1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:target:config:1.0"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:conf="urn:mace:shibboleth:target:config:1.0"
5 xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
6 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
7 elementFormDefault="qualified"
8 attributeFormDefault="unqualified"
9 blockDefault="substitution"
12 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
13 <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
14 <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
18 1.0 schema for XML-based configuration of Shibboleth target libraries and modules.
19 First appearing in Shibboleth 1.2 release.
23 <complexType name="PluggableType">
25 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
27 <attribute name="type" type="string" use="required"/>
28 <attribute name="uri" type="anyURI" use="optional"/>
29 <anyAttribute namespace="##any" processContents="lax"/>
32 <element name="ShibbolethTargetConfig" type="conf:SPConfigType"/>
33 <element name="SPConfig" type="conf:SPConfigType"/>
34 <complexType name="SPConfigType">
36 <documentation>Root element of configuration file</documentation>
39 <element ref="conf:Extensions" minOccurs="0"/>
40 <choice minOccurs="0">
41 <element name="Global" type="conf:GlobalConfigurationType"/>
42 <element name="SHAR" type="conf:GlobalConfigurationType"/>
44 <choice minOccurs="0">
45 <element name="Local" type="conf:LocalConfigurationType"/>
46 <element name="SHIRE" type="conf:LocalConfigurationType"/>
48 <element ref="conf:Applications"/>
49 <element name="CredentialsProvider" type="conf:PluggableType" minOccurs="0" maxOccurs="unbounded"/>
51 <attribute name="logger" type="anyURI" use="optional"/>
52 <attribute name="clockSkew" type="unsignedInt" use="optional"/>
53 <anyAttribute namespace="##other" processContents="lax"/>
56 <element name="Extensions">
58 <documentation>Container for extension libraries and custom configuration</documentation>
62 <element name="Library" minOccurs="0" maxOccurs="unbounded">
65 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
67 <attribute name="path" type="anyURI" use="required"/>
68 <attribute name="fatal" type="boolean" use="optional"/>
69 <anyAttribute namespace="##other" processContents="lax"/>
72 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
77 <complexType name="GlobalConfigurationType">
79 <documentation>Container for global (server independent) configuration</documentation>
82 <element ref="conf:Extensions" minOccurs="0"/>
84 <element name="UnixListener">
86 <attribute name="address" type="string" use="required"/>
89 <element name="TCPListener">
91 <attribute name="address" type="string" use="required"/>
92 <attribute name="port" type="unsignedInt" use="required"/>
93 <attribute name="acl" use="optional" default="127.0.0.1">
95 <list itemType="string"/>
100 <element name="Listener" type="conf:PluggableType"/>
103 <element name="MemorySessionCache">
105 <attributeGroup ref="conf:SessionCacheProperties"/>
106 <anyAttribute namespace="##other" processContents="lax"/>
109 <element name="MySQLSessionCache">
112 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
114 <attributeGroup ref="conf:SessionCacheProperties"/>
115 <attribute name="mysqlTimeout" type="unsignedInt" use="optional" default="14400"/>
116 <attribute name="storeAttributes" type="boolean" use="optional" default="false"/>
117 <anyAttribute namespace="##other" processContents="lax"/>
120 <element name="SessionCache">
123 <extension base="conf:PluggableType">
124 <attributeGroup ref="conf:SessionCacheProperties"/>
130 <choice minOccurs="0">
131 <element name="MySQLReplayCache">
134 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
136 <anyAttribute namespace="##other" processContents="lax"/>
139 <element name="ReplayCache" type="conf:PluggableType"/>
141 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
143 <attribute name="logger" type="anyURI" use="optional"/>
144 <anyAttribute namespace="##other" processContents="lax"/>
147 <attributeGroup name="SessionCacheProperties">
148 <attribute name="cleanupInterval" type="unsignedInt" use="optional" default="300"/>
149 <attribute name="cacheTimeout" type="unsignedInt" use="optional" default="28800"/>
150 <attribute name="AAConnectTimeout" type="unsignedInt" use="optional" default="15"/>
151 <attribute name="AATimeout" type="unsignedInt" use="optional" default="30"/>
152 <attribute name="defaultLifetime" type="unsignedInt" use="optional" default="1800"/>
153 <attribute name="retryInterval" type="unsignedInt" use="optional" default="300"/>
154 <attribute name="strictValidity" type="boolean" use="optional" default="true"/>
155 <attribute name="propagateErrors" type="boolean" use="optional" default="false"/>
158 <complexType name="LocalConfigurationType">
161 Container for configuration of locally integrated or platform-specific
162 features (e.g. web server filters)
166 <element ref="conf:Extensions" minOccurs="0"/>
167 <element name="RequestMapProvider" type="conf:PluggableType" minOccurs="0"/>
168 <element name="Implementation" minOccurs="0">
170 <choice maxOccurs="unbounded">
171 <element ref="conf:ISAPI"/>
172 <any namespace="##other" processContents="lax"/>
176 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
178 <attribute name="logger" type="anyURI" use="optional"/>
179 <attribute name="localRelayState" type="boolean" use="optional" default="false"/>
180 <anyAttribute namespace="##other" processContents="lax"/>
183 <element name="ISAPI">
186 <element name="Site" maxOccurs="unbounded">
189 <element name="Alias" type="string" minOccurs="0" maxOccurs="unbounded"/>
191 <attribute name="id" type="unsignedInt" use="required"/>
192 <attribute name="name" type="string" use="required"/>
193 <attribute name="port" type="unsignedInt" use="optional"/>
194 <attribute name="sslport" type="unsignedInt" use="optional"/>
195 <attribute name="scheme" type="string" use="optional"/>
198 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
200 <attribute name="normalizeRequest" type="boolean" use="optional"/>
201 <anyAttribute namespace="##other" processContents="lax"/>
204 <element name="NSAPI" type="anyType"/>
205 <element name="Java" type="anyType"/>
207 <element name="AccessControl" type="conf:UniOperatorType">
210 A simple example access policy language extension that supersedes Apache .htaccess
214 <element name="OR" type="conf:MultiOperatorType"/>
215 <element name="AND" type="conf:MultiOperatorType"/>
216 <element name="NOT" type="conf:UniOperatorType"/>
217 <complexType name="UniOperatorType">
219 <element ref="conf:AND"/>
220 <element ref="conf:OR"/>
221 <element ref="conf:NOT"/>
222 <element ref="conf:Rule"/>
225 <complexType name="MultiOperatorType">
226 <choice minOccurs="2" maxOccurs="unbounded">
227 <element ref="conf:AND"/>
228 <element ref="conf:OR"/>
229 <element ref="conf:NOT"/>
230 <element ref="conf:Rule"/>
233 <element name="Rule">
236 <extension base="conf:listOfStrings">
237 <attribute name="require" type="string" use="required"/>
242 <simpleType name="listOfStrings">
243 <list itemType="string"/>
246 <attributeGroup name="ContentSettings">
247 <attribute name="authType" type="string" use="optional"/>
248 <attribute name="requireSession" type="boolean" use="optional"/>
249 <attribute name="requireSessionWith" type="string" use="optional"/>
250 <attribute name="exportAssertion" type="boolean" use="optional"/>
251 <anyAttribute namespace="##other" processContents="lax"/>
253 <element name="AccessControlProvider" type="conf:PluggableType"/>
254 <element name="htaccess" type="conf:PluggableType"/>
256 <element name="RequestMap">
259 Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
264 <choice minOccurs="0">
265 <element ref="conf:htaccess"/>
266 <element ref="conf:AccessControl"/>
267 <element ref="conf:AccessControlProvider"/>
269 <element ref="conf:Host" minOccurs="0" maxOccurs="unbounded"/>
271 <attribute name="applicationId" type="string" fixed="default"/>
272 <attributeGroup ref="conf:ContentSettings"/>
276 <element name="Host">
279 <choice minOccurs="0">
280 <element ref="conf:htaccess"/>
281 <element ref="conf:AccessControl"/>
282 <element ref="conf:AccessControlProvider"/>
284 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
286 <attribute name="scheme" use="optional">
288 <restriction base="string">
289 <enumeration value="http"/>
290 <enumeration value="https"/>
291 <enumeration value="ftp"/>
292 <enumeration value="ldap"/>
293 <enumeration value="ldaps"/>
297 <attribute name="name" type="string" use="required"/>
298 <attribute name="port" type="unsignedInt" use="optional"/>
299 <attribute name="applicationId" type="string" use="optional"/>
300 <attributeGroup ref="conf:ContentSettings"/>
304 <element name="Path">
307 <choice minOccurs="0">
308 <element ref="conf:htaccess"/>
309 <element ref="conf:AccessControl"/>
310 <element ref="conf:AccessControlProvider"/>
312 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
314 <attribute name="name" type="string" use="required"/>
315 <attribute name="applicationId" type="string" use="optional"/>
316 <attributeGroup ref="conf:ContentSettings"/>
320 <element name="Applications">
322 <documentation>Container for global target settings and application-specific overrides</documentation>
326 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
327 <element ref="conf:Sessions"/>
328 <element ref="conf:Errors"/>
329 <element ref="conf:CredentialUse" minOccurs="0"/>
330 <choice minOccurs="0" maxOccurs="unbounded">
331 <element ref="saml:AttributeDesignator"/>
332 <element ref="saml:Audience"/>
333 <element name="AAPProvider" type="conf:PluggableType"/>
334 <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
335 <element name="MetadataProvider" type="conf:PluggableType"/>
336 <element name="TrustProvider" type="conf:PluggableType"/>
338 <element ref="conf:Application" minOccurs="0" maxOccurs="unbounded"/>
340 <attribute name="id" type="string" fixed="default"/>
341 <attribute name="providerId" type="anyURI" use="required"/>
342 <attribute name="homeURL" type="anyURI" use="optional"/>
343 <anyAttribute namespace="##other" processContents="lax"/>
347 <element name="Application">
349 <documentation>Container for application-specific overrides</documentation>
353 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
354 <element ref="conf:Sessions" minOccurs="0"/>
355 <element ref="conf:Errors" minOccurs="0"/>
356 <element ref="conf:CredentialUse" minOccurs="0"/>
357 <choice minOccurs="0" maxOccurs="unbounded">
358 <element ref="saml:AttributeDesignator"/>
359 <element ref="saml:Audience"/>
360 <element name="AAPProvider" type="conf:PluggableType"/>
361 <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
362 <element name="MetadataProvider" type="conf:PluggableType"/>
363 <element name="TrustProvider" type="conf:PluggableType"/>
366 <attribute name="id" type="string" use="required"/>
367 <attribute name="providerId" type="anyURI" use="optional"/>
368 <attribute name="homeURL" type="anyURI" use="optional"/>
369 <anyAttribute namespace="##other" processContents="lax"/>
373 <element name="KeyInfoResolver" type="conf:PluggableType">
376 Custom plug-in that resolves ds:KeyInfo elements into public keys, used in
377 TrustProvider elements.
382 <element name="Sessions">
384 <documentation>Container for specifying app session establishment and policy</documentation>
387 <choice minOccurs="0" maxOccurs="unbounded">
388 <element ref="conf:SessionInitiator"/>
389 <element ref="md:AssertionConsumerService"/>
390 <element ref="md:SingleLogoutService"/>
392 <!-- deprecated --> <attribute name="wayfURL" type="anyURI" use="optional"/>
393 <!-- deprecated --> <attribute name="shireURL" type="anyURI" use="optional"/>
394 <!-- deprecated --> <attribute name="shireSSL" type="boolean" use="optional"/>
395 <attribute name="handlerURL" type="anyURI" use="optional"/>
396 <attribute name="handlerSSL" type="boolean" use="optional" default="true"/>
397 <attribute name="cookieName" type="string" use="optional"/>
398 <attribute name="cookieProps" type="string" use="optional"/>
399 <attribute name="idpHistory" type="boolean" use="optional" default="true"/>
400 <attribute name="idpHistoryDays" type="unsignedInt" use="optional"/>
401 <attribute name="lifetime" type="unsignedInt" use="optional"/>
402 <attribute name="timeout" type="unsignedInt" use="optional"/>
403 <attribute name="checkAddress" type="boolean" use="optional"/>
404 <attribute name="checkReplay" type="boolean" use="optional" default="true"/>
405 <anyAttribute namespace="##other" processContents="lax"/>
408 <element name="SessionInitiator">
410 <documentation>Used to specify WAYF/Discovery services (external or internal)</documentation>
414 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
416 <attribute name="Location" type="anyURI" use="required"/>
417 <attribute name="Binding" type="anyURI" use="required"/>
418 <attribute name="wayfURL" type="anyURI" use="optional"/>
419 <attribute name="wayfBinding" type="anyURI" use="optional"/>
420 <attribute name="checkCDC" type="anyURI" use="optional"/>
421 <attribute name="isDefault" type="boolean" use="optional"/>
422 <attribute name="id" type="string" use="optional"/>
426 <element name="Errors">
428 <documentation>Container for error templates and associated details</documentation>
432 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
434 <!-- deprecated --> <attribute name="shire" type="anyURI" use="optional"/>
435 <attribute name="session" type="anyURI" use="optional"/>
436 <attribute name="metadata" type="anyURI" use="optional"/>
437 <attribute name="rm" type="anyURI" use="required"/>
438 <attribute name="access" type="anyURI" use="optional"/>
439 <attribute name="supportContact" type="string" use="optional"/>
440 <attribute name="logoLocation" type="anyURI" use="optional"/>
441 <attribute name="styleSheet" type="anyURI" use="optional"/>
442 <anyAttribute namespace="##any" processContents="lax"/>
446 <attributeGroup name="CredentialUseGroup">
447 <attribute name="TLS" type="string" use="required"/>
448 <attribute name="Signing" type="string" use="required"/>
449 <attribute name="signRequest" type="boolean" use="optional" default="false"/>
450 <attribute name="signedResponse" type="boolean" use="optional" default="false"/>
451 <attribute name="signedAssertions" type="boolean" use="optional" default="false"/>
454 <element name="CredentialUse">
456 <documentation>Container for specifying credentials to use</documentation>
460 <element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
463 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
465 <attribute name="Name" type="string" use="required"/>
466 <attributeGroup ref="conf:CredentialUseGroup"/>
467 <anyAttribute namespace="##other" processContents="lax"/>
470 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
472 <attributeGroup ref="conf:CredentialUseGroup"/>
473 <anyAttribute namespace="##other" processContents="lax"/>