schemas/shibboleth-2.0-native-sp-config.xsd

   1 <?xml version="1.0" encoding="US-ASCII"?>
   2 <schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
   3         xmlns="http://www.w3.org/2001/XMLSchema"
   4         xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
   5   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
   6         xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
   7         xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
   8         xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
   9         elementFormDefault="qualified"
  10         attributeFormDefault="unqualified"
  11         blockDefault="substitution"
  12         version="2.4">
  13
  14   <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
  15   <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
  16   <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/>
  17   <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
  18
  19   <annotation>
  20     <documentation>
  21       2.0 schema for XML-based configuration of Shibboleth Native SP instances.
  22       First appearing in Shibboleth 2.0 release.
  23     </documentation>
  24   </annotation>
  25
  26   <simpleType name="string">
  27     <restriction base="string">
  28       <minLength value="1"/>
  29     </restriction>
  30   </simpleType>
  31
  32   <simpleType name="listOfStrings">
  33     <list itemType="conf:string"/>
  34   </simpleType>
  35
  36   <simpleType name="listOfURIs">
  37     <list itemType="anyURI"/>
  38   </simpleType>
  39
  40   <simpleType name="bindingBoolean">
  41     <restriction base="string">
  42       <enumeration value="true"/>
  43       <enumeration value="false"/>
  44       <enumeration value="front"/>
  45       <enumeration value="back"/>
  46     </restriction>
  47   </simpleType>
  48
  49   <complexType name="PluggableType">
  50     <sequence>
  51       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  52     </sequence>
  53     <attribute name="type" type="conf:string" use="required"/>
  54     <anyAttribute namespace="##any" processContents="lax"/>
  55   </complexType>
  56
  57   <complexType name="ExtensionsType">
  58     <annotation>
  59       <documentation>Container for extension libraries and custom configuration</documentation>
  60     </annotation>
  61     <sequence>
  62       <element name="Library" minOccurs="0" maxOccurs="unbounded">
  63         <complexType>
  64           <sequence>
  65             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  66           </sequence>
  67           <attribute name="path" type="anyURI" use="required"/>
  68           <attribute name="fatal" type="boolean"/>
  69           <anyAttribute namespace="##any" processContents="lax"/>
  70         </complexType>
  71       </element>
  72       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  73     </sequence>
  74   </complexType>
  75
  76   <complexType name="StorageServiceType">
  77     <annotation>
  78       <documentation>References StorageService plugins</documentation>
  79     </annotation>
  80     <complexContent>
  81       <restriction base="conf:PluggableType">
  82         <sequence>
  83           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  84         </sequence>
  85         <attribute name="id" type="ID" use="required"/>
  86         <attribute name="cleanupInterval" type="unsignedInt"/>
  87         <anyAttribute namespace="##any" processContents="lax"/>
  88       </restriction>
  89     </complexContent>
  90   </complexType>
  91
  92   <complexType name="SessionCacheType">
  93     <annotation>
  94       <documentation>References SessionCache plugins</documentation>
  95     </annotation>
  96     <complexContent>
  97       <restriction base="conf:PluggableType">
  98         <sequence>
  99           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 100         </sequence>
 101         <attribute name="StorageService" type="IDREF"/>
 102         <attribute name="cacheAllowance" type="unsignedInt"/>
 103         <attribute name="cacheTimeout" type="unsignedInt"/> <!-- deprecated -->
 104         <anyAttribute namespace="##any" processContents="lax"/>
 105       </restriction>
 106     </complexContent>
 107   </complexType>
 108
 109   <complexType name="ReplayCacheType">
 110     <annotation>
 111       <documentation>Ties ReplayCache to a custom StorageService</documentation>
 112     </annotation>
 113     <sequence/>
 114     <attribute name="StorageService" type="IDREF"/>
 115   </complexType>
 116
 117   <complexType name="ArtifactMapType">
 118     <annotation>
 119       <documentation>Customizes an ArtifactMap</documentation>
 120     </annotation>
 121     <sequence/>
 122     <attribute name="StorageService" type="IDREF"/>
 123     <attribute name="context" type="conf:string"/>
 124     <attribute name="artifactTTL" type="unsignedInt"/>
 125   </complexType>
 126
 127   <complexType name="OutOfProcessType">
 128     <annotation>
 129       <documentation>Container for out-of-process (shibd) configuration</documentation>
 130     </annotation>
 131     <sequence>
 132       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
 133       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 134     </sequence>
 135     <attribute name="logger" type="anyURI"/>
 136     <attribute name="catchAll" type="boolean"/>
 137     <anyAttribute namespace="##other" processContents="lax"/>
 138   </complexType>
 139
 140   <complexType name="InProcessType">
 141     <annotation>
 142       <documentation>
 143         Container for configuration of locally integrated or platform-specific
 144         features (e.g. web server filters)
 145       </documentation>
 146     </annotation>
 147     <sequence>
 148       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
 149       <element name="ISAPI" minOccurs="0">
 150         <complexType>
 151           <sequence>
 152             <element name="Site" maxOccurs="unbounded">
 153               <complexType>
 154                 <sequence>
 155                   <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
 156                 </sequence>
 157                 <attribute name="id" type="unsignedInt" use="required"/>
 158                 <attribute name="name" type="conf:string" use="required"/>
 159                 <attribute name="port" type="unsignedInt"/>
 160                 <attribute name="sslport" type="unsignedInt"/>
 161                 <attribute name="scheme" type="conf:string"/>
 162               </complexType>
 163             </element>
 164             <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 165           </sequence>
 166           <attribute name="normalizeRequest" type="boolean"/>
 167           <attribute name="safeHeaderNames" type="boolean"/>
 168           <anyAttribute namespace="##other" processContents="lax"/>
 169         </complexType>
 170       </element>
 171       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 172     </sequence>
 173     <attribute name="logger" type="anyURI"/>
 174     <attribute name="unsetHeaderValue" type="conf:string"/>
 175     <attribute name="checkSpoofing" type="boolean"/>
 176     <attribute name="spoofKey" type="conf:string"/>
 177     <attribute name="catchAll" type="boolean"/>
 178     <attribute name="extraAuthTypes" type="conf:listOfStrings"/>
 179     <anyAttribute namespace="##other" processContents="lax"/>
 180   </complexType>
 181
 182   <element name="AccessControl" type="conf:UniOperatorType">
 183     <annotation>
 184       <documentation>
 185         A simple example access policy language extension that supersedes Apache .htaccess
 186       </documentation>
 187     </annotation>
 188   </element>
 189   <complexType name="UniOperatorType">
 190     <choice>
 191       <element name="AND" type="conf:MultiOperatorType"/>
 192       <element name="OR" type="conf:MultiOperatorType"/>
 193       <element name="NOT" type="conf:UniOperatorType"/>
 194       <element name="Rule" type="conf:RuleType"/>
 195       <element name="RuleRegex" type="conf:RuleRegexType"/>
 196     </choice>
 197   </complexType>
 198   <complexType name="MultiOperatorType">
 199     <choice minOccurs="2" maxOccurs="unbounded">
 200       <element name="AND" type="conf:MultiOperatorType"/>
 201       <element name="OR" type="conf:MultiOperatorType"/>
 202       <element name="NOT" type="conf:UniOperatorType"/>
 203       <element name="Rule" type="conf:RuleType"/>
 204       <element name="RuleRegex" type="conf:RuleRegexType"/>
 205     </choice>
 206   </complexType>
 207   <complexType name="RuleType">
 208     <simpleContent>
 209       <extension base="conf:listOfStrings">
 210         <attribute name="require" type="conf:string" use="required"/>
 211         <attribute name="list" type="boolean"/>
 212       </extension>
 213     </simpleContent>
 214   </complexType>
 215   <complexType name="RuleRegexType">
 216     <simpleContent>
 217       <extension base="conf:string">
 218         <attribute name="require" type="conf:string" use="required"/>
 219         <attribute name="ignoreCase" type="boolean"/>
 220       </extension>
 221     </simpleContent>
 222   </complexType>
 223
 224   <attributeGroup name="ContentSettings">
 225     <attribute name="applicationId" type="conf:string"/>
 226     <attribute name="authType" type="conf:string"/>
 227     <attribute name="requireSession" type="boolean"/>
 228     <attribute name="requireSessionWith" type="conf:string"/>
 229     <attribute name="exportAssertion" type="boolean"/>
 230     <attribute name="redirectToSSL" type="unsignedInt"/>
 231     <attribute name="entityID" type="anyURI"/>
 232     <attribute name="discoveryURL" type="anyURI"/>
 233     <attribute name="isPassive" type="boolean"/>
 234     <attribute name="returnOnError" type="boolean"/>
 235     <attribute name="forceAuthn" type="boolean"/>
 236     <attribute name="authnContextClassRef" type="anyURI"/>
 237     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
 238     <attribute name="NameIDFormat" type="anyURI"/>
 239     <attribute name="SPNameQualifier" type="conf:string"/>
 240     <attribute name="redirectErrors" type="anyURI"/>
 241     <attribute name="sessionError" type="anyURI"/>
 242     <attribute name="metadataError" type="anyURI"/>
 243     <attribute name="accessError" type="anyURI"/>
 244     <attribute name="sslError" type="anyURI"/>
 245     <attribute name="target" type="anyURI"/>
 246     <attribute name="acsIndex" type="unsignedShort"/>
 247     <attribute name="REMOTE_ADDR" type="conf:string"/>
 248     <attribute name="encoding" type="conf:string"/>
 249     <anyAttribute namespace="##other" processContents="lax"/>
 250   </attributeGroup>
 251
 252   <element name="RequestMap">
 253     <annotation>
 254       <documentation>
 255         Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
 256       </documentation>
 257     </annotation>
 258     <complexType>
 259       <sequence>
 260         <choice minOccurs="0">
 261           <element name="htaccess" type="conf:PluggableType"/>
 262           <element ref="conf:AccessControl"/>
 263           <element name="AccessControlProvider" type="conf:PluggableType"/>
 264         </choice>
 265         <choice minOccurs="0" maxOccurs="unbounded">
 266           <element name="Host" type="conf:HostType"/>
 267           <element name="HostRegex" type="conf:HostRegexType"/>
 268         </choice>
 269         <element ref="ds:Signature" minOccurs="0"/>
 270       </sequence>
 271       <attribute name="unicodeAware" type="boolean"/>
 272       <attributeGroup ref="conf:ContentSettings"/>
 273     </complexType>
 274   </element>
 275
 276   <complexType name="HostType">
 277     <sequence>
 278       <choice minOccurs="0">
 279         <element name="htaccess" type="conf:PluggableType"/>
 280         <element ref="conf:AccessControl"/>
 281         <element name="AccessControlProvider" type="conf:PluggableType"/>
 282       </choice>
 283       <choice minOccurs="0" maxOccurs="unbounded">
 284         <element name="Path" type="conf:PathType"/>
 285         <element name="PathRegex" type="conf:PathRegexType"/>
 286         <element name="Query" type="conf:QueryType"/>
 287       </choice>
 288     </sequence>
 289     <attribute name="scheme">
 290       <simpleType>
 291         <restriction base="conf:string">
 292           <enumeration value="http"/>
 293           <enumeration value="https"/>
 294           <enumeration value="ftp"/>
 295           <enumeration value="ldap"/>
 296           <enumeration value="ldaps"/>
 297         </restriction>
 298       </simpleType>
 299     </attribute>
 300     <attribute name="name" type="conf:string" use="required"/>
 301     <attribute name="port" type="unsignedInt"/>
 302     <attributeGroup ref="conf:ContentSettings"/>
 303   </complexType>
 304
 305   <complexType name="HostRegexType">
 306     <sequence>
 307       <choice minOccurs="0">
 308         <element name="htaccess" type="conf:PluggableType"/>
 309         <element ref="conf:AccessControl"/>
 310         <element name="AccessControlProvider" type="conf:PluggableType"/>
 311       </choice>
 312       <choice minOccurs="0" maxOccurs="unbounded">
 313         <element name="Path" type="conf:PathType"/>
 314         <element name="PathRegex" type="conf:PathRegexType"/>
 315         <element name="Query" type="conf:QueryType"/>
 316       </choice>
 317     </sequence>
 318     <attribute name="regex" type="conf:string" use="required"/>
 319     <attribute name="ignoreCase" type="boolean"/>
 320     <attributeGroup ref="conf:ContentSettings"/>
 321   </complexType>
 322
 323   <complexType name="PathType">
 324     <sequence>
 325       <choice minOccurs="0">
 326         <element name="htaccess" type="conf:PluggableType"/>
 327         <element ref="conf:AccessControl"/>
 328         <element name="AccessControlProvider" type="conf:PluggableType"/>
 329       </choice>
 330       <choice minOccurs="0" maxOccurs="unbounded">
 331         <element name="Path" type="conf:PathType"/>
 332         <element name="PathRegex" type="conf:PathRegexType"/>
 333         <element name="Query" type="conf:QueryType"/>
 334       </choice>
 335     </sequence>
 336     <attribute name="name" type="conf:string" use="required"/>
 337     <attributeGroup ref="conf:ContentSettings"/>
 338   </complexType>
 339
 340   <complexType name="PathRegexType">
 341     <sequence>
 342       <choice minOccurs="0">
 343         <element name="htaccess" type="conf:PluggableType"/>
 344         <element ref="conf:AccessControl"/>
 345         <element name="AccessControlProvider" type="conf:PluggableType"/>
 346       </choice>
 347       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
 348     </sequence>
 349     <attribute name="regex" type="conf:string" use="required"/>
 350     <attribute name="ignoreCase" type="boolean"/>
 351     <attributeGroup ref="conf:ContentSettings"/>
 352   </complexType>
 353
 354   <complexType name="QueryType">
 355     <sequence>
 356       <choice minOccurs="0">
 357         <element name="htaccess" type="conf:PluggableType"/>
 358         <element ref="conf:AccessControl"/>
 359         <element name="AccessControlProvider" type="conf:PluggableType"/>
 360       </choice>
 361       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
 362     </sequence>
 363     <attribute name="name" type="conf:string" use="required"/>
 364     <attribute name="regex" type="conf:string"/>
 365     <attributeGroup ref="conf:ContentSettings"/>
 366   </complexType>
 367
 368   <complexType name="ApplicationDefaultsType">
 369     <annotation>
 370       <documentation>Container for default settings and application-specific overrides</documentation>
 371     </annotation>
 372     <sequence>
 373       <element name="Sessions" type="conf:SessionsType"/>
 374       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
 375       <choice minOccurs="0" maxOccurs="unbounded">
 376         <element name="RelyingParty" type="conf:RelyingPartyType"/>
 377         <element name="Notify" type="conf:NotifyType"/>
 378         <element ref="saml:Audience"/>
 379         <element name="MetadataProvider" type="conf:PluggableType"/>
 380         <element name="TrustEngine" type="conf:PluggableType"/>
 381         <element name="AttributeExtractor" type="conf:PluggableType"/>
 382         <element name="AttributeResolver" type="conf:PluggableType"/>
 383         <element name="AttributeFilter" type="conf:PluggableType"/>
 384         <element name="CredentialResolver" type="conf:PluggableType"/>
 385         <element name="ApplicationOverride" type="conf:ApplicationOverrideType"/>
 386       </choice>
 387     </sequence>
 388     <attribute name="id" type="conf:string" fixed="default"/>
 389     <attribute name="entityID" type="anyURI" use="required"/>
 390     <attribute name="policyId" type="conf:string"/>
 391     <attributeGroup ref="conf:ApplicationGroup"/>
 392     <attributeGroup ref="conf:RelyingPartyGroup"/>
 393     <anyAttribute namespace="##other" processContents="lax"/>
 394   </complexType>
 395
 396   <complexType name="ApplicationOverrideType">
 397     <annotation>
 398       <documentation>Container for application-specific overrides</documentation>
 399     </annotation>
 400     <sequence>
 401       <element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
 402       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
 403       <choice minOccurs="0" maxOccurs="unbounded">
 404         <element name="RelyingParty" type="conf:RelyingPartyType"/>
 405         <element name="Notify" type="conf:NotifyType"/>
 406         <element ref="saml:Audience"/>
 407         <element name="MetadataProvider" type="conf:PluggableType"/>
 408         <element name="TrustEngine" type="conf:PluggableType"/>
 409         <element name="AttributeExtractor" type="conf:PluggableType"/>
 410         <element name="AttributeResolver" type="conf:PluggableType"/>
 411         <element name="AttributeFilter" type="conf:PluggableType"/>
 412         <element name="CredentialResolver" type="conf:PluggableType"/>
 413       </choice>
 414     </sequence>
 415     <attribute name="id" type="conf:string" use="required"/>
 416     <attribute name="entityID" type="anyURI"/>
 417     <attribute name="policyId" type="conf:string"/>
 418     <attributeGroup ref="conf:ApplicationGroup"/>
 419     <attributeGroup ref="conf:RelyingPartyGroup"/>
 420     <anyAttribute namespace="##other" processContents="lax"/>
 421   </complexType>
 422
 423   <attributeGroup name="ApplicationGroup">
 424     <attribute name="homeURL" type="anyURI"/>
 425     <attribute name="REMOTE_USER" type="conf:listOfStrings"/>
 426     <attribute name="unsetHeaders" type="conf:listOfStrings"/>
 427     <attribute name="metadataAttributePrefix" type="conf:string"/>
 428     <attribute name="attributePrefix" type="conf:string"/>
 429   </attributeGroup>
 430
 431   <attributeGroup name="RelyingPartyGroup">
 432     <attribute name="authType" type="conf:string"/>
 433     <attribute name="authUsername" type="conf:string"/>
 434     <attribute name="authPassword" type="conf:string"/>
 435     <attribute name="signing" type="conf:bindingBoolean"/>
 436     <attribute name="signingAlg" type="anyURI"/>
 437     <attribute name="digestAlg" type="anyURI"/>
 438     <attribute name="encryption" type="conf:bindingBoolean"/>
 439     <attribute name="encryptionAlg" type="anyURI"/>
 440     <attribute name="keyName" type="conf:string"/>
 441     <attribute name="artifactEndpointIndex" type="unsignedShort"/>
 442     <attribute name="chunkedEncoding" type="boolean"/>
 443     <attribute name="connectTimeout" type="unsignedShort"/>
 444     <attribute name="timeout" type="unsignedShort"/>
 445     <attribute name="requireConfidentiality" type="boolean"/>
 446     <attribute name="requireTransportAuth" type="boolean"/>
 447     <attribute name="requireSignedAssertions" type="boolean"/>
 448   </attributeGroup>
 449
 450   <complexType name="SessionsType">
 451     <annotation>
 452       <documentation>Container for specifying protocol handlers and session policy</documentation>
 453     </annotation>
 454     <sequence>
 455       <element name="SSO" minOccurs="0">
 456         <complexType>
 457           <annotation>
 458             <documentation>Implicitly configures SessionInitiator and AssertionConsumerService handlers</documentation>
 459           </annotation>
 460           <simpleContent>
 461             <extension base="conf:listOfStrings">
 462               <attribute name="discoveryProtocol" type="conf:string"/>
 463               <attribute name="discoveryURL" type="anyURI"/>
 464               <attributeGroup ref="conf:SessionInitiatorGroup"/>
 465             </extension>
 466           </simpleContent>
 467         </complexType>
 468       </element>
 469       <element name="Logout" minOccurs="0">
 470         <complexType>
 471           <annotation>
 472             <documentation>Implicitly configures LogoutInitiator and SingleLogoutService handlers</documentation>
 473           </annotation>
 474           <simpleContent>
 475             <extension base="conf:listOfStrings">
 476               <attributeGroup ref="conf:LogoutInitiatorGroup"/>
 477             </extension>
 478           </simpleContent>
 479         </complexType>
 480       </element>
 481       <element name="NameIDMgmt" type="conf:listOfStrings" minOccurs="0">
 482         <annotation>
 483           <documentation>Implicitly configures ManageNameIDService handlers</documentation>
 484         </annotation>
 485       </element>
 486       <choice minOccurs="0" maxOccurs="unbounded">
 487         <element ref="conf:SessionInitiator"/>
 488         <element ref="conf:LogoutInitiator"/>
 489         <element ref="md:AssertionConsumerService"/>
 490         <element ref="md:ArtifactResolutionService"/>
 491         <element ref="md:SingleLogoutService"/>
 492         <element ref="md:ManageNameIDService"/>
 493         <element ref="conf:Handler"/>
 494       </choice>
 495     </sequence>
 496     <attribute name="handlerURL" type="anyURI"/>
 497     <attribute name="handlerSSL" type="boolean"/>
 498     <attribute name="exportLocation" type="conf:string"/>
 499     <attribute name="exportACL" type="conf:listOfStrings"/>
 500     <attribute name="cookieName" type="conf:string"/>
 501     <attribute name="cookieProps" type="conf:string"/>
 502     <attribute name="cookieLifetime" type="unsignedInt"/>
 503     <attribute name="idpHistory" type="boolean"/>
 504     <attribute name="idpHistoryDays" type="unsignedInt"/>
 505     <attribute name="lifetime" type="unsignedInt"/>
 506     <attribute name="timeout" type="unsignedInt"/>
 507     <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>
 508     <attribute name="checkAddress" type="boolean"/>
 509     <attribute name="consistentAddress" type="boolean"/>
 510     <attribute name="postData" type="conf:string"/>
 511     <attribute name="postLimit" type="positiveInteger"/>
 512     <attribute name="postTemplate" type="conf:string"/>
 513     <attribute name="postExpire" type="boolean"/>
 514     <attribute name="relayState" type="conf:string"/>
 515     <anyAttribute namespace="##other" processContents="lax"/>
 516   </complexType>
 517
 518   <attribute name="policyId" type="conf:string">
 519     <annotation>
 520       <documentation>Used to override Policy from profile endpoints</documentation>
 521     </annotation>
 522   </attribute>
 523
 524   <attributeGroup name="SessionInitiatorGroup">
 525     <annotation>
 526       <documentation>Options common to explicit and implicit SessionInitiators</documentation>
 527     </annotation>
 528     <attribute name="relayState" type="conf:string"/>
 529     <attribute name="entityIDParam" type="conf:string"/>
 530     <attribute name="entityID" type="anyURI"/>
 531     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
 532     <attribute name="preservedOptions" type="conf:listOfStrings"/>
 533     <attribute name="template" type="anyURI"/>
 534     <attribute name="postArtifact" type="boolean"/>
 535     <attribute name="acsByIndex" type="boolean"/>
 536     <attribute name="isPassive" type="boolean"/>
 537     <attribute name="returnOnError" type="boolean"/>
 538     <attribute name="forceAuthn" type="boolean"/>
 539     <attribute name="authnContextClassRef" type="anyURI"/>
 540     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
 541     <attribute name="NameIDFormat" type="anyURI"/>
 542     <attribute name="SPNameQualifier" type="conf:string"/>
 543     <attribute name="requestDelegation" type="boolean"/>
 544     <attribute name="target" type="anyURI"/>
 545     <anyAttribute namespace="##any" processContents="lax"/>
 546   </attributeGroup>
 547
 548   <element name="SessionInitiator">
 549     <annotation>
 550       <documentation>Used to specify handlers that can issue AuthnRequests or perform discovery</documentation>
 551     </annotation>
 552     <complexType>
 553       <complexContent>
 554         <restriction base="conf:PluggableType">
 555           <sequence>
 556             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 557           </sequence>
 558           <attribute name="Location" type="anyURI"/>
 559           <attribute name="id" type="conf:string"/>
 560           <attribute name="isDefault" type="boolean"/>
 561           <attribute name="URL" type="anyURI"/>
 562           <attribute name="acsIndex" type="unsignedShort"/>
 563           <attribute name="defaultACSIndex" type="unsignedShort"/>  <!-- deprecated -->
 564           <attributeGroup ref="conf:SessionInitiatorGroup"/>
 565         </restriction>
 566       </complexContent>
 567     </complexType>
 568   </element>
 569
 570   <attributeGroup name="LogoutInitiatorGroup">
 571     <annotation>
 572       <documentation>Options common to explicit and implicit LogoutInitiators</documentation>
 573     </annotation>
 574     <attribute name="relayState" type="conf:string"/>
 575     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
 576     <attribute name="template" type="anyURI"/>
 577     <attribute name="postArtifact" type="boolean"/>
 578     <anyAttribute namespace="##any" processContents="lax"/>
 579   </attributeGroup>
 580
 581   <element name="LogoutInitiator">
 582     <annotation>
 583       <documentation>Used to specify handlers that can issue LogoutRequests</documentation>
 584     </annotation>
 585     <complexType>
 586       <complexContent>
 587         <restriction base="conf:PluggableType">
 588           <sequence>
 589             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 590           </sequence>
 591           <attribute name="Location" type="anyURI"/>
 592           <attributeGroup ref="conf:LogoutInitiatorGroup"/>
 593         </restriction>
 594       </complexContent>
 595     </complexType>
 596   </element>
 597
 598   <element name="Handler">
 599     <annotation>
 600       <documentation>Used to specify custom handlers</documentation>
 601     </annotation>
 602     <complexType>
 603       <complexContent>
 604         <restriction base="conf:PluggableType">
 605           <sequence>
 606             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 607           </sequence>
 608           <attribute name="Location" type="anyURI" use="required"/>
 609           <attribute name="acl" type="conf:listOfStrings"/>
 610           <anyAttribute namespace="##any" processContents="lax"/>
 611         </restriction>
 612       </complexContent>
 613     </complexType>
 614   </element>
 615
 616   <complexType name="ErrorsType">
 617     <annotation>
 618       <documentation>Container for error templates and associated details</documentation>
 619     </annotation>
 620     <sequence>
 621       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 622     </sequence>
 623     <attribute name="redirectErrors" type="anyURI"/>
 624     <attribute name="session" type="anyURI"/>
 625     <attribute name="metadata" type="anyURI"/>
 626     <attribute name="access" type="anyURI"/>
 627     <attribute name="ssl" type="anyURI"/>
 628     <attribute name="localLogout" type="anyURI"/>
 629     <attribute name="globalLogout" type="anyURI"/>
 630     <attribute name="partialLogout" type="anyURI"/>
 631     <attribute name="supportContact" type="conf:string"/>
 632     <attribute name="logoLocation" type="anyURI"/>
 633     <attribute name="styleSheet" type="anyURI"/>
 634     <anyAttribute namespace="##any" processContents="lax"/>
 635   </complexType>
 636
 637   <complexType name="RelyingPartyType">
 638     <annotation>
 639       <documentation>Container for specifying settings to use with particular peers</documentation>
 640     </annotation>
 641     <sequence/>
 642     <attribute name="Name" type="conf:string" use="required"/>
 643     <attributeGroup ref="conf:RelyingPartyGroup"/>
 644     <attribute name="entityID" type="anyURI"/>
 645     <anyAttribute namespace="##other" processContents="lax"/>
 646   </complexType>
 647
 648   <complexType name="NotifyType">
 649     <annotation>
 650       <documentation>Used to specify locations to receive application notifications</documentation>
 651     </annotation>
 652     <sequence/>
 653     <attribute name="Channel" use="required">
 654       <simpleType>
 655         <restriction base="string">
 656           <enumeration value="front"/>
 657           <enumeration value="back"/>
 658         </restriction>
 659       </simpleType>
 660     </attribute>
 661     <attribute name="Location" type="anyURI" use="required"/>
 662     <anyAttribute namespace="##any" processContents="lax"/>
 663   </complexType>
 664
 665   <element name="SecurityPolicies">
 666     <complexType>
 667       <annotation>
 668         <documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>
 669       </annotation>
 670       <sequence>
 671         <element name="Policy" minOccurs="1" maxOccurs="unbounded">
 672           <annotation>
 673             <documentation>Specifies a set of SecurityPolicyRule plugins</documentation>
 674           </annotation>
 675           <complexType>
 676             <choice>
 677               <element name="Rule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
 678               <element name="PolicyRule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
 679             </choice>
 680             <attribute name="id" type="conf:string" use="required"/>
 681             <attribute name="validate" type="boolean"/>
 682             <anyAttribute namespace="##any" processContents="lax"/>
 683           </complexType>
 684         </element>
 685         <choice minOccurs="0">
 686           <element name="AlgorithmWhitelist" type="conf:listOfURIs"/>
 687           <element name="AlgorithmBlacklist" type="conf:listOfURIs"/>
 688         </choice>
 689       </sequence>
 690     </complexType>
 691   </element>
 692
 693   <element name="TransportOption">
 694     <annotation>
 695       <documentation>Implementation-specific option to pass to SOAPTransport provider.</documentation>
 696     </annotation>
 697     <complexType>
 698       <simpleContent>
 699         <extension base="anySimpleType">
 700           <attribute name="provider" type="conf:string" use="required"/>
 701           <attribute name="option" type="conf:string" use="required"/>
 702         </extension>
 703       </simpleContent>
 704     </complexType>
 705   </element>
 706
 707   <element name="SPConfig">
 708     <complexType>
 709       <annotation>
 710         <documentation>Root of configuration</documentation>
 711       </annotation>
 712       <sequence>
 713         <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
 714         <element name="OutOfProcess" type="conf:OutOfProcessType" minOccurs="0"/>
 715         <element name="InProcess" type="conf:InProcessType" minOccurs="0"/>
 716         <choice minOccurs="0">
 717           <element name="UnixListener">
 718             <complexType>
 719               <attribute name="address" type="conf:string" use="required"/>
 720               <attribute name="stackSize" type="unsignedInt"/>
 721             </complexType>
 722           </element>
 723           <element name="TCPListener">
 724             <complexType>
 725               <attribute name="address" type="conf:string" use="required"/>
 726               <attribute name="port" type="unsignedInt" use="required"/>
 727               <attribute name="acl" type="conf:listOfStrings"/>
 728               <attribute name="stackSize" type="unsignedInt"/>
 729             </complexType>
 730           </element>
 731           <element name="Listener" type="conf:PluggableType"/>
 732         </choice>
 733         <element name="StorageService" type="conf:StorageServiceType" minOccurs="0" maxOccurs="unbounded"/>
 734         <element name="SessionCache" type="conf:SessionCacheType" minOccurs="0"/>
 735         <element name="ReplayCache" type="conf:ReplayCacheType" minOccurs="0"/>
 736         <element name="ArtifactMap" type="conf:ArtifactMapType" minOccurs="0"/>
 737         <element name="RequestMapper" type="conf:PluggableType" minOccurs="0"/>
 738         <element name="ApplicationDefaults" type="conf:ApplicationDefaultsType"/>
 739         <choice>
 740           <element name="SecurityPolicyProvider" type="conf:PluggableType"/>
 741           <element ref="conf:SecurityPolicies"/> <!-- deprecated -->
 742         </choice>
 743         <element name="ProtocolProvider" type="conf:PluggableType" minOccurs="0"/>
 744         <element ref="conf:TransportOption" minOccurs="0" maxOccurs="unbounded"/>
 745         <element ref="ds:Signature" minOccurs="0"/>
 746       </sequence>
 747       <attribute name="logger" type="anyURI"/>
 748       <attribute name="clockSkew" type="unsignedInt"/>
 749       <attribute name="unsafeChars" type="conf:string"/>
 750       <attribute name="allowedSchemes" type="conf:listOfStrings"/>
 751       <anyAttribute namespace="##other" processContents="lax"/>
 752     </complexType>
 753   </element>
 754
 755 </schema>