schemas/shibboleth-2.0-native-sp-config.xsd

   1 <?xml version="1.0" encoding="US-ASCII"?>
   2 <schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
   3         xmlns="http://www.w3.org/2001/XMLSchema"
   4         xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
   5   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
   6         xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
   7         xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
   8         xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
   9         elementFormDefault="qualified"
  10         attributeFormDefault="unqualified"
  11         blockDefault="substitution"
  12         version="2.4.2">
  13
  14   <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
  15   <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
  16   <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/>
  17   <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
  18
  19   <annotation>
  20     <documentation>
  21       2.0 schema for XML-based configuration of Shibboleth Native SP instances.
  22       First appearing in Shibboleth 2.0 release.
  23     </documentation>
  24   </annotation>
  25
  26   <simpleType name="string">
  27     <restriction base="string">
  28       <minLength value="1"/>
  29     </restriction>
  30   </simpleType>
  31
  32   <simpleType name="listOfStrings">
  33     <list itemType="conf:string"/>
  34   </simpleType>
  35
  36   <simpleType name="listOfURIs">
  37     <list itemType="anyURI"/>
  38   </simpleType>
  39
  40   <simpleType name="bindingBoolean">
  41     <restriction base="string">
  42       <enumeration value="true"/>
  43       <enumeration value="false"/>
  44       <enumeration value="front"/>
  45       <enumeration value="back"/>
  46     </restriction>
  47   </simpleType>
  48
  49   <simpleType name="relayStateLimitType">
  50     <restriction base="string">
  51       <enumeration value="none"/>
  52       <enumeration value="exact"/>
  53       <enumeration value="host"/>
  54       <enumeration value="whitelist"/>
  55     </restriction>
  56   </simpleType>
  57
  58   <complexType name="PluggableType">
  59     <sequence>
  60       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  61     </sequence>
  62     <attribute name="type" type="conf:string" use="required"/>
  63     <anyAttribute namespace="##any" processContents="lax"/>
  64   </complexType>
  65
  66   <complexType name="ExtensionsType">
  67     <annotation>
  68       <documentation>Container for extension libraries and custom configuration</documentation>
  69     </annotation>
  70     <sequence>
  71       <element name="Library" minOccurs="0" maxOccurs="unbounded">
  72         <complexType>
  73           <sequence>
  74             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  75           </sequence>
  76           <attribute name="path" type="anyURI" use="required"/>
  77           <attribute name="fatal" type="boolean"/>
  78           <anyAttribute namespace="##any" processContents="lax"/>
  79         </complexType>
  80       </element>
  81       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  82     </sequence>
  83   </complexType>
  84
  85   <complexType name="StorageServiceType">
  86     <annotation>
  87       <documentation>References StorageService plugins</documentation>
  88     </annotation>
  89     <complexContent>
  90       <restriction base="conf:PluggableType">
  91         <sequence>
  92           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  93         </sequence>
  94         <attribute name="id" type="ID" use="required"/>
  95         <attribute name="cleanupInterval" type="unsignedInt"/>
  96         <anyAttribute namespace="##any" processContents="lax"/>
  97       </restriction>
  98     </complexContent>
  99   </complexType>
 100
 101   <complexType name="SessionCacheType">
 102     <annotation>
 103       <documentation>References SessionCache plugins</documentation>
 104     </annotation>
 105     <complexContent>
 106       <restriction base="conf:PluggableType">
 107         <sequence>
 108           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 109         </sequence>
 110         <attribute name="StorageService" type="IDREF"/>
 111         <attribute name="cacheAllowance" type="unsignedInt"/>
 112         <attribute name="cacheTimeout" type="unsignedInt"/> <!-- deprecated -->
 113         <anyAttribute namespace="##any" processContents="lax"/>
 114       </restriction>
 115     </complexContent>
 116   </complexType>
 117
 118   <complexType name="ReplayCacheType">
 119     <annotation>
 120       <documentation>Ties ReplayCache to a custom StorageService</documentation>
 121     </annotation>
 122     <sequence/>
 123     <attribute name="StorageService" type="IDREF"/>
 124   </complexType>
 125
 126   <complexType name="ArtifactMapType">
 127     <annotation>
 128       <documentation>Customizes an ArtifactMap</documentation>
 129     </annotation>
 130     <sequence/>
 131     <attribute name="StorageService" type="IDREF"/>
 132     <attribute name="context" type="conf:string"/>
 133     <attribute name="artifactTTL" type="unsignedInt"/>
 134   </complexType>
 135
 136   <complexType name="OutOfProcessType">
 137     <annotation>
 138       <documentation>Container for out-of-process (shibd) configuration</documentation>
 139     </annotation>
 140     <sequence>
 141       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
 142       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 143     </sequence>
 144     <attribute name="logger" type="anyURI"/>
 145     <attribute name="catchAll" type="boolean"/>
 146     <anyAttribute namespace="##other" processContents="lax"/>
 147   </complexType>
 148
 149   <complexType name="InProcessType">
 150     <annotation>
 151       <documentation>
 152         Container for configuration of locally integrated or platform-specific
 153         features (e.g. web server filters)
 154       </documentation>
 155     </annotation>
 156     <sequence>
 157       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
 158       <element name="ISAPI" minOccurs="0">
 159         <complexType>
 160           <sequence>
 161             <element name="Site" maxOccurs="unbounded">
 162               <complexType>
 163                 <sequence>
 164                   <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
 165                 </sequence>
 166                 <attribute name="id" type="unsignedInt" use="required"/>
 167                 <attribute name="name" type="conf:string" use="required"/>
 168                 <attribute name="port" type="unsignedInt"/>
 169                 <attribute name="sslport" type="unsignedInt"/>
 170                 <attribute name="scheme" type="conf:string"/>
 171               </complexType>
 172             </element>
 173             <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 174           </sequence>
 175           <attribute name="normalizeRequest" type="boolean"/>
 176           <attribute name="safeHeaderNames" type="boolean"/>
 177           <anyAttribute namespace="##other" processContents="lax"/>
 178         </complexType>
 179       </element>
 180       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 181     </sequence>
 182     <attribute name="logger" type="anyURI"/>
 183     <attribute name="unsetHeaderValue" type="conf:string"/>
 184     <attribute name="checkSpoofing" type="boolean"/>
 185     <attribute name="spoofKey" type="conf:string"/>
 186     <attribute name="catchAll" type="boolean"/>
 187     <attribute name="extraAuthTypes" type="conf:listOfStrings"/>
 188     <anyAttribute namespace="##other" processContents="lax"/>
 189   </complexType>
 190
 191   <element name="AccessControl" type="conf:UniOperatorType">
 192     <annotation>
 193       <documentation>
 194         A simple example access policy language extension that supersedes Apache .htaccess
 195       </documentation>
 196     </annotation>
 197   </element>
 198   <complexType name="UniOperatorType">
 199     <choice>
 200       <element name="AND" type="conf:MultiOperatorType"/>
 201       <element name="OR" type="conf:MultiOperatorType"/>
 202       <element name="NOT" type="conf:UniOperatorType"/>
 203       <element name="Rule" type="conf:RuleType"/>
 204       <element name="RuleRegex" type="conf:RuleRegexType"/>
 205     </choice>
 206   </complexType>
 207   <complexType name="MultiOperatorType">
 208     <choice minOccurs="2" maxOccurs="unbounded">
 209       <element name="AND" type="conf:MultiOperatorType"/>
 210       <element name="OR" type="conf:MultiOperatorType"/>
 211       <element name="NOT" type="conf:UniOperatorType"/>
 212       <element name="Rule" type="conf:RuleType"/>
 213       <element name="RuleRegex" type="conf:RuleRegexType"/>
 214     </choice>
 215   </complexType>
 216   <complexType name="RuleType">
 217     <simpleContent>
 218       <extension base="conf:listOfStrings">
 219         <attribute name="require" type="conf:string" use="required"/>
 220         <attribute name="list" type="boolean"/>
 221       </extension>
 222     </simpleContent>
 223   </complexType>
 224   <complexType name="RuleRegexType">
 225     <simpleContent>
 226       <extension base="conf:string">
 227         <attribute name="require" type="conf:string" use="required"/>
 228         <attribute name="ignoreCase" type="boolean"/>
 229       </extension>
 230     </simpleContent>
 231   </complexType>
 232
 233   <attributeGroup name="ContentSettings">
 234     <attribute name="applicationId" type="conf:string"/>
 235     <attribute name="authType" type="conf:string"/>
 236     <attribute name="requireSession" type="boolean"/>
 237     <attribute name="requireSessionWith" type="conf:string"/>
 238     <attribute name="exportAssertion" type="boolean"/>
 239     <attribute name="redirectToSSL" type="unsignedInt"/>
 240     <attribute name="entityID" type="anyURI"/>
 241     <attribute name="discoveryURL" type="anyURI"/>
 242     <attribute name="isPassive" type="boolean"/>
 243     <attribute name="returnOnError" type="boolean"/>
 244     <attribute name="forceAuthn" type="boolean"/>
 245     <attribute name="authnContextClassRef" type="anyURI"/>
 246     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
 247     <attribute name="NameIDFormat" type="anyURI"/>
 248     <attribute name="SPNameQualifier" type="conf:string"/>
 249     <attribute name="redirectErrors" type="anyURI"/>
 250     <attribute name="sessionError" type="anyURI"/>
 251     <attribute name="metadataError" type="anyURI"/>
 252     <attribute name="accessError" type="anyURI"/>
 253     <attribute name="sslError" type="anyURI"/>
 254     <attribute name="target" type="anyURI"/>
 255     <attribute name="acsIndex" type="unsignedShort"/>
 256     <attribute name="REMOTE_ADDR" type="conf:string"/>
 257     <attribute name="encoding" type="conf:string"/>
 258     <anyAttribute namespace="##other" processContents="lax"/>
 259   </attributeGroup>
 260
 261   <element name="RequestMap">
 262     <annotation>
 263       <documentation>
 264         Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
 265       </documentation>
 266     </annotation>
 267     <complexType>
 268       <sequence>
 269         <choice minOccurs="0">
 270           <element name="htaccess" type="conf:PluggableType"/>
 271           <element ref="conf:AccessControl"/>
 272           <element name="AccessControlProvider" type="conf:PluggableType"/>
 273         </choice>
 274         <choice minOccurs="0" maxOccurs="unbounded">
 275           <element name="Host" type="conf:HostType"/>
 276           <element name="HostRegex" type="conf:HostRegexType"/>
 277         </choice>
 278         <element ref="ds:Signature" minOccurs="0"/>
 279       </sequence>
 280       <attribute name="unicodeAware" type="boolean"/>
 281       <attributeGroup ref="conf:ContentSettings"/>
 282     </complexType>
 283   </element>
 284
 285   <complexType name="HostType">
 286     <sequence>
 287       <choice minOccurs="0">
 288         <element name="htaccess" type="conf:PluggableType"/>
 289         <element ref="conf:AccessControl"/>
 290         <element name="AccessControlProvider" type="conf:PluggableType"/>
 291       </choice>
 292       <choice minOccurs="0" maxOccurs="unbounded">
 293         <element name="Path" type="conf:PathType"/>
 294         <element name="PathRegex" type="conf:PathRegexType"/>
 295         <element name="Query" type="conf:QueryType"/>
 296       </choice>
 297     </sequence>
 298     <attribute name="scheme">
 299       <simpleType>
 300         <restriction base="conf:string">
 301           <enumeration value="http"/>
 302           <enumeration value="https"/>
 303           <enumeration value="ftp"/>
 304           <enumeration value="ldap"/>
 305           <enumeration value="ldaps"/>
 306         </restriction>
 307       </simpleType>
 308     </attribute>
 309     <attribute name="name" type="conf:string" use="required"/>
 310     <attribute name="port" type="unsignedInt"/>
 311     <attributeGroup ref="conf:ContentSettings"/>
 312   </complexType>
 313
 314   <complexType name="HostRegexType">
 315     <sequence>
 316       <choice minOccurs="0">
 317         <element name="htaccess" type="conf:PluggableType"/>
 318         <element ref="conf:AccessControl"/>
 319         <element name="AccessControlProvider" type="conf:PluggableType"/>
 320       </choice>
 321       <choice minOccurs="0" maxOccurs="unbounded">
 322         <element name="Path" type="conf:PathType"/>
 323         <element name="PathRegex" type="conf:PathRegexType"/>
 324         <element name="Query" type="conf:QueryType"/>
 325       </choice>
 326     </sequence>
 327     <attribute name="regex" type="conf:string" use="required"/>
 328     <attribute name="ignoreCase" type="boolean"/>
 329     <attributeGroup ref="conf:ContentSettings"/>
 330   </complexType>
 331
 332   <complexType name="PathType">
 333     <sequence>
 334       <choice minOccurs="0">
 335         <element name="htaccess" type="conf:PluggableType"/>
 336         <element ref="conf:AccessControl"/>
 337         <element name="AccessControlProvider" type="conf:PluggableType"/>
 338       </choice>
 339       <choice minOccurs="0" maxOccurs="unbounded">
 340         <element name="Path" type="conf:PathType"/>
 341         <element name="PathRegex" type="conf:PathRegexType"/>
 342         <element name="Query" type="conf:QueryType"/>
 343       </choice>
 344     </sequence>
 345     <attribute name="name" type="conf:string" use="required"/>
 346     <attributeGroup ref="conf:ContentSettings"/>
 347   </complexType>
 348
 349   <complexType name="PathRegexType">
 350     <sequence>
 351       <choice minOccurs="0">
 352         <element name="htaccess" type="conf:PluggableType"/>
 353         <element ref="conf:AccessControl"/>
 354         <element name="AccessControlProvider" type="conf:PluggableType"/>
 355       </choice>
 356       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
 357     </sequence>
 358     <attribute name="regex" type="conf:string" use="required"/>
 359     <attribute name="ignoreCase" type="boolean"/>
 360     <attributeGroup ref="conf:ContentSettings"/>
 361   </complexType>
 362
 363   <complexType name="QueryType">
 364     <sequence>
 365       <choice minOccurs="0">
 366         <element name="htaccess" type="conf:PluggableType"/>
 367         <element ref="conf:AccessControl"/>
 368         <element name="AccessControlProvider" type="conf:PluggableType"/>
 369       </choice>
 370       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
 371     </sequence>
 372     <attribute name="name" type="conf:string" use="required"/>
 373     <attribute name="regex" type="conf:string"/>
 374     <attributeGroup ref="conf:ContentSettings"/>
 375   </complexType>
 376
 377   <complexType name="ApplicationDefaultsType">
 378     <annotation>
 379       <documentation>Container for default settings and application-specific overrides</documentation>
 380     </annotation>
 381     <sequence>
 382       <element name="Sessions" type="conf:SessionsType"/>
 383       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
 384       <choice minOccurs="0" maxOccurs="unbounded">
 385         <element name="RelyingParty" type="conf:RelyingPartyType"/>
 386         <element name="Notify" type="conf:NotifyType"/>
 387         <element ref="saml:Audience"/>
 388         <element name="MetadataProvider" type="conf:PluggableType"/>
 389         <element name="TrustEngine" type="conf:PluggableType"/>
 390         <element name="AttributeExtractor" type="conf:PluggableType"/>
 391         <element name="AttributeResolver" type="conf:PluggableType"/>
 392         <element name="AttributeFilter" type="conf:PluggableType"/>
 393         <element name="CredentialResolver" type="conf:PluggableType"/>
 394         <element name="ApplicationOverride" type="conf:ApplicationOverrideType"/>
 395       </choice>
 396     </sequence>
 397     <attribute name="id" type="conf:string" fixed="default"/>
 398     <attribute name="entityID" type="anyURI" use="required"/>
 399     <attribute name="policyId" type="conf:string"/>
 400     <attributeGroup ref="conf:ApplicationGroup"/>
 401     <attributeGroup ref="conf:RelyingPartyGroup"/>
 402     <anyAttribute namespace="##other" processContents="lax"/>
 403   </complexType>
 404
 405   <complexType name="ApplicationOverrideType">
 406     <annotation>
 407       <documentation>Container for application-specific overrides</documentation>
 408     </annotation>
 409     <sequence>
 410       <element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
 411       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
 412       <choice minOccurs="0" maxOccurs="unbounded">
 413         <element name="RelyingParty" type="conf:RelyingPartyType"/>
 414         <element name="Notify" type="conf:NotifyType"/>
 415         <element ref="saml:Audience"/>
 416         <element name="MetadataProvider" type="conf:PluggableType"/>
 417         <element name="TrustEngine" type="conf:PluggableType"/>
 418         <element name="AttributeExtractor" type="conf:PluggableType"/>
 419         <element name="AttributeResolver" type="conf:PluggableType"/>
 420         <element name="AttributeFilter" type="conf:PluggableType"/>
 421         <element name="CredentialResolver" type="conf:PluggableType"/>
 422       </choice>
 423     </sequence>
 424     <attribute name="id" type="conf:string" use="required"/>
 425     <attribute name="entityID" type="anyURI"/>
 426     <attribute name="policyId" type="conf:string"/>
 427     <attributeGroup ref="conf:ApplicationGroup"/>
 428     <attributeGroup ref="conf:RelyingPartyGroup"/>
 429     <anyAttribute namespace="##other" processContents="lax"/>
 430   </complexType>
 431
 432   <attributeGroup name="ApplicationGroup">
 433     <attribute name="homeURL" type="anyURI"/>
 434     <attribute name="REMOTE_USER" type="conf:listOfStrings"/>
 435     <attribute name="unsetHeaders" type="conf:listOfStrings"/>
 436     <attribute name="metadataAttributePrefix" type="conf:string"/>
 437     <attribute name="attributePrefix" type="conf:string"/>
 438   </attributeGroup>
 439
 440   <attributeGroup name="RelyingPartyGroup">
 441     <attribute name="authType" type="conf:string"/>
 442     <attribute name="authUsername" type="conf:string"/>
 443     <attribute name="authPassword" type="conf:string"/>
 444     <attribute name="signing" type="conf:bindingBoolean"/>
 445     <attribute name="signingAlg" type="anyURI"/>
 446     <attribute name="digestAlg" type="anyURI"/>
 447     <attribute name="encryption" type="conf:bindingBoolean"/>
 448     <attribute name="encryptionAlg" type="anyURI"/>
 449     <attribute name="keyName" type="conf:string"/>
 450     <attribute name="artifactEndpointIndex" type="unsignedShort"/>
 451     <attribute name="chunkedEncoding" type="boolean"/>
 452     <attribute name="connectTimeout" type="unsignedShort"/>
 453     <attribute name="timeout" type="unsignedShort"/>
 454     <attribute name="requireConfidentiality" type="boolean"/>
 455     <attribute name="requireTransportAuth" type="boolean"/>
 456     <attribute name="requireSignedAssertions" type="boolean"/>
 457   </attributeGroup>
 458
 459   <complexType name="SessionsType">
 460     <annotation>
 461       <documentation>Container for specifying protocol handlers and session policy</documentation>
 462     </annotation>
 463     <sequence>
 464       <element name="SSO" minOccurs="0">
 465         <complexType>
 466           <annotation>
 467             <documentation>Implicitly configures SessionInitiator and AssertionConsumerService handlers</documentation>
 468           </annotation>
 469           <simpleContent>
 470             <extension base="conf:listOfStrings">
 471               <attribute name="discoveryProtocol" type="conf:string"/>
 472               <attribute name="discoveryURL" type="anyURI"/>
 473               <attributeGroup ref="conf:SessionInitiatorGroup"/>
 474             </extension>
 475           </simpleContent>
 476         </complexType>
 477       </element>
 478       <element name="Logout" minOccurs="0">
 479         <complexType>
 480           <annotation>
 481             <documentation>Implicitly configures LogoutInitiator and SingleLogoutService handlers</documentation>
 482           </annotation>
 483           <simpleContent>
 484             <extension base="conf:listOfStrings">
 485               <attributeGroup ref="conf:LogoutInitiatorGroup"/>
 486             </extension>
 487           </simpleContent>
 488         </complexType>
 489       </element>
 490       <element name="NameIDMgmt" type="conf:listOfStrings" minOccurs="0">
 491         <annotation>
 492           <documentation>Implicitly configures ManageNameIDService handlers</documentation>
 493         </annotation>
 494       </element>
 495       <choice minOccurs="0" maxOccurs="unbounded">
 496         <element ref="conf:SessionInitiator"/>
 497         <element ref="conf:LogoutInitiator"/>
 498         <element ref="md:AssertionConsumerService"/>
 499         <element ref="md:ArtifactResolutionService"/>
 500         <element ref="md:SingleLogoutService"/>
 501         <element ref="md:ManageNameIDService"/>
 502         <element ref="conf:Handler"/>
 503       </choice>
 504     </sequence>
 505     <attribute name="handlerURL" type="anyURI"/>
 506     <attribute name="handlerSSL" type="boolean"/>
 507     <attribute name="exportLocation" type="conf:string"/>
 508     <attribute name="exportACL" type="conf:listOfStrings"/>
 509     <attribute name="cookieName" type="conf:string"/>
 510     <attribute name="cookieProps" type="conf:string"/>
 511     <attribute name="cookieLifetime" type="unsignedInt"/>
 512     <attribute name="idpHistory" type="boolean"/>
 513     <attribute name="idpHistoryDays" type="unsignedInt"/>
 514     <attribute name="lifetime" type="unsignedInt"/>
 515     <attribute name="timeout" type="unsignedInt"/>
 516     <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>
 517     <attribute name="checkAddress" type="boolean"/>
 518     <attribute name="consistentAddress" type="boolean"/>
 519     <attribute name="postData" type="conf:string"/>
 520     <attribute name="postLimit" type="positiveInteger"/>
 521     <attribute name="postTemplate" type="conf:string"/>
 522     <attribute name="postExpire" type="boolean"/>
 523     <attribute name="relayState" type="conf:string"/>
 524     <attribute name="relayStateLimit" type="conf:relayStateLimitType"/>
 525     <attribute name="relayStateWhitelist" type="conf:listOfURIs"/>
 526     <anyAttribute namespace="##other" processContents="lax"/>
 527   </complexType>
 528
 529   <attribute name="policyId" type="conf:string">
 530     <annotation>
 531       <documentation>Used to override Policy from profile endpoints</documentation>
 532     </annotation>
 533   </attribute>
 534
 535   <attributeGroup name="SessionInitiatorGroup">
 536     <annotation>
 537       <documentation>Options common to explicit and implicit SessionInitiators</documentation>
 538     </annotation>
 539     <attribute name="relayState" type="conf:string"/>
 540     <attribute name="entityIDParam" type="conf:string"/>
 541     <attribute name="entityID" type="anyURI"/>
 542     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
 543     <attribute name="preservedOptions" type="conf:listOfStrings"/>
 544     <attribute name="template" type="anyURI"/>
 545     <attribute name="postArtifact" type="boolean"/>
 546     <attribute name="acsByIndex" type="boolean"/>
 547     <attribute name="isPassive" type="boolean"/>
 548     <attribute name="returnOnError" type="boolean"/>
 549     <attribute name="forceAuthn" type="boolean"/>
 550     <attribute name="authnContextClassRef" type="anyURI"/>
 551     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
 552     <attribute name="NameIDFormat" type="anyURI"/>
 553     <attribute name="SPNameQualifier" type="conf:string"/>
 554     <attribute name="requestDelegation" type="boolean"/>
 555     <attribute name="target" type="anyURI"/>
 556     <anyAttribute namespace="##any" processContents="lax"/>
 557   </attributeGroup>
 558
 559   <element name="SessionInitiator">
 560     <annotation>
 561       <documentation>Used to specify handlers that can issue AuthnRequests or perform discovery</documentation>
 562     </annotation>
 563     <complexType>
 564       <complexContent>
 565         <restriction base="conf:PluggableType">
 566           <sequence>
 567             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 568           </sequence>
 569           <attribute name="Location" type="anyURI"/>
 570           <attribute name="id" type="conf:string"/>
 571           <attribute name="isDefault" type="boolean"/>
 572           <attribute name="URL" type="anyURI"/>
 573           <attribute name="acsIndex" type="unsignedShort"/>
 574           <attribute name="defaultACSIndex" type="unsignedShort"/>  <!-- deprecated -->
 575           <attributeGroup ref="conf:SessionInitiatorGroup"/>
 576         </restriction>
 577       </complexContent>
 578     </complexType>
 579   </element>
 580
 581   <attributeGroup name="LogoutInitiatorGroup">
 582     <annotation>
 583       <documentation>Options common to explicit and implicit LogoutInitiators</documentation>
 584     </annotation>
 585     <attribute name="relayState" type="conf:string"/>
 586     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
 587     <attribute name="template" type="anyURI"/>
 588     <attribute name="postArtifact" type="boolean"/>
 589     <anyAttribute namespace="##any" processContents="lax"/>
 590   </attributeGroup>
 591
 592   <element name="LogoutInitiator">
 593     <annotation>
 594       <documentation>Used to specify handlers that can issue LogoutRequests</documentation>
 595     </annotation>
 596     <complexType>
 597       <complexContent>
 598         <restriction base="conf:PluggableType">
 599           <sequence>
 600             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 601           </sequence>
 602           <attribute name="Location" type="anyURI"/>
 603           <attributeGroup ref="conf:LogoutInitiatorGroup"/>
 604         </restriction>
 605       </complexContent>
 606     </complexType>
 607   </element>
 608
 609   <element name="Handler">
 610     <annotation>
 611       <documentation>Used to specify custom handlers</documentation>
 612     </annotation>
 613     <complexType>
 614       <complexContent>
 615         <restriction base="conf:PluggableType">
 616           <sequence>
 617             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 618           </sequence>
 619           <attribute name="Location" type="anyURI" use="required"/>
 620           <attribute name="acl" type="conf:listOfStrings"/>
 621           <anyAttribute namespace="##any" processContents="lax"/>
 622         </restriction>
 623       </complexContent>
 624     </complexType>
 625   </element>
 626
 627   <complexType name="ErrorsType">
 628     <annotation>
 629       <documentation>Container for error templates and associated details</documentation>
 630     </annotation>
 631     <sequence>
 632       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 633     </sequence>
 634     <attribute name="redirectErrors" type="anyURI"/>
 635     <attribute name="session" type="anyURI"/>
 636     <attribute name="metadata" type="anyURI"/>
 637     <attribute name="access" type="anyURI"/>
 638     <attribute name="ssl" type="anyURI"/>
 639     <attribute name="localLogout" type="anyURI"/>
 640     <attribute name="globalLogout" type="anyURI"/>
 641     <attribute name="partialLogout" type="anyURI"/>
 642     <attribute name="supportContact" type="conf:string"/>
 643     <attribute name="logoLocation" type="anyURI"/>
 644     <attribute name="styleSheet" type="anyURI"/>
 645     <anyAttribute namespace="##any" processContents="lax"/>
 646   </complexType>
 647
 648   <complexType name="RelyingPartyType">
 649     <annotation>
 650       <documentation>Container for specifying settings to use with particular peers</documentation>
 651     </annotation>
 652     <sequence/>
 653     <attribute name="Name" type="conf:string" use="required"/>
 654     <attributeGroup ref="conf:RelyingPartyGroup"/>
 655     <attribute name="entityID" type="anyURI"/>
 656     <anyAttribute namespace="##other" processContents="lax"/>
 657   </complexType>
 658
 659   <complexType name="NotifyType">
 660     <annotation>
 661       <documentation>Used to specify locations to receive application notifications</documentation>
 662     </annotation>
 663     <sequence/>
 664     <attribute name="Channel" use="required">
 665       <simpleType>
 666         <restriction base="string">
 667           <enumeration value="front"/>
 668           <enumeration value="back"/>
 669         </restriction>
 670       </simpleType>
 671     </attribute>
 672     <attribute name="Location" type="anyURI" use="required"/>
 673     <anyAttribute namespace="##any" processContents="lax"/>
 674   </complexType>
 675
 676   <element name="SecurityPolicies">
 677     <complexType>
 678       <annotation>
 679         <documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>
 680       </annotation>
 681       <sequence>
 682         <element name="Policy" minOccurs="1" maxOccurs="unbounded">
 683           <annotation>
 684             <documentation>Specifies a set of SecurityPolicyRule plugins</documentation>
 685           </annotation>
 686           <complexType>
 687             <choice>
 688               <element name="Rule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
 689               <element name="PolicyRule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
 690             </choice>
 691             <attribute name="id" type="conf:string" use="required"/>
 692             <attribute name="validate" type="boolean"/>
 693             <anyAttribute namespace="##any" processContents="lax"/>
 694           </complexType>
 695         </element>
 696         <choice minOccurs="0">
 697           <element name="AlgorithmWhitelist" type="conf:listOfURIs"/>
 698           <element name="AlgorithmBlacklist" type="conf:listOfURIs"/>
 699         </choice>
 700       </sequence>
 701     </complexType>
 702   </element>
 703
 704   <element name="TransportOption">
 705     <annotation>
 706       <documentation>Implementation-specific option to pass to SOAPTransport provider.</documentation>
 707     </annotation>
 708     <complexType>
 709       <simpleContent>
 710         <extension base="anySimpleType">
 711           <attribute name="provider" type="conf:string" use="required"/>
 712           <attribute name="option" type="conf:string" use="required"/>
 713         </extension>
 714       </simpleContent>
 715     </complexType>
 716   </element>
 717
 718   <element name="SPConfig">
 719     <complexType>
 720       <annotation>
 721         <documentation>Root of configuration</documentation>
 722       </annotation>
 723       <sequence>
 724         <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
 725         <element name="OutOfProcess" type="conf:OutOfProcessType" minOccurs="0"/>
 726         <element name="InProcess" type="conf:InProcessType" minOccurs="0"/>
 727         <choice minOccurs="0">
 728           <element name="UnixListener">
 729             <complexType>
 730               <attribute name="address" type="conf:string" use="required"/>
 731               <attribute name="stackSize" type="unsignedInt"/>
 732             </complexType>
 733           </element>
 734           <element name="TCPListener">
 735             <complexType>
 736               <attribute name="address" type="conf:string" use="required"/>
 737               <attribute name="port" type="unsignedInt" use="required"/>
 738               <attribute name="acl" type="conf:listOfStrings"/>
 739               <attribute name="stackSize" type="unsignedInt"/>
 740             </complexType>
 741           </element>
 742           <element name="Listener" type="conf:PluggableType"/>
 743         </choice>
 744         <element name="StorageService" type="conf:StorageServiceType" minOccurs="0" maxOccurs="unbounded"/>
 745         <element name="SessionCache" type="conf:SessionCacheType" minOccurs="0"/>
 746         <element name="ReplayCache" type="conf:ReplayCacheType" minOccurs="0"/>
 747         <element name="ArtifactMap" type="conf:ArtifactMapType" minOccurs="0"/>
 748         <element name="RequestMapper" type="conf:PluggableType" minOccurs="0"/>
 749         <element name="ApplicationDefaults" type="conf:ApplicationDefaultsType"/>
 750         <choice>
 751           <element name="SecurityPolicyProvider" type="conf:PluggableType"/>
 752           <element ref="conf:SecurityPolicies"/> <!-- deprecated -->
 753         </choice>
 754         <element name="ProtocolProvider" type="conf:PluggableType" minOccurs="0"/>
 755         <element ref="conf:TransportOption" minOccurs="0" maxOccurs="unbounded"/>
 756         <element ref="ds:Signature" minOccurs="0"/>
 757       </sequence>
 758       <attribute name="logger" type="anyURI"/>
 759       <attribute name="clockSkew" type="unsignedInt"/>
 760       <attribute name="unsafeChars" type="conf:string"/>
 761       <attribute name="allowedSchemes" type="conf:listOfStrings"/>
 762       <anyAttribute namespace="##other" processContents="lax"/>
 763     </complexType>
 764   </element>
 765
 766 </schema>