<schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
elementFormDefault="qualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
- version="2.5">
+ version="2.5.3">
<import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
<attribute name="StorageService" type="IDREF"/>
<attribute name="cacheAllowance" type="unsignedInt"/>
<attribute name="cacheTimeout" type="unsignedInt"/> <!-- deprecated -->
+ <attribute name="maintainReverseIndex" type="boolean"/>
+ <attribute name="excludeReverseIndex" type="conf:listOfStrings"/>
<anyAttribute namespace="##any" processContents="lax"/>
</restriction>
</complexContent>
<attribute name="authType" type="conf:string"/>
<attribute name="requireSession" type="boolean"/>
<attribute name="requireSessionWith" type="conf:string"/>
+ <attribute name="requireLogoutWith" type="anyURI"/>
<attribute name="exportAssertion" type="boolean"/>
<attribute name="exportStdVars" type="boolean"/>
+ <attribute name="exportCookie" type="boolean"/>
<attribute name="redirectToSSL" type="unsignedInt"/>
<attribute name="entityID" type="anyURI"/>
<attribute name="discoveryURL" type="anyURI"/>
<attribute name="unsetHeaders" type="conf:listOfStrings"/>
<attribute name="metadataAttributePrefix" type="conf:string"/>
<attribute name="attributePrefix" type="conf:string"/>
- <attribute name="requireAuthenticatedCipher" type="boolean"/>
+ <attribute name="requireAuthenticatedEncryption" type="boolean"/>
</attributeGroup>
<attributeGroup name="RelyingPartyGroup">
<attribute name="requireTransportAuth" type="boolean"/>
<attribute name="requireSignedAssertions" type="boolean"/>
<attribute name="sessionHook" type="anyURI"/>
+ <attribute name="artifactByFilesystem" type="boolean"/>
</attributeGroup>
<complexType name="SessionsType">
</annotation>
<simpleContent>
<extension base="conf:listOfStrings">
+ <attribute name="policyId" type="conf:string"/>
+ <attribute name="ignoreNoPassive" type="boolean"/>
<attribute name="discoveryProtocol" type="conf:string"/>
<attribute name="discoveryURL" type="anyURI"/>
<attributeGroup ref="conf:SessionInitiatorGroup"/>
</annotation>
<simpleContent>
<extension base="conf:listOfStrings">
+ <attribute name="policyId" type="conf:string"/>
<attributeGroup ref="conf:LogoutInitiatorGroup"/>
</extension>
</simpleContent>
</complexType>
</element>
- <element name="NameIDMgmt" type="conf:listOfStrings" minOccurs="0">
- <annotation>
- <documentation>Implicitly configures ManageNameIDService handlers</documentation>
- </annotation>
+ <element name="NameIDMgmt" minOccurs="0">
+ <complexType>
+ <annotation>
+ <documentation>Implicitly configures ManageNameIDService handlers</documentation>
+ </annotation>
+ <simpleContent>
+ <extension base="conf:listOfStrings">
+ <attribute name="policyId" type="conf:string"/>
+ </extension>
+ </simpleContent>
+ </complexType>
</element>
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="conf:SessionInitiator"/>
<attribute name="cookieLifetime" type="unsignedInt"/>
<attribute name="idpHistory" type="boolean"/>
<attribute name="idpHistoryDays" type="unsignedInt"/>
+ <attribute name="idpHistoryProps" type="conf:string"/>
<attribute name="lifetime" type="unsignedInt"/>
<attribute name="timeout" type="unsignedInt"/>
<attribute name="maxTimeSinceAuthn" type="unsignedInt"/>
</annotation>
</attribute>
+ <attribute name="ignoreNoPassive" type="boolean">
+ <annotation>
+ <documentation>Used to ignore NoPassive errors in AssertionConsumerService endpoints</documentation>
+ </annotation>
+ </attribute>
+
<attributeGroup name="SessionInitiatorGroup">
<annotation>
<documentation>Options common to explicit and implicit SessionInitiators</documentation>
<attribute name="localLogout" type="anyURI"/>
<attribute name="globalLogout" type="anyURI"/>
<attribute name="partialLogout" type="anyURI"/>
- <attribute name="supportContact" type="conf:string"/>
- <attribute name="logoLocation" type="anyURI"/>
- <attribute name="helpLocation" type="anyURI"/>
- <attribute name="styleSheet" type="anyURI"/>
<anyAttribute namespace="##any" processContents="lax"/>
</complexType>
</element>
<choice minOccurs="0">
<element name="AlgorithmWhitelist" type="conf:listOfURIs"/>
- <element name="AlgorithmBlacklist" type="conf:listOfURIs"/>
+ <element name="AlgorithmBlacklist">
+ <complexType>
+ <simpleContent>
+ <extension base="conf:listOfURIs">
+ <attribute name="includeDefaultBlacklist" type="boolean"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ </element>
</choice>
</sequence>
</complexType>
projects / shibboleth / cpp-sp.git / blobdiff