projects / shibboleth / cpp-sp.git / blob
? search:


6a37f22ead24698a198681a48d342e08087f6cee
[shibboleth/cpp-sp.git] / schemas / shibboleth-2.0-native-sp-config.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
3         xmlns="http://www.w3.org/2001/XMLSchema"
4         xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
5   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6         xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
7         xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
8         xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
9         elementFormDefault="qualified"
10         attributeFormDefault="unqualified"
11         blockDefault="substitution"
12         version="2.5">
13
14   <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
15   <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
16   <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/>
17   <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
18
19   <annotation>
20     <documentation>
21       2.0 schema for XML-based configuration of Shibboleth Native SP instances.
22       First appearing in Shibboleth 2.0 release.
23     </documentation>
24   </annotation>
25
26   <simpleType name="string">
27     <restriction base="string">
28       <minLength value="1"/>
29     </restriction>
30   </simpleType>
31
32   <simpleType name="listOfStrings">
33     <list itemType="conf:string"/>
34   </simpleType>
35
36   <simpleType name="listOfURIs">
37     <list itemType="anyURI"/>
38   </simpleType>
39
40   <simpleType name="bindingBoolean">
41     <restriction base="string">
42       <enumeration value="true"/>
43       <enumeration value="false"/>
44       <enumeration value="front"/>
45       <enumeration value="back"/>
46     </restriction>
47   </simpleType>
48
49   <simpleType name="redirectLimitType">
50     <restriction base="string">
51       <enumeration value="none"/>
52       <enumeration value="exact"/>
53       <enumeration value="host"/>
54       <enumeration value="whitelist"/>
55       <enumeration value="exact+whitelist"/>
56       <enumeration value="host+whitelist"/>
57     </restriction>
58   </simpleType>
59
60   <complexType name="PluggableType">
61     <sequence>
62       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
63     </sequence>
64     <attribute name="type" type="conf:string" use="required"/>
65     <anyAttribute namespace="##any" processContents="lax"/>
66   </complexType>
67
68   <complexType name="ExtensionsType">
69     <annotation>
70       <documentation>Container for extension libraries and custom configuration</documentation>
71     </annotation>
72     <sequence>
73       <element name="Library" minOccurs="0" maxOccurs="unbounded">
74         <complexType>
75           <sequence>
76             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
77           </sequence>
78           <attribute name="path" type="anyURI" use="required"/>
79           <attribute name="fatal" type="boolean"/>
80           <anyAttribute namespace="##any" processContents="lax"/>
81         </complexType>
82       </element>
83       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
84     </sequence>
85   </complexType>
86
87   <complexType name="StorageServiceType">
88     <annotation>
89       <documentation>References StorageService plugins</documentation>
90     </annotation>
91     <complexContent>
92       <restriction base="conf:PluggableType">
93         <sequence>
94           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
95         </sequence>
96         <attribute name="id" type="ID" use="required"/>
97         <attribute name="cleanupInterval" type="unsignedInt"/>
98         <anyAttribute namespace="##any" processContents="lax"/>
99       </restriction>
100     </complexContent>
101   </complexType>
102
103   <complexType name="SessionCacheType">
104     <annotation>
105       <documentation>References SessionCache plugins</documentation>
106     </annotation>
107     <complexContent>
108       <restriction base="conf:PluggableType">
109         <sequence>
110           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
111         </sequence>
112         <attribute name="StorageService" type="IDREF"/>
113         <attribute name="cacheAllowance" type="unsignedInt"/>
114         <attribute name="cacheTimeout" type="unsignedInt"/> <!-- deprecated -->
115         <anyAttribute namespace="##any" processContents="lax"/>
116       </restriction>
117     </complexContent>
118   </complexType>
119
120   <complexType name="ReplayCacheType">
121     <annotation>
122       <documentation>Ties ReplayCache to a custom StorageService</documentation>
123     </annotation>
124     <sequence/>
125     <attribute name="StorageService" type="IDREF"/>
126   </complexType>
127
128   <complexType name="ArtifactMapType">
129     <annotation>
130       <documentation>Customizes an ArtifactMap</documentation>
131     </annotation>
132     <sequence/>
133     <attribute name="StorageService" type="IDREF"/>
134     <attribute name="context" type="conf:string"/>
135     <attribute name="artifactTTL" type="unsignedInt"/>
136   </complexType>
137
138   <complexType name="OutOfProcessType">
139     <annotation>
140       <documentation>Container for out-of-process (shibd) configuration</documentation>
141     </annotation>
142     <sequence>
143       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
144       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
145     </sequence>
146     <attribute name="logger" type="anyURI"/>
147     <attribute name="tranLogFormat" type="conf:string"/>
148     <attribute name="tranLogFiller" type="conf:string"/>
149     <attribute name="catchAll" type="boolean"/>
150     <anyAttribute namespace="##other" processContents="lax"/>
151   </complexType>
152
153   <complexType name="InProcessType">
154     <annotation>
155       <documentation>
156         Container for configuration of locally integrated or platform-specific
157         features (e.g. web server filters)
158       </documentation>
159     </annotation>
160     <sequence>
161       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
162       <element name="ISAPI" minOccurs="0">
163         <complexType>
164           <sequence>
165             <element name="Site" maxOccurs="unbounded">
166               <complexType>
167                 <sequence>
168                   <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
169                 </sequence>
170                 <attribute name="id" type="unsignedInt" use="required"/>
171                 <attribute name="name" type="conf:string" use="required"/>
172                 <attribute name="port" type="unsignedInt"/>
173                 <attribute name="sslport" type="unsignedInt"/>
174                 <attribute name="scheme" type="conf:string"/>
175               </complexType>
176             </element>
177             <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
178           </sequence>
179           <attribute name="normalizeRequest" type="boolean"/>
180           <attribute name="safeHeaderNames" type="boolean"/>
181           <anyAttribute namespace="##other" processContents="lax"/>
182         </complexType>
183       </element>
184       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
185     </sequence>
186     <attribute name="logger" type="anyURI"/>
187     <attribute name="unsetHeaderValue" type="conf:string"/>
188     <attribute name="checkSpoofing" type="boolean"/>
189     <attribute name="spoofKey" type="conf:string"/>
190     <attribute name="catchAll" type="boolean"/>
191     <attribute name="extraAuthTypes" type="conf:listOfStrings"/>
192     <anyAttribute namespace="##other" processContents="lax"/>
193   </complexType>
194
195   <element name="AccessControl" type="conf:UniOperatorType">
196     <annotation>
197       <documentation>
198         A simple example access policy language extension that supersedes Apache .htaccess
199       </documentation>
200     </annotation>
201   </element>
202   <complexType name="UniOperatorType">
203     <choice>
204       <element name="AND" type="conf:MultiOperatorType"/>
205       <element name="OR" type="conf:MultiOperatorType"/>
206       <element name="NOT" type="conf:UniOperatorType"/>
207       <element name="Rule" type="conf:RuleType"/>
208       <element name="RuleRegex" type="conf:RuleRegexType"/>
209     </choice>
210   </complexType>
211   <complexType name="MultiOperatorType">
212     <choice minOccurs="2" maxOccurs="unbounded">
213       <element name="AND" type="conf:MultiOperatorType"/>
214       <element name="OR" type="conf:MultiOperatorType"/>
215       <element name="NOT" type="conf:UniOperatorType"/>
216       <element name="Rule" type="conf:RuleType"/>
217       <element name="RuleRegex" type="conf:RuleRegexType"/>
218     </choice>
219   </complexType>
220   <complexType name="RuleType">
221     <simpleContent>
222       <extension base="conf:listOfStrings">
223         <attribute name="require" type="conf:string" use="required"/>
224         <attribute name="list" type="boolean"/>
225       </extension>
226     </simpleContent>
227   </complexType>
228   <complexType name="RuleRegexType">
229     <simpleContent>
230       <extension base="conf:string">
231         <attribute name="require" type="conf:string" use="required"/>
232         <attribute name="ignoreCase" type="boolean"/>
233       </extension>
234     </simpleContent>
235   </complexType>
236
237   <attributeGroup name="ContentSettings">
238     <attribute name="applicationId" type="conf:string"/>
239     <attribute name="authType" type="conf:string"/>
240     <attribute name="requireSession" type="boolean"/>
241     <attribute name="requireSessionWith" type="conf:string"/>
242     <attribute name="exportAssertion" type="boolean"/>
243     <attribute name="exportStdVars" type="boolean"/>
244     <attribute name="redirectToSSL" type="unsignedInt"/>
245     <attribute name="entityID" type="anyURI"/>
246     <attribute name="discoveryURL" type="anyURI"/>
247     <attribute name="discoveryPolicy" type="conf:string"/>
248     <attribute name="isPassive" type="boolean"/>
249     <attribute name="returnOnError" type="boolean"/>
250     <attribute name="forceAuthn" type="boolean"/>
251     <attribute name="authnContextClassRef" type="conf:listOfURIs"/>
252     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
253     <attribute name="NameIDFormat" type="anyURI"/>
254     <attribute name="SPNameQualifier" type="conf:string"/>
255     <attribute name="redirectErrors" type="anyURI"/>
256     <attribute name="sessionError" type="anyURI"/>
257     <attribute name="metadataError" type="anyURI"/>
258     <attribute name="accessError" type="anyURI"/>
259     <attribute name="sslError" type="anyURI"/>
260     <attribute name="target" type="anyURI"/>
261     <attribute name="acsIndex" type="unsignedShort"/>
262     <attribute name="REMOTE_ADDR" type="conf:string"/>
263     <attribute name="encoding" type="conf:string"/>
264     <anyAttribute namespace="##other" processContents="lax"/>
265   </attributeGroup>
266
267   <element name="RequestMap">
268     <annotation>
269       <documentation>
270         Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
271       </documentation>
272     </annotation>
273     <complexType>
274       <sequence>
275         <choice minOccurs="0">
276           <element name="htaccess" type="conf:PluggableType"/>
277           <element ref="conf:AccessControl"/>
278           <element name="AccessControlProvider" type="conf:PluggableType"/>
279         </choice>
280         <choice minOccurs="0" maxOccurs="unbounded">
281           <element name="Host" type="conf:HostType"/>
282           <element name="HostRegex" type="conf:HostRegexType"/>
283         </choice>
284         <element ref="ds:Signature" minOccurs="0"/>
285       </sequence>
286       <attribute name="unicodeAware" type="boolean"/>
287       <attributeGroup ref="conf:ContentSettings"/>
288     </complexType>
289   </element>
290
291   <complexType name="HostType">
292     <sequence>
293       <choice minOccurs="0">
294         <element name="htaccess" type="conf:PluggableType"/>
295         <element ref="conf:AccessControl"/>
296         <element name="AccessControlProvider" type="conf:PluggableType"/>
297       </choice>
298       <choice minOccurs="0" maxOccurs="unbounded">
299         <element name="Path" type="conf:PathType"/>
300         <element name="PathRegex" type="conf:PathRegexType"/>
301         <element name="Query" type="conf:QueryType"/>
302       </choice>
303     </sequence>
304     <attribute name="scheme">
305       <simpleType>
306         <restriction base="conf:string">
307           <enumeration value="http"/>
308           <enumeration value="https"/>
309           <enumeration value="ftp"/>
310           <enumeration value="ldap"/>
311           <enumeration value="ldaps"/>
312         </restriction>
313       </simpleType>
314     </attribute>
315     <attribute name="name" type="conf:string" use="required"/>
316     <attribute name="port" type="unsignedInt"/>
317     <attributeGroup ref="conf:ContentSettings"/>
318   </complexType>
319
320   <complexType name="HostRegexType">
321     <sequence>
322       <choice minOccurs="0">
323         <element name="htaccess" type="conf:PluggableType"/>
324         <element ref="conf:AccessControl"/>
325         <element name="AccessControlProvider" type="conf:PluggableType"/>
326       </choice>
327       <choice minOccurs="0" maxOccurs="unbounded">
328         <element name="Path" type="conf:PathType"/>
329         <element name="PathRegex" type="conf:PathRegexType"/>
330         <element name="Query" type="conf:QueryType"/>
331       </choice>
332     </sequence>
333     <attribute name="regex" type="conf:string" use="required"/>
334     <attribute name="ignoreCase" type="boolean"/>
335     <attributeGroup ref="conf:ContentSettings"/>
336   </complexType>
337
338   <complexType name="PathType">
339     <sequence>
340       <choice minOccurs="0">
341         <element name="htaccess" type="conf:PluggableType"/>
342         <element ref="conf:AccessControl"/>
343         <element name="AccessControlProvider" type="conf:PluggableType"/>
344       </choice>
345       <choice minOccurs="0" maxOccurs="unbounded">
346         <element name="Path" type="conf:PathType"/>
347         <element name="PathRegex" type="conf:PathRegexType"/>
348         <element name="Query" type="conf:QueryType"/>
349       </choice>
350     </sequence>
351     <attribute name="name" type="conf:string" use="required"/>
352     <attributeGroup ref="conf:ContentSettings"/>
353   </complexType>
354
355   <complexType name="PathRegexType">
356     <sequence>
357       <choice minOccurs="0">
358         <element name="htaccess" type="conf:PluggableType"/>
359         <element ref="conf:AccessControl"/>
360         <element name="AccessControlProvider" type="conf:PluggableType"/>
361       </choice>
362       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
363     </sequence>
364     <attribute name="regex" type="conf:string" use="required"/>
365     <attribute name="ignoreCase" type="boolean"/>
366     <attributeGroup ref="conf:ContentSettings"/>
367   </complexType>
368
369   <complexType name="QueryType">
370     <sequence>
371       <choice minOccurs="0">
372         <element name="htaccess" type="conf:PluggableType"/>
373         <element ref="conf:AccessControl"/>
374         <element name="AccessControlProvider" type="conf:PluggableType"/>
375       </choice>
376       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
377     </sequence>
378     <attribute name="name" type="conf:string" use="required"/>
379     <attribute name="regex" type="conf:string"/>
380     <attributeGroup ref="conf:ContentSettings"/>
381   </complexType>
382
383   <complexType name="ApplicationDefaultsType">
384     <annotation>
385       <documentation>Container for default settings and application-specific overrides</documentation>
386     </annotation>
387     <sequence>
388       <element name="Sessions" type="conf:SessionsType"/>
389       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
390       <choice minOccurs="0" maxOccurs="unbounded">
391         <element name="RelyingParty" type="conf:RelyingPartyType"/>
392         <element name="Notify" type="conf:NotifyType"/>
393         <element ref="saml:Audience"/>
394         <element name="MetadataProvider" type="conf:PluggableType"/>
395         <element name="TrustEngine" type="conf:PluggableType"/>
396         <element name="AttributeExtractor" type="conf:PluggableType"/>
397         <element name="AttributeResolver" type="conf:PluggableType"/>
398         <element name="AttributeFilter" type="conf:PluggableType"/>
399         <element name="CredentialResolver" type="conf:PluggableType"/>
400         <element name="ApplicationOverride" type="conf:ApplicationOverrideType"/>
401       </choice>
402     </sequence>
403     <attribute name="id" type="conf:string" fixed="default"/>
404     <attribute name="entityID" type="anyURI" use="required"/>
405     <attribute name="policyId" type="conf:string"/>
406     <attributeGroup ref="conf:ApplicationGroup"/>
407     <attributeGroup ref="conf:RelyingPartyGroup"/>
408     <anyAttribute namespace="##other" processContents="lax"/>
409   </complexType>
410
411   <complexType name="ApplicationOverrideType">
412     <annotation>
413       <documentation>Container for application-specific overrides</documentation>
414     </annotation>
415     <sequence>
416       <element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
417       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
418       <choice minOccurs="0" maxOccurs="unbounded">
419         <element name="RelyingParty" type="conf:RelyingPartyType"/>
420         <element name="Notify" type="conf:NotifyType"/>
421         <element ref="saml:Audience"/>
422         <element name="MetadataProvider" type="conf:PluggableType"/>
423         <element name="TrustEngine" type="conf:PluggableType"/>
424         <element name="AttributeExtractor" type="conf:PluggableType"/>
425         <element name="AttributeResolver" type="conf:PluggableType"/>
426         <element name="AttributeFilter" type="conf:PluggableType"/>
427         <element name="CredentialResolver" type="conf:PluggableType"/>
428       </choice>
429     </sequence>
430     <attribute name="id" type="conf:string" use="required"/>
431     <attribute name="entityID" type="anyURI"/>
432     <attribute name="policyId" type="conf:string"/>
433     <attributeGroup ref="conf:ApplicationGroup"/>
434     <attributeGroup ref="conf:RelyingPartyGroup"/>
435     <anyAttribute namespace="##other" processContents="lax"/>
436   </complexType>
437
438   <attributeGroup name="ApplicationGroup">
439     <attribute name="homeURL" type="anyURI"/>
440     <attribute name="REMOTE_USER" type="conf:listOfStrings"/>
441     <attribute name="unsetHeaders" type="conf:listOfStrings"/>
442     <attribute name="metadataAttributePrefix" type="conf:string"/>
443     <attribute name="attributePrefix" type="conf:string"/>
444   </attributeGroup>
445
446   <attributeGroup name="RelyingPartyGroup">
447     <attribute name="authType" type="conf:string"/>
448     <attribute name="authUsername" type="conf:string"/>
449     <attribute name="authPassword" type="conf:string"/>
450     <attribute name="signing" type="conf:bindingBoolean"/>
451     <attribute name="signingAlg" type="anyURI"/>
452     <attribute name="digestAlg" type="anyURI"/>
453     <attribute name="encryption" type="conf:bindingBoolean"/>
454     <attribute name="encryptionAlg" type="anyURI"/>
455     <attribute name="keyName" type="conf:string"/>
456     <attribute name="artifactEndpointIndex" type="unsignedShort"/>
457     <attribute name="chunkedEncoding" type="boolean"/>
458     <attribute name="connectTimeout" type="unsignedShort"/>
459     <attribute name="timeout" type="unsignedShort"/>
460     <attribute name="requireConfidentiality" type="boolean"/>
461     <attribute name="requireTransportAuth" type="boolean"/>
462     <attribute name="requireSignedAssertions" type="boolean"/>
463     <attribute name="sessionHook" type="anyURI"/>
464   </attributeGroup>
465     
466   <complexType name="SessionsType">
467     <annotation>
468       <documentation>Container for specifying protocol handlers and session policy</documentation>
469     </annotation>
470     <sequence>
471       <element name="SSO" minOccurs="0">
472         <complexType>
473           <annotation>
474             <documentation>Implicitly configures SessionInitiator and AssertionConsumerService handlers</documentation>
475           </annotation>
476           <simpleContent>
477             <extension base="conf:listOfStrings">
478               <attribute name="discoveryProtocol" type="conf:string"/>
479               <attribute name="discoveryURL" type="anyURI"/>
480               <attributeGroup ref="conf:SessionInitiatorGroup"/>
481             </extension>
482           </simpleContent>
483         </complexType>
484       </element>
485       <element name="Logout" minOccurs="0">
486         <complexType>
487           <annotation>
488             <documentation>Implicitly configures LogoutInitiator and SingleLogoutService handlers</documentation>
489           </annotation>
490           <simpleContent>
491             <extension base="conf:listOfStrings">
492               <attributeGroup ref="conf:LogoutInitiatorGroup"/>
493             </extension>
494           </simpleContent>
495         </complexType>
496       </element>
497       <element name="NameIDMgmt" type="conf:listOfStrings" minOccurs="0">
498         <annotation>
499           <documentation>Implicitly configures ManageNameIDService handlers</documentation>
500         </annotation>
501       </element>
502       <choice minOccurs="0" maxOccurs="unbounded">
503         <element ref="conf:SessionInitiator"/>
504         <element ref="conf:LogoutInitiator"/>
505         <element ref="md:AssertionConsumerService"/>
506         <element ref="md:ArtifactResolutionService"/>
507         <element ref="md:SingleLogoutService"/>
508         <element ref="md:ManageNameIDService"/>
509         <element ref="conf:Handler"/>
510       </choice>
511     </sequence>
512     <attribute name="handlerURL" type="anyURI"/>
513     <attribute name="handlerSSL" type="boolean"/>
514     <attribute name="exportLocation" type="conf:string"/>
515     <attribute name="exportACL" type="conf:listOfStrings"/>
516     <attribute name="cookieName" type="conf:string"/>
517     <attribute name="cookieProps" type="conf:string"/>
518     <attribute name="cookieLifetime" type="unsignedInt"/>
519     <attribute name="idpHistory" type="boolean"/>
520     <attribute name="idpHistoryDays" type="unsignedInt"/>
521     <attribute name="lifetime" type="unsignedInt"/>
522     <attribute name="timeout" type="unsignedInt"/>
523     <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>
524     <attribute name="checkAddress" type="boolean"/>
525     <attribute name="consistentAddress" type="boolean"/>
526     <attribute name="postData" type="conf:string"/>
527     <attribute name="postLimit" type="positiveInteger"/>
528     <attribute name="postTemplate" type="conf:string"/>
529     <attribute name="postExpire" type="boolean"/>
530     <attribute name="relayState" type="conf:string"/>
531     <attribute name="relayStateLimit" type="conf:redirectLimitType"/>
532     <attribute name="relayStateWhitelist" type="conf:listOfURIs"/>
533     <attribute name="redirectLimit" type="conf:redirectLimitType"/>
534     <attribute name="redirectWhitelist" type="conf:listOfURIs"/>
535     <anyAttribute namespace="##other" processContents="lax"/>
536   </complexType>
537
538   <attribute name="policyId" type="conf:string">
539     <annotation>
540       <documentation>Used to override Policy from profile endpoints</documentation>
541     </annotation>
542   </attribute>
543
544   <attributeGroup name="SessionInitiatorGroup">
545     <annotation>
546       <documentation>Options common to explicit and implicit SessionInitiators</documentation>
547     </annotation>
548     <attribute name="relayState" type="conf:string"/>
549     <attribute name="entityIDParam" type="conf:string"/>
550     <attribute name="entityID" type="anyURI"/>
551     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
552     <attribute name="preservedOptions" type="conf:listOfStrings"/>
553     <attribute name="template" type="anyURI"/>
554     <attribute name="postArtifact" type="boolean"/>
555     <attribute name="acsByIndex" type="boolean"/>
556     <attribute name="isPassive" type="boolean"/>
557     <attribute name="returnOnError" type="boolean"/>
558     <attribute name="forceAuthn" type="boolean"/>
559     <attribute name="authnContextClassRef" type="anyURI"/>
560     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
561     <attribute name="NameIDFormat" type="anyURI"/>
562     <attribute name="SPNameQualifier" type="conf:string"/>
563     <attribute name="requestDelegation" type="boolean"/>
564     <attribute name="target" type="anyURI"/>
565     <attribute name="discoveryPolicy" type="conf:string"/>
566     <anyAttribute namespace="##any" processContents="lax"/>
567   </attributeGroup>
568
569   <element name="SessionInitiator">
570     <annotation>
571       <documentation>Used to specify handlers that can issue AuthnRequests or perform discovery</documentation>
572     </annotation>
573     <complexType>
574       <complexContent>
575         <restriction base="conf:PluggableType">
576           <sequence>
577             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
578           </sequence>
579           <attribute name="Location" type="anyURI"/>
580           <attribute name="id" type="conf:string"/>
581           <attribute name="isDefault" type="boolean"/>
582           <attribute name="URL" type="anyURI"/>
583           <attribute name="acsIndex" type="unsignedShort"/>
584           <attribute name="defaultACSIndex" type="unsignedShort"/>  <!-- deprecated -->
585           <attributeGroup ref="conf:SessionInitiatorGroup"/>
586         </restriction>
587       </complexContent>
588     </complexType>
589   </element>
590
591   <attributeGroup name="LogoutInitiatorGroup">
592     <annotation>
593       <documentation>Options common to explicit and implicit LogoutInitiators</documentation>
594     </annotation>
595     <attribute name="relayState" type="conf:string"/>
596     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
597     <attribute name="template" type="anyURI"/>
598     <attribute name="postArtifact" type="boolean"/>
599     <anyAttribute namespace="##any" processContents="lax"/>
600   </attributeGroup>
601
602   <element name="LogoutInitiator">
603     <annotation>
604       <documentation>Used to specify handlers that can issue LogoutRequests</documentation>
605     </annotation>
606     <complexType>
607       <complexContent>
608         <restriction base="conf:PluggableType">
609           <sequence>
610             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
611           </sequence>
612           <attribute name="Location" type="anyURI"/>
613           <attributeGroup ref="conf:LogoutInitiatorGroup"/>
614         </restriction>
615       </complexContent>
616     </complexType>
617   </element>
618
619   <element name="Handler">
620     <annotation>
621       <documentation>Used to specify custom handlers</documentation>
622     </annotation>
623     <complexType>
624       <complexContent>
625         <restriction base="conf:PluggableType">
626           <sequence>
627             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
628           </sequence>
629           <attribute name="Location" type="anyURI" use="required"/>
630           <attribute name="acl" type="conf:listOfStrings"/>
631           <anyAttribute namespace="##any" processContents="lax"/>
632         </restriction>
633       </complexContent>
634     </complexType>
635   </element>
636
637   <complexType name="ErrorsType">
638     <annotation>
639       <documentation>Container for error templates and associated details</documentation>
640     </annotation>
641     <sequence>
642       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
643     </sequence>
644     <attribute name="redirectErrors" type="anyURI"/>
645     <attribute name="session" type="anyURI"/>
646     <attribute name="metadata" type="anyURI"/>
647     <attribute name="access" type="anyURI"/>
648     <attribute name="ssl" type="anyURI"/>
649     <attribute name="localLogout" type="anyURI"/>
650     <attribute name="globalLogout" type="anyURI"/>
651     <attribute name="partialLogout" type="anyURI"/>
652     <attribute name="supportContact" type="conf:string"/>
653     <attribute name="logoLocation" type="anyURI"/>
654     <attribute name="helpLocation" type="anyURI"/>
655     <attribute name="styleSheet" type="anyURI"/>
656     <anyAttribute namespace="##any" processContents="lax"/>
657   </complexType>
658
659   <complexType name="RelyingPartyType">
660     <annotation>
661       <documentation>Container for specifying settings to use with particular peers</documentation>
662     </annotation>
663     <sequence/>
664     <attribute name="Name" type="conf:string" use="required"/>
665     <attributeGroup ref="conf:RelyingPartyGroup"/>
666     <attribute name="entityID" type="anyURI"/>
667     <anyAttribute namespace="##other" processContents="lax"/>
668   </complexType>
669
670   <complexType name="NotifyType">
671     <annotation>
672       <documentation>Used to specify locations to receive application notifications</documentation>
673     </annotation>
674     <sequence/>
675     <attribute name="Channel" use="required">
676       <simpleType>
677         <restriction base="string">
678           <enumeration value="front"/>
679           <enumeration value="back"/>
680         </restriction>
681       </simpleType>
682     </attribute>
683     <attribute name="Location" type="anyURI" use="required"/>
684     <anyAttribute namespace="##any" processContents="lax"/>
685   </complexType>
686
687   <element name="SecurityPolicies">
688     <complexType>
689       <annotation>
690         <documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>
691       </annotation>
692       <sequence>
693         <element name="Policy" minOccurs="1" maxOccurs="unbounded">
694           <annotation>
695             <documentation>Specifies a set of SecurityPolicyRule plugins</documentation>
696           </annotation>
697           <complexType>
698             <choice>
699               <element name="Rule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
700               <element name="PolicyRule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
701             </choice>
702             <attribute name="id" type="conf:string" use="required"/>
703             <attribute name="validate" type="boolean"/>
704             <anyAttribute namespace="##any" processContents="lax"/>
705           </complexType>
706         </element>
707         <choice minOccurs="0">
708           <element name="AlgorithmWhitelist" type="conf:listOfURIs"/>
709           <element name="AlgorithmBlacklist" type="conf:listOfURIs"/>
710         </choice>
711       </sequence>
712     </complexType>
713   </element>
714
715   <element name="TransportOption">
716     <annotation>
717       <documentation>Implementation-specific option to pass to SOAPTransport provider.</documentation>
718     </annotation>
719     <complexType>
720       <simpleContent>
721         <extension base="anySimpleType">
722           <attribute name="provider" type="conf:string" use="required"/>
723           <attribute name="option" type="conf:string" use="required"/>
724         </extension>
725       </simpleContent>
726     </complexType>
727   </element>
728
729   <element name="SPConfig">
730     <complexType>
731       <annotation>
732         <documentation>Root of configuration</documentation>
733       </annotation>
734       <sequence>
735         <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
736         <element name="OutOfProcess" type="conf:OutOfProcessType" minOccurs="0"/>
737         <element name="InProcess" type="conf:InProcessType" minOccurs="0"/>
738         <choice minOccurs="0">
739           <element name="UnixListener">
740             <complexType>
741               <attribute name="address" type="conf:string" use="required"/>
742               <attribute name="stackSize" type="unsignedInt"/>
743             </complexType>
744           </element>
745           <element name="TCPListener">
746             <complexType>
747               <attribute name="address" type="conf:string" use="required"/>
748               <attribute name="port" type="unsignedInt" use="required"/>
749               <attribute name="acl" type="conf:listOfStrings"/>
750               <attribute name="stackSize" type="unsignedInt"/>
751             </complexType>
752           </element>
753           <element name="Listener" type="conf:PluggableType"/>
754         </choice>
755         <element name="StorageService" type="conf:StorageServiceType" minOccurs="0" maxOccurs="unbounded"/>
756         <element name="SessionCache" type="conf:SessionCacheType" minOccurs="0"/>
757         <element name="ReplayCache" type="conf:ReplayCacheType" minOccurs="0"/>
758         <element name="ArtifactMap" type="conf:ArtifactMapType" minOccurs="0"/>
759         <element name="RequestMapper" type="conf:PluggableType" minOccurs="0"/>
760         <element name="ApplicationDefaults" type="conf:ApplicationDefaultsType"/>
761         <choice>
762           <element name="SecurityPolicyProvider" type="conf:PluggableType"/>
763           <element ref="conf:SecurityPolicies"/> <!-- deprecated -->
764         </choice>
765         <element name="ProtocolProvider" type="conf:PluggableType" minOccurs="0"/>
766         <element ref="conf:TransportOption" minOccurs="0" maxOccurs="unbounded"/>
767         <element ref="ds:Signature" minOccurs="0"/>
768       </sequence>
769       <attribute name="logger" type="anyURI"/>
770       <attribute name="clockSkew" type="unsignedInt"/>
771       <attribute name="unsafeChars" type="conf:string"/>
772       <attribute name="allowedSchemes" type="conf:listOfStrings"/>
773       <attribute name="langFromClient" type="boolean"/>
774       <attribute name="langPriority" type="conf:listOfStrings"/>
775       <attribute name="contactPriority" type="conf:listOfStrings"/>
776       <anyAttribute namespace="##other" processContents="lax"/>
777     </complexType>
778   </element>
779
780 </schema>
Unnamed repository; edit this file 'description' to name the repository.