributeResolver" type="conf:PluggableType"/>
403         <element name="AttributeFilter" type="conf:PluggableType"/>
404         <element name="CredentialResolver" type="conf:PluggableType"/>
405         <element name="ApplicationOverride" type="conf:ApplicationOverrideType"/>
406       </choice>
407     </sequence>
408     <attribute name="id" type="conf:string" fixed="default"/>
409     <attribute name="entityID" type="anyURI" use="required"/>
410     <attributeGroup ref="conf:ApplicationGroup"/>
411     <attributeGroup ref="conf:RelyingPartyGroup"/>
412     <anyAttribute namespace="##other" processContents="lax"/>
413   </complexType>
414
415   <complexType name="ApplicationOverrideType">
416     <annotation>
417       <documentation>Container for application-specific overrides</documentation>
418     </annotation>
419     <sequence>
420       <element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
421       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
422       <choice minOccurs="0" maxOccurs="unbounded">
423         <element name="RelyingParty" type="conf:RelyingPartyType"/>
424         <element name="Notify" type="conf:NotifyType"/>
425         <element ref="saml:Audience"/>
426         <element name="MetadataProvider" type="conf:PluggableType"/>
427         <element name="TrustEngine" type="conf:PluggableType"/>
428         <element name="AttributeExtractor" type="conf:PluggableType"/>
429         <element name="AttributeResolver" type="conf:PluggableType"/>
430         <element name="AttributeFilter" type="conf:PluggableType"/>
431         <element name="CredentialResolver" type="conf:PluggableType"/>
432       </choice>
433     </sequence>
434     <attribute name="id" type="conf:string" use="required"/>
435     <attribute name="entityID" type="anyURI"/>
436     <attributeGroup ref="conf:ApplicationGroup"/>
437     <attributeGroup ref="conf:RelyingPartyGroup"/>
438     <anyAttribute namespace="##other" processContents="lax"/>
439   </complexType>
440
441   <attributeGroup name="ApplicationGroup">
442     <attribute name="homeURL" type="anyURI"/>
443     <attribute name="policyId" type="conf:string"/>
444     <attribute name="REMOTE_USER" type="conf:listOfStrings"/>
445     <attribute name="unsetHeaders" type="conf:listOfStrings"/>
446     <attribute name="metadataAttributePrefix" type="conf:string"/>
447     <attribute name="attributePrefix" type="conf:string"/>
448     <attribute name="requireAuthenticatedEncryption" type="boolean"/>
449   </attributeGroup>
450
451   <attributeGroup name="RelyingPartyGroup">
452     <attribute name="authType" type="conf:string"/>
453     <attribute name="authUsername" type="conf:string"/>
454     <attribute name="authPassword" type="conf:string"/>
455     <attribute name="signing" type="conf:bindingBoolean"/>
456     <attribute name="signingAlg" type="anyURI"/>
457     <attribute name="digestAlg" type="anyURI"/>
458     <attribute name="encryption" type="conf:bindingBoolean"/>
459     <attribute name="encryptionAlg" type="anyURI"/>
460     <attribute name="keyName" type="conf:string"/>
461     <attribute name="artifactEndpointIndex" type="unsignedShort"/>
462     <attribute name="chunkedEncoding" type="boolean"/>
463     <attribute name="connectTimeout" type="unsignedShort"/>
464     <attribute name="timeout" type="unsignedShort"/>
465     <attribute name="requireConfidentiality" type="boolean"/>
466     <attribute name="requireTransportAuth" type="boolean"/>
467     <attribute name="requireSignedAssertions" type="boolean"/>
468     <attribute name="sessionHook" type="anyURI"/>
469     <attribute name="artifactByFilesystem" type="boolean"/>
470   </attributeGroup>
471     
472   <complexType name="SessionsType">
473     <annotation>
474       <documentation>Container for specifying protocol handlers and session policy</documentation>
475     </annotation>
476     <sequence>
477       <element name="SSO" minOccurs="0">
478         <complexType>
479           <annotation>
480             <documentation>Implicitly configures SessionInitiator and AssertionConsumerService handlers</documentation>
481           </annotation>
482           <simpleContent>
483             <extension base="conf:listOfStrings">
484               <attribute name="policyId" type="conf:string"/>
485               <attribute name="ignoreNoPassive" type="boolean"/>
486               <attribute name="discoveryProtocol" type="conf:string"/>
487               <attribute name="discoveryURL" type="anyURI"/>
488               <attributeGroup ref="conf:SessionInitiatorGroup"/>
489             </extension>
490           </simpleContent>
491         </complexType>
492       </element>
493       <element name="Logout" minOccurs="0">
494         <complexType>
495           <annotation>
496             <documentation>Implicitly configures LogoutInitiator and SingleLogoutService handlers</documentation>
497           </annotation>
498           <simpleContent>
499             <extension base="conf:listOfStrings">
500               <attribute name="policyId" type="conf:string"/>
501               <attributeGroup ref="conf:LogoutInitiatorGroup"/>
502             </extension>
503           </simpleContent>
504         </complexType>
505       </element>
506       <element name="NameIDMgmt" minOccurs="0">
507         <complexType>
508           <annotation>
509             <documentation>Implicitly configures ManageNameIDService handlers</documentation>
510           </annotation>
511           <simpleContent>
512             <extension base="conf:listOfStrings">
513               <attribute name="policyId" type="conf:string"/>
514             </extension>
515           </simpleContent>
516         </complexType>
517       </element>
518       <choice minOccurs="0" maxOccurs="unbounded">
519         <element ref="conf:SessionInitiator"/>
520         <element ref="conf:LogoutInitiator"/>
521         <element ref="md:AssertionConsumerService"/>
522         <element ref="md:ArtifactResolutionService"/>
523         <element ref="md:SingleLogoutService"/>
524         <element ref="md:ManageNameIDService"/>
525         <element ref="conf:Handler"/>
526       </choice>
527     </sequence>
528     <attribute name="handlerURL" type="anyURI"/>
529     <attribute name="handlerSSL" type="boolean"/>
530     <attribute name="exportLocation" type="conf:string"/>
531     <attribute name="exportACL" type="conf:listOfStrings"/>
532     <attribute name="cookieName" type="conf:string"/>
533     <attribute name="cookieProps" type="conf:string"/>
534     <attribute name="cookieLifetime" type="unsignedInt"/>
535     <attribute name="idpHistory" type="boolean"/>
536     <attribute name="idpHistoryDays" type="unsignedInt"/>
537     <attribute name="idpHistoryProps" type="conf:string"/>
538     <attribute name="lifetime" type="unsignedInt"/>
539     <attribute name="timeout" type="unsignedInt"/>
540     <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>
541     <attribute name="checkAddress" type="boolean"/>
542     <attribute name="consistentAddress" type="boolean"/>
543     <attribute name="postData" type="conf:string"/>
544     <attribute name="postLimit" type="positiveInteger"/>
545     <attribute name="postTemplate" type="conf:string"/>
546     <attribute name="postExpire" type="boolean"/>
547     <attribute name="relayState" type="conf:string"/>
548     <attribute name="relayStateLimit" type="conf:redirectLimitType"/>
549     <attribute name="relayStateWhitelist" type="conf:listOfURIs"/>
550     <attribute name="redirectLimit" type="conf:redirectLimitType"/>
551     <attribute name="redirectWhitelist" type="conf:listOfURIs"/>
552     <anyAttribute namespace="##other" processContents="lax"/>
553   </complexType>
554
555   <attribute name="policyId" type="conf:string">
556     <annotation>
557       <documentation>Used to override Policy from profile endpoints</documentation>
558     </annotation>
559   </attribute>
560
561   <attribute name="ignoreNoPassive" type="boolean">
562     <annotation>
563       <documentation>Used to ignore NoPassive errors in AssertionConsumerService endpoints</documentation>
564     </annotation>
565   </attribute>
566   
567   <attributeGroup name="SessionInitiatorGroup">
568     <annotation>
569       <documentation>Options common to explicit and implicit SessionInitiators</documentation>
570     </annotation>
571     <attribute name="relayState" type="conf:string"/>
572     <attribute name="entityIDParam" type="conf:string"/>
573     <attribute name="entityID" type="anyURI"/>
574     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
575     <attribute name="preservedOptions" type="conf:listOfStrings"/>
576     <attribute name="template" type="anyURI"/>
577     <attribute name="postArtifact" type="boolean"/>
578     <attribute name="acsByIndex" type="boolean"/>
579     <attribute name="isPassive" type="boolean"/>
580     <attribute name="returnOnError" type="boolean"/>
581     <attribute name="forceAuthn" type="boolean"/>
582     <attribute name="authnContextClassRef" type="anyURI"/>
583     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
584     <attribute name="NameIDFormat" type="anyURI"/>
585     <attribute name="SPNameQualifier" type="conf:string"/>
586     <attribute name="requestDelegation" type="boolean"/>
587     <attribute name="target" type="anyURI"/>
588     <attribute name="discoveryPolicy" type="conf:string"/>
589     <anyAttribute namespace="##any" processContents="lax"/>
590   </attributeGroup>
591
592   <element name="SessionInitiator">
593     <annotation>
594       <documentation>Used to specify handlers that can issue AuthnRequests or perform discovery</documentation>
595     </annotation>
596     <complexType>
597       <complexContent>
598         <restriction base="conf:PluggableType">
599           <sequence>
600             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
601           </sequence>
602           <attribute name="Location" type="anyURI"/>
603           <attribute name="id" type="conf:string"/>
604           <attribute name="isDefault" type="boolean"/>
605           <attribute name="URL" type="anyURI"/>
606           <attribute name="acsIndex" type="unsignedShort"/>
607           <attribute name="defaultACSIndex" type="unsignedShort"/>  <!-- deprecated -->
608           <attributeGroup ref="conf:SessionInitiatorGroup"/>
609         </restriction>
610       </complexContent>
611     </complexType>
612   </element>
613
614   <attributeGroup name="LogoutInitiatorGroup">
615     <annotation>
616       <documentation>Options common to explicit and implicit LogoutInitiators</documentation>
617     </annotation>
618     <attribute name="relayState" type="conf:string"/>
619     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
620     <attribute name="template" type="anyURI"/>
621     <attribute name="postArtifact" type="boolean"/>
622     <anyAttribute namespace="##any" processContents="lax"/>
623   </attributeGroup>
624
625   <element name="LogoutInitiator">
626     <annotation>
627       <documentation>Used to specify handlers that can issue LogoutRequests</documentation>
628     </annotation>
629     <complexType>
630       <complexContent>
631         <restriction base="conf:PluggableType">
632           <sequence>
633             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
634           </sequence>
635           <attribute name="Location" type="anyURI"/>
636           <attributeGroup ref="conf:LogoutInitiatorGroup"/>
637         </restriction>
638       </complexContent>
639     </complexType>
640   </element>
641
642   <element name="Handler">
643     <annotation>
644       <documentation>Used to specify custom handlers</documentation>
645     </annotation>
646     <complexType>
647       <complexContent>
648         <restriction base="conf:PluggableType">
649           <sequence>
650             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
651           </sequence>
652           <attribute name="Location" type="anyURI" use="required"/>
653           <attribute name="acl" type="conf:listOfStrings"/>
654           <anyAttribute namespace="##any" processContents="lax"/>
655         </restriction>
656       </complexContent>
657     </complexType>
658   </element>
659
660   <complexType name="ErrorsType">
661     <annotation>
662       <documentation>Container for error templates and associated details</documentation>
663     </annotation>
664     <sequence>
665       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
666     </sequence>
667     <attribute name="redirectErrors" type="anyURI"/>
668     <attribute name="session" type="anyURI"/>
669     <attribute name="metadata" type="anyURI"/>
670     <attribute name="access" type="anyURI"/>
671     <attribute name="ssl" type="anyURI"/>
672     <attribute name="localLogout" type="anyURI"/>
673     <attribute name="globalLogout" type="anyURI"/>
674     <attribute name="partialLogout" type="anyURI"/>
675     <anyAttribute namespace="##any" processContents="lax"/>
676   </complexType>
677
678   <complexType name="RelyingPartyType">
679     <annotation>
680       <documentation>Container for specifying settings to use with particular peers</documentation>
681     </annotation>
682     <sequence>
683       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
684     </sequence>
685     <attribute name="Name" type="conf:string"/>
686     <attribute name="type" type="conf:string"/>
687     <attributeGroup ref="conf:RelyingPartyGroup"/>
688     <attribute name="entityID" type="anyURI"/>
689     <anyAttribute namespace="##any" processContents="lax"/>
690   </complexType>
691
692   <complexType name="NotifyType">
693     <annotation>
694       <documentation>Used to specify locations to receive application notifications</documentation>
695     </annotation>
696     <sequence/>
697     <attribute name="Channel" use="required">
698       <simpleType>
699         <restriction base="string">
700           <enumeration value="front"/>
701           <enumeration value="back"/>
702         </restriction>
703       </simpleType>
704     </attribute>
705     <attribute name="Location" type="anyURI" use="required"/>
706     <anyAttribute namespace="##any" processContents="lax"/>
707   </complexType>
708
709   <element name="SecurityPolicies">
710     <complexType>
711       <annotation>
712         <documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>
713       </annotation>
714       <sequence>
715         <element name="Policy" minOccurs="1" maxOccurs="unbounded">
716           <annotation>
717             <documentation>Specifies a set of SecurityPolicyRule plugins</documentation>
718           </annotation>
719           <complexType>
720             <choice>
721               <element name="Rule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
722               <element name="PolicyRule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
723             </choice>
724             <attribute name="id" type="conf:string" use="required"/>
725             <attribute name="validate" type="boolean"/>
726             <anyAttribute namespace="##any" processContents="lax"/>
727           </complexType>
728         </element>
729         <choice minOccurs="0">
730           <element name="AlgorithmWhitelist" type="conf:listOfURIs"/>
731           <element name="AlgorithmBlacklist">
732             <complexType>
733               <simpleContent>
734                 <extension base="conf:listOfURIs">
735                   <attribute name="includeDefaultBlacklist" type="boolean"/>
736                 </extension>
737               </simpleContent>
738             </complexType>
739           </element>
740         </choice>
741       </sequence>
742     </complexType>
743   </element>
744
745   <element name="TransportOption">
746     <annotation>
747       <documentation>Implementation-specific option to pass to SOAPTransport provider.</documentation>
748     </annotation>
749     <complexType>
750       <simpleContent>
751         <extension base="anySimpleType">
752           <attribute name="provider" type="conf:string" use="required"/>
753           <attribute name="option" type="conf:string" use="required"/>
754         </extension>
755       </simpleContent>
756     </complexType>
757   </element>
758
759   <element name="SPConfig">
760     <complexType>
761       <annotation>
762         <documentation>Root of configuration</documentation>
763       </annotation>
764       <sequence>
765         <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
766         <element name="OutOfProcess" type="conf:OutOfProcessType" minOccurs="0"/>
767         <element name="InProcess" type="conf:InProcessType" minOccurs="0"/>
768         <choice minOccurs="0">
769           <element name="UnixListener">
770             <complexType>
771               <attribute name="address" type="conf:string" use="required"/>
772               <attribute name="stackSize" type="unsignedInt"/>
773             </complexType>
774           </element>
775           <element name="TCPListener">
776             <complexType>
777               <attribute name="address" type="conf:string" use="required"/>
778               <attribute name="port" type="unsignedInt" use="required"/>
779               <attribute name="acl" type="conf:listOfStrings"/>
780               <attribute name="stackSize" type="unsignedInt"/>
781             </complexType>
782           </element>
783           <element name="Listener" type="conf:PluggableType"/>
784         </choice>
785         <element name="StorageService" type="conf:StorageServiceType" minOccurs="0" maxOccurs="unbounded"/>
786         <element name="SessionCache" type="conf:SessionCacheType" minOccurs="0"/>
787         <element name="ReplayCache" type="conf:ReplayCacheType" minOccurs="0"/>
788         <element name="ArtifactMap" type="conf:ArtifactMapType" minOccurs="0"/>
789         <element name="RequestMapper" type="conf:PluggableType" minOccurs="0"/>
790         <element name="ApplicationDefaults" type="conf:ApplicationDefaultsType"/>
791         <choice>
792           <element name="SecurityPolicyProvider" type="conf:PluggableType"/>
793           <element ref="conf:SecurityPolicies"/> <!-- deprecated -->
794         </choice>
795         <element name="ProtocolProvider" type="conf:PluggableType" minOccurs="0"/>
796         <element ref="conf:TransportOption" minOccurs="0" maxOccurs="unbounded"/>
797         <element ref="ds:Signature" minOccurs="0"/>
798       </sequence>
799       <attribute name="logger" type="anyURI"/>
800       <attribute name="clockSkew" type="unsignedInt"/>
801       <attribute name="unsafeChars" type="conf:string"/>
802       <attribute name="allowedSchemes" type="conf:listOfStrings"/>
803       <attribute name="langFromClient" type="boolean"/>
804       <attribute name="langPriority" type="conf:listOfStrings"/>
805       <attribute name="contactPriority" type="conf:listOfStrings"/>
806       <anyAttribute namespace="##other" processContents="lax"/>
807     </complexType>
808   </element>
809
810 </schema>
Unnamed repository; edit this file 'description' to name the repository.