1 <?xml version="1.0" encoding="US-ASCII"?>
\r
2 <schema targetNamespace="urn:mace:shibboleth:sp:config:2.0"
\r
3 xmlns="http://www.w3.org/2001/XMLSchema"
\r
4 xmlns:conf="urn:mace:shibboleth:sp:config:2.0"
\r
5 xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
\r
6 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
\r
7 elementFormDefault="qualified"
\r
8 attributeFormDefault="unqualified"
\r
9 blockDefault="substitution"
\r
12 <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="../../cpp-opensaml2/schemas/saml-schema-assertion-2.0.xsd"/>
\r
13 <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="../../cpp-opensaml2/schemas/saml-schema-metadata-2.0.xsd"/>
\r
17 2.0 schema for XML-based configuration of Shibboleth SP instances.
\r
18 First appearing in Shibboleth 2.0 release.
\r
22 <complexType name="PluggableType">
\r
24 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
\r
26 <attribute name="type" type="string" use="required"/>
\r
27 <anyAttribute namespace="##any" processContents="lax"/>
\r
30 <element name="ShibbolethTargetConfig" type="conf:SPConfigType"/> <!-- deprecated -->
\r
31 <element name="ShibbolethSPConfig" type="conf:SPConfigType"/>
\r
32 <element name="SPConfig" type="conf:SPConfigType"/>
\r
33 <complexType name="SPConfigType">
\r
35 <documentation>Root of configuration</documentation>
\r
38 <element ref="conf:Extensions" minOccurs="0"/>
\r
39 <choice minOccurs="0">
\r
40 <element name="OutOfProcess" type="conf:OutOfProcessType"/>
\r
41 <element name="Global" type="conf:OutOfProcessType"/> <!-- deprecated -->
\r
43 <choice minOccurs="0">
\r
44 <element name="InProcess" type="conf:InProcessType"/>
\r
45 <element name="Local" type="conf:InProcessType"/> <!-- deprecated -->
\r
47 <element ref="conf:Applications"/>
\r
48 <choice minOccurs="0">
\r
49 <element name="CredentialsProvider" type="conf:PluggableType"/> <!-- deprecated -->
\r
50 <element ref="conf:Credentials"/>
\r
53 <attribute name="logger" type="anyURI" use="optional"/>
\r
54 <attribute name="clockSkew" type="unsignedInt" use="optional"/>
\r
55 <anyAttribute namespace="##other" processContents="lax"/>
\r
58 <element name="Extensions">
\r
60 <documentation>Container for extension libraries and custom configuration</documentation>
\r
64 <element name="Library" minOccurs="0" maxOccurs="unbounded">
\r
67 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
\r
69 <attribute name="path" type="anyURI" use="required"/>
\r
70 <attribute name="fatal" type="boolean" use="optional"/>
\r
71 <anyAttribute namespace="##any" processContents="lax"/>
\r
74 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
\r
79 <element name="SessionCache">
\r
82 <restriction base="conf:PluggableType">
\r
84 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
\r
86 <attribute name="cleanupInterval" type="unsignedInt" use="optional" default="900"/>
\r
87 <attribute name="cacheTimeout" type="unsignedInt" use="optional" default="28800"/>
\r
93 <element name="ReplayCache" type="conf:PluggableType"/>
\r
95 <complexType name="OutOfProcessType">
\r
97 <documentation>Container for shibd out-of-process configuration</documentation>
\r
100 <element ref="conf:Extensions" minOccurs="0"/>
\r
102 <element name="UnixListener">
\r
104 <attribute name="address" type="string" use="required"/>
\r
107 <element name="TCPListener">
\r
109 <attribute name="address" type="string" use="required"/>
\r
110 <attribute name="port" type="unsignedInt" use="required"/>
\r
111 <attribute name="acl" use="optional" default="127.0.0.1">
\r
113 <list itemType="string"/>
\r
118 <element name="Listener" type="conf:PluggableType"/>
\r
120 <element ref="conf:SessionCache" minOccurs="0"/>
\r
121 <element ref="conf:ReplayCache" minOccurs="0"/>
\r
122 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
\r
124 <attribute name="logger" type="anyURI" use="optional"/>
\r
125 <anyAttribute namespace="##other" processContents="lax"/>
\r
128 <complexType name="InProcessType">
\r
131 Container for configuration of locally integrated or platform-specific
\r
132 features (e.g. web server filters)
\r
136 <element ref="conf:Extensions" minOccurs="0"/>
\r
137 <element ref="conf:SessionCache" minOccurs="0"/>
\r
138 <element ref="conf:ReplayCache" minOccurs="0"/>
\r
139 <element name="RequestMapProvider" type="conf:PluggableType" minOccurs="0"/>
\r
140 <element name="Implementation" minOccurs="0">
\r
143 <element ref="conf:ISAPI" minOccurs="0"/>
\r
144 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
\r
148 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
\r
150 <attribute name="logger" type="anyURI" use="optional"/>
\r
151 <attribute name="localRelayState" type="boolean" use="optional" default="false"/>
\r
152 <anyAttribute namespace="##other" processContents="lax"/>
\r
155 <element name="ISAPI">
\r
158 <element name="Site" maxOccurs="unbounded">
\r
161 <element name="Alias" type="string" minOccurs="0" maxOccurs="unbounded"/>
\r
163 <attribute name="id" type="unsignedInt" use="required"/>
\r
164 <attribute name="name" type="string" use="required"/>
\r
165 <attribute name="port" type="unsignedInt" use="optional"/>
\r
166 <attribute name="sslport" type="unsignedInt" use="optional"/>
\r
167 <attribute name="scheme" type="string" use="optional"/>
\r
170 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
\r
172 <attribute name="normalizeRequest" type="boolean" use="optional"/>
\r
173 <anyAttribute namespace="##other" processContents="lax"/>
\r
177 <element name="AccessControl" type="conf:UniOperatorType">
\r
180 A simple example access policy language extension that supersedes Apache .htaccess
\r
184 <element name="OR" type="conf:MultiOperatorType"/>
\r
185 <element name="AND" type="conf:MultiOperatorType"/>
\r
186 <element name="NOT" type="conf:UniOperatorType"/>
\r
187 <complexType name="UniOperatorType">
\r
189 <element ref="conf:AND"/>
\r
190 <element ref="conf:OR"/>
\r
191 <element ref="conf:NOT"/>
\r
192 <element ref="conf:Rule"/>
\r
195 <complexType name="MultiOperatorType">
\r
196 <choice minOccurs="2" maxOccurs="unbounded">
\r
197 <element ref="conf:AND"/>
\r
198 <element ref="conf:OR"/>
\r
199 <element ref="conf:NOT"/>
\r
200 <element ref="conf:Rule"/>
\r
203 <element name="Rule">
\r
206 <extension base="conf:listOfStrings">
\r
207 <attribute name="require" type="string" use="required"/>
\r
212 <simpleType name="listOfStrings">
\r
213 <list itemType="string"/>
\r
216 <attributeGroup name="ContentSettings">
\r
217 <attribute name="authType" type="string" use="optional"/>
\r
218 <attribute name="requireSession" type="boolean" use="optional"/>
\r
219 <attribute name="requireSessionWith" type="string" use="optional"/>
\r
220 <attribute name="exportAssertion" type="boolean" use="optional"/>
\r
221 <attribute name="redirectToSSL" type="unsignedInt" use="optional"/>
\r
222 <anyAttribute namespace="##other" processContents="lax"/>
\r
224 <element name="AccessControlProvider" type="conf:PluggableType"/>
\r
225 <element name="htaccess" type="conf:PluggableType"/>
\r
227 <element name="RequestMap">
\r
230 Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
\r
235 <choice minOccurs="0">
\r
236 <element ref="conf:htaccess"/>
\r
237 <element ref="conf:AccessControl"/>
\r
238 <element ref="conf:AccessControlProvider"/>
\r
240 <element ref="conf:Host" minOccurs="0" maxOccurs="unbounded"/>
\r
242 <attribute name="applicationId" type="string" fixed="default"/>
\r
243 <attributeGroup ref="conf:ContentSettings"/>
\r
247 <element name="Host">
\r
250 <choice minOccurs="0">
\r
251 <element ref="conf:htaccess"/>
\r
252 <element ref="conf:AccessControl"/>
\r
253 <element ref="conf:AccessControlProvider"/>
\r
255 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
\r
257 <attribute name="scheme" use="optional">
\r
259 <restriction base="string">
\r
260 <enumeration value="http"/>
\r
261 <enumeration value="https"/>
\r
262 <enumeration value="ftp"/>
\r
263 <enumeration value="ldap"/>
\r
264 <enumeration value="ldaps"/>
\r
268 <attribute name="name" type="string" use="required"/>
\r
269 <attribute name="port" type="unsignedInt" use="optional"/>
\r
270 <attribute name="applicationId" type="string" use="optional"/>
\r
271 <attributeGroup ref="conf:ContentSettings"/>
\r
275 <element name="Path">
\r
278 <choice minOccurs="0">
\r
279 <element ref="conf:htaccess"/>
\r
280 <element ref="conf:AccessControl"/>
\r
281 <element ref="conf:AccessControlProvider"/>
\r
283 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
\r
285 <attribute name="name" type="string" use="required"/>
\r
286 <attribute name="applicationId" type="string" use="optional"/>
\r
287 <attributeGroup ref="conf:ContentSettings"/>
\r
291 <element name="Applications">
\r
293 <documentation>Container for global settings and application-specific overrides</documentation>
\r
297 <element ref="conf:Sessions"/>
\r
298 <element ref="conf:Errors"/>
\r
299 <element ref="conf:CredentialUse" minOccurs="0"/>
\r
300 <choice minOccurs="0" maxOccurs="unbounded">
\r
301 <element ref="saml:Attribute"/>
\r
302 <element ref="saml:Audience"/>
\r
303 <element name="MetadataProvider" type="conf:PluggableType"/>
\r
304 <element name="TrustProvider" type="conf:PluggableType"/>
\r
306 <element ref="conf:Application" minOccurs="0" maxOccurs="unbounded"/>
\r
308 <attribute name="id" type="string" fixed="default"/>
\r
309 <attribute name="providerId" type="anyURI" use="required"/>
\r
310 <attribute name="homeURL" type="anyURI" use="optional"/>
\r
311 <anyAttribute namespace="##other" processContents="lax"/>
\r
315 <element name="Application">
\r
317 <documentation>Container for application-specific overrides</documentation>
\r
321 <element ref="conf:Sessions" minOccurs="0"/>
\r
322 <element ref="conf:Errors" minOccurs="0"/>
\r
323 <element ref="conf:CredentialUse" minOccurs="0"/>
\r
324 <choice minOccurs="0" maxOccurs="unbounded">
\r
325 <element ref="saml:Attribute"/>
\r
326 <element ref="saml:Audience"/>
\r
327 <element name="MetadataProvider" type="conf:PluggableType"/>
\r
328 <element name="TrustProvider" type="conf:PluggableType"/>
\r
331 <attribute name="id" type="string" use="required"/>
\r
332 <attribute name="providerId" type="anyURI" use="optional"/>
\r
333 <attribute name="homeURL" type="anyURI" use="optional"/>
\r
334 <anyAttribute namespace="##other" processContents="lax"/>
\r
338 <element name="Sessions">
\r
340 <documentation>Container for specifying protocol handlers and session policy</documentation>
\r
343 <choice maxOccurs="unbounded">
\r
344 <element ref="conf:SessionInitiator"/>
\r
345 <element ref="md:AssertionConsumerService"/>
\r
346 <element ref="md:SingleLogoutService"/>
\r
347 <element ref="md:ManageNameIDService"/>
\r
348 <element name="Handler">
351 <restriction base="conf:PluggableType">
\r
353 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
\r
355 <attribute name="Location" type="anyURI" use="required"/>
\r
361 <attribute name="handlerURL" type="anyURI" use="optional"/>
\r
362 <attribute name="handlerSSL" type="boolean" use="optional" default="true"/>
\r
363 <attribute name="cookieName" type="string" use="optional"/>
\r
364 <attribute name="cookieProps" type="string" use="optional"/>
\r
365 <attribute name="idpHistory" type="boolean" use="optional" default="true"/>
\r
366 <attribute name="idpHistoryDays" type="unsignedInt" use="optional"/>
\r
367 <attribute name="lifetime" type="unsignedInt" use="optional"/>
\r
368 <attribute name="timeout" type="unsignedInt" use="optional"/>
\r
369 <attribute name="checkAddress" type="boolean" use="optional"/>
\r
370 <attribute name="consistentAddress" type="boolean" use="optional" default="true"/>
\r
371 <anyAttribute namespace="##other" processContents="lax"/>
\r
374 <element name="SessionInitiator">
\r
376 <documentation>Used to specify handlers that can issue AuthnRequests</documentation>
\r
380 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
\r
382 <attribute name="Location" type="anyURI" use="required"/>
\r
383 <attribute name="Binding" type="anyURI" use="required"/>
\r
384 <attribute name="wayfURL" type="anyURI" use="optional"/>
\r
385 <attribute name="wayfBinding" type="anyURI" use="optional"/>
\r
386 <attribute name="checkCDC" type="anyURI" use="optional"/>
\r
387 <attribute name="isDefault" type="boolean" use="optional"/>
\r
388 <attribute name="id" type="string" use="optional"/>
\r
389 <anyAttribute namespace="##any" processContents="lax"/>
\r
393 <element name="Errors">
\r
395 <documentation>Container for error templates and associated details</documentation>
\r
399 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
\r
401 <attribute name="session" type="anyURI" use="required"/>
\r
402 <attribute name="metadata" type="anyURI" use="optional"/>
\r
403 <attribute name="rm" type="anyURI" use="optional"/>
\r
404 <attribute name="access" type="anyURI" use="optional"/>
\r
405 <attribute name="ssl" type="anyURI" use="optional"/>
\r
406 <attribute name="supportContact" type="string" use="optional"/>
\r
407 <attribute name="logoLocation" type="anyURI" use="optional"/>
\r
408 <attribute name="styleSheet" type="anyURI" use="optional"/>
\r
409 <anyAttribute namespace="##any" processContents="lax"/>
\r
413 <attributeGroup name="CredentialUseGroup">
\r
414 <attribute name="TLS" type="string" use="optional"/>
\r
415 <attribute name="Signing" type="string" use="optional"/>
\r
416 <attribute name="signRequest" type="boolean" use="optional" default="false"/>
\r
417 <attribute name="signatureAlg" type="anyURI" use="optional"/>
\r
418 <attribute name="signedAssertions" type="boolean" use="optional" default="false"/>
\r
419 <attribute name="authType" use="optional">
\r
421 <restriction base="string">
\r
422 <enumeration value="basic"/>
\r
423 <enumeration value="digest"/>
\r
424 <enumeration value="ntlm"/>
\r
425 <enumeration value="gss"/>
\r
429 <attribute name="authUsername" use="optional"/>
\r
430 <attribute name="authPassword" use="optional"/>
\r
433 <element name="CredentialUse">
\r
435 <documentation>Container for specifying security methods to use with particular peers</documentation>
\r
439 <element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
\r
442 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
\r
444 <attribute name="Name" type="string" use="required"/>
\r
445 <attributeGroup ref="conf:CredentialUseGroup"/>
\r
446 <anyAttribute namespace="##other" processContents="lax"/>
\r
449 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
\r
451 <attributeGroup ref="conf:CredentialUseGroup"/>
\r
452 <anyAttribute namespace="##other" processContents="lax"/>
\r
456 <element name="Credentials">
458 <documentation>Container for specifying sources of credentials</documentation>
\r
462 <element name="CredentialResolver" minOccurs="1" maxOccurs="unbounded">
465 <restriction base="conf:PluggableType">
467 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
469 <attribute name="Id" type="string" use="required"/>