projects / shibboleth / sp.git / blob
? search:


10f4024e447c6a4b823d8127f877215abfa03081
[shibboleth/sp.git] / schemas / shibboleth-2.0-native-sp-config.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
3         xmlns="http://www.w3.org/2001/XMLSchema"
4         xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
5     xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6         xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
7         xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
8         xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
9         elementFormDefault="qualified"
10         attributeFormDefault="unqualified"
11         blockDefault="substitution"
12         version="2.4">
13
14   <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
15   <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
16   <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/>
17   <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
18
19   <annotation>
20     <documentation>
21       2.0 schema for XML-based configuration of Shibboleth Native SP instances.
22       First appearing in Shibboleth 2.0 release.
23     </documentation>
24   </annotation>
25
26   <simpleType name="string">
27     <restriction base="string">
28       <minLength value="1"/>
29     </restriction>
30   </simpleType>
31
32   <simpleType name="listOfStrings">
33     <list itemType="conf:string"/>
34   </simpleType>
35
36   <simpleType name="listOfURIs">
37     <list itemType="anyURI"/>
38   </simpleType>
39
40   <simpleType name="bindingBoolean">
41     <restriction base="string">
42       <enumeration value="true"/>
43       <enumeration value="false"/>
44       <enumeration value="front"/>
45       <enumeration value="back"/>
46     </restriction>
47   </simpleType>
48
49   <complexType name="PluggableType">
50     <sequence>
51       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
52     </sequence>
53     <attribute name="type" type="conf:string" use="required"/>
54     <anyAttribute namespace="##any" processContents="lax"/>
55   </complexType>
56
57   <complexType name="ExtensionsType">
58     <annotation>
59       <documentation>Container for extension libraries and custom configuration</documentation>
60     </annotation>
61     <sequence>
62       <element name="Library" minOccurs="0" maxOccurs="unbounded">
63         <complexType>
64           <sequence>
65             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
66           </sequence>
67           <attribute name="path" type="anyURI" use="required"/>
68           <attribute name="fatal" type="boolean"/>
69           <anyAttribute namespace="##any" processContents="lax"/>
70         </complexType>
71       </element>
72       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
73     </sequence>
74   </complexType>
75
76   <complexType name="StorageServiceType">
77     <annotation>
78       <documentation>References StorageService plugins</documentation>
79     </annotation>
80     <complexContent>
81       <restriction base="conf:PluggableType">
82         <sequence>
83           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
84         </sequence>
85         <attribute name="id" type="ID" use="required"/>
86         <attribute name="cleanupInterval" type="unsignedInt"/>
87         <anyAttribute namespace="##any" processContents="lax"/>
88       </restriction>
89     </complexContent>
90   </complexType>
91
92   <complexType name="SessionCacheType">
93     <annotation>
94       <documentation>References SessionCache plugins</documentation>
95     </annotation>
96     <complexContent>
97       <restriction base="conf:PluggableType">
98         <sequence>
99           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
100         </sequence>
101         <attribute name="StorageService" type="IDREF"/>
102         <attribute name="cacheTimeout" type="unsignedInt"/>
103         <anyAttribute namespace="##any" processContents="lax"/>
104       </restriction>
105     </complexContent>
106   </complexType>
107
108   <complexType name="ReplayCacheType">
109     <annotation>
110       <documentation>Ties ReplayCache to a custom StorageService</documentation>
111     </annotation>
112     <sequence/>
113     <attribute name="StorageService" type="IDREF"/>
114   </complexType>
115
116   <complexType name="ArtifactMapType">
117     <annotation>
118       <documentation>Customizes an ArtifactMap</documentation>
119     </annotation>
120     <sequence/>
121     <attribute name="StorageService" type="IDREF"/>
122     <attribute name="context" type="conf:string"/>
123     <attribute name="artifactTTL" type="unsignedInt"/>
124   </complexType>
125
126   <complexType name="OutOfProcessType">
127     <annotation>
128       <documentation>Container for out-of-process (shibd) configuration</documentation>
129     </annotation>
130     <sequence>
131       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
132       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
133     </sequence>
134     <attribute name="logger" type="anyURI"/>
135     <attribute name="catchAll" type="boolean"/>
136     <anyAttribute namespace="##other" processContents="lax"/>
137   </complexType>
138
139   <complexType name="InProcessType">
140     <annotation>
141       <documentation>
142         Container for configuration of locally integrated or platform-specific
143         features (e.g. web server filters)
144       </documentation>
145     </annotation>
146     <sequence>
147       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
148       <element name="ISAPI" minOccurs="0">
149         <complexType>
150           <sequence>
151             <element name="Site" maxOccurs="unbounded">
152               <complexType>
153                 <sequence>
154                   <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
155                 </sequence>
156                 <attribute name="id" type="unsignedInt" use="required"/>
157                 <attribute name="name" type="conf:string" use="required"/>
158                 <attribute name="port" type="unsignedInt"/>
159                 <attribute name="sslport" type="unsignedInt"/>
160                 <attribute name="scheme" type="conf:string"/>
161               </complexType>
162             </element>
163             <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
164           </sequence>
165           <attribute name="normalizeRequest" type="boolean"/>
166           <attribute name="safeHeaderNames" type="boolean"/>
167           <anyAttribute namespace="##other" processContents="lax"/>
168         </complexType>
169       </element>
170       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
171     </sequence>
172     <attribute name="logger" type="anyURI"/>
173     <attribute name="unsetHeaderValue" type="conf:string"/>
174     <attribute name="checkSpoofing" type="boolean"/>
175     <attribute name="spoofKey" type="conf:string"/>
176     <attribute name="catchAll" type="boolean"/>
177     <anyAttribute namespace="##other" processContents="lax"/>
178   </complexType>
179
180   <element name="AccessControl" type="conf:UniOperatorType">
181     <annotation>
182       <documentation>
183         A simple example access policy language extension that supersedes Apache .htaccess
184       </documentation>
185     </annotation>
186   </element>
187   <complexType name="UniOperatorType">
188     <choice>
189       <element name="AND" type="conf:MultiOperatorType"/>
190       <element name="OR" type="conf:MultiOperatorType"/>
191       <element name="NOT" type="conf:UniOperatorType"/>
192       <element name="Rule" type="conf:RuleType"/>
193       <element name="RuleRegex" type="conf:RuleRegexType"/>
194     </choice>
195   </complexType>
196   <complexType name="MultiOperatorType">
197     <choice minOccurs="2" maxOccurs="unbounded">
198       <element name="AND" type="conf:MultiOperatorType"/>
199       <element name="OR" type="conf:MultiOperatorType"/>
200       <element name="NOT" type="conf:UniOperatorType"/>
201       <element name="Rule" type="conf:RuleType"/>
202       <element name="RuleRegex" type="conf:RuleRegexType"/>
203     </choice>
204   </complexType>
205   <complexType name="RuleType">
206     <simpleContent>
207       <extension base="conf:listOfStrings">
208         <attribute name="require" type="conf:string" use="required"/>
209         <attribute name="list" type="boolean"/>
210       </extension>
211     </simpleContent>
212   </complexType>
213   <complexType name="RuleRegexType">
214     <simpleContent>
215       <extension base="conf:string">
216         <attribute name="require" type="conf:string" use="required"/>
217         <attribute name="ignoreCase" type="boolean"/>
218       </extension>
219     </simpleContent>
220   </complexType>
221
222   <attributeGroup name="ContentSettings">
223     <attribute name="applicationId" type="conf:string"/>
224     <attribute name="authType" type="conf:string"/>
225     <attribute name="requireSession" type="boolean"/>
226     <attribute name="requireSessionWith" type="conf:string"/>
227     <attribute name="exportAssertion" type="boolean"/>
228     <attribute name="redirectToSSL" type="unsignedInt"/>
229     <attribute name="entityID" type="anyURI"/>
230     <attribute name="discoveryURL" type="anyURI"/>
231     <attribute name="isPassive" type="boolean"/>
232     <attribute name="returnOnError" type="boolean"/>
233     <attribute name="forceAuthn" type="boolean"/>
234     <attribute name="authnContextClassRef" type="anyURI"/>
235     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
236     <attribute name="NameIDFormat" type="anyURI"/>
237     <attribute name="SPNameQualifier" type="conf:string"/>
238     <attribute name="redirectErrors" type="anyURI"/>
239     <attribute name="sessionError" type="anyURI"/>
240     <attribute name="metadataError" type="anyURI"/>
241     <attribute name="accessError" type="anyURI"/>
242     <attribute name="sslError" type="anyURI"/>
243     <attribute name="target" type="anyURI"/>
244     <attribute name="acsIndex" type="unsignedShort"/>
245     <attribute name="REMOTE_ADDR" type="conf:string"/>
246     <anyAttribute namespace="##other" processContents="lax"/>
247   </attributeGroup>
248
249   <element name="RequestMap">
250     <annotation>
251       <documentation>
252         Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
253       </documentation>
254     </annotation>
255     <complexType>
256       <sequence>
257         <choice minOccurs="0">
258           <element name="htaccess" type="conf:PluggableType"/>
259           <element ref="conf:AccessControl"/>
260           <element name="AccessControlProvider" type="conf:PluggableType"/>
261         </choice>
262         <choice minOccurs="0" maxOccurs="unbounded">
263           <element name="Host" type="conf:HostType"/>
264           <element name="HostRegex" type="conf:HostRegexType"/>
265         </choice>
266         <element ref="ds:Signature" minOccurs="0"/>
267       </sequence>
268       <attributeGroup ref="conf:ContentSettings"/>
269     </complexType>
270   </element>
271
272   <complexType name="HostType">
273     <sequence>
274       <choice minOccurs="0">
275         <element name="htaccess" type="conf:PluggableType"/>
276         <element ref="conf:AccessControl"/>
277         <element name="AccessControlProvider" type="conf:PluggableType"/>
278       </choice>
279       <choice minOccurs="0" maxOccurs="unbounded">
280         <element name="Path" type="conf:PathType"/>
281         <element name="PathRegex" type="conf:PathRegexType"/>
282         <element name="Query" type="conf:QueryType"/>
283       </choice>
284     </sequence>
285     <attribute name="scheme">
286       <simpleType>
287         <restriction base="conf:string">
288           <enumeration value="http"/>
289           <enumeration value="https"/>
290           <enumeration value="ftp"/>
291           <enumeration value="ldap"/>
292           <enumeration value="ldaps"/>
293         </restriction>
294       </simpleType>
295     </attribute>
296     <attribute name="name" type="conf:string" use="required"/>
297     <attribute name="port" type="unsignedInt"/>
298     <attributeGroup ref="conf:ContentSettings"/>
299   </complexType>
300
301   <complexType name="HostRegexType">
302     <sequence>
303       <choice minOccurs="0">
304         <element name="htaccess" type="conf:PluggableType"/>
305         <element ref="conf:AccessControl"/>
306         <element name="AccessControlProvider" type="conf:PluggableType"/>
307       </choice>
308       <choice minOccurs="0" maxOccurs="unbounded">
309         <element name="Path" type="conf:PathType"/>
310         <element name="PathRegex" type="conf:PathRegexType"/>
311         <element name="Query" type="conf:QueryType"/>
312       </choice>
313     </sequence>
314     <attribute name="regex" type="conf:string" use="required"/>
315     <attribute name="ignoreCase" type="boolean"/>
316     <attributeGroup ref="conf:ContentSettings"/>
317   </complexType>
318
319   <complexType name="PathType">
320     <sequence>
321       <choice minOccurs="0">
322         <element name="htaccess" type="conf:PluggableType"/>
323         <element ref="conf:AccessControl"/>
324         <element name="AccessControlProvider" type="conf:PluggableType"/>
325       </choice>
326       <choice minOccurs="0" maxOccurs="unbounded">
327         <element name="Path" type="conf:PathType"/>
328         <element name="PathRegex" type="conf:PathRegexType"/>
329         <element name="Query" type="conf:QueryType"/>
330       </choice>
331     </sequence>
332     <attribute name="name" type="conf:string" use="required"/>
333     <attributeGroup ref="conf:ContentSettings"/>
334   </complexType>
335
336   <complexType name="PathRegexType">
337     <sequence>
338       <choice minOccurs="0">
339         <element name="htaccess" type="conf:PluggableType"/>
340         <element ref="conf:AccessControl"/>
341         <element name="AccessControlProvider" type="conf:PluggableType"/>
342       </choice>
343       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
344     </sequence>
345     <attribute name="regex" type="conf:string" use="required"/>
346     <attribute name="ignoreCase" type="boolean"/>
347     <attributeGroup ref="conf:ContentSettings"/>
348   </complexType>
349
350   <complexType name="QueryType">
351     <sequence>
352       <choice minOccurs="0">
353         <element name="htaccess" type="conf:PluggableType"/>
354         <element ref="conf:AccessControl"/>
355         <element name="AccessControlProvider" type="conf:PluggableType"/>
356       </choice>
357       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
358     </sequence>
359     <attribute name="name" type="conf:string" use="required"/>
360     <attribute name="regex" type="conf:string"/>
361     <attributeGroup ref="conf:ContentSettings"/>
362   </complexType>
363
364   <complexType name="ApplicationDefaultsType">
365     <annotation>
366       <documentation>Container for default settings and application-specific overrides</documentation>
367     </annotation>
368     <sequence>
369       <element name="Sessions" type="conf:SessionsType"/>
370       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
371       <element name="RelyingParty" type="conf:RelyingPartyType" minOccurs="0" maxOccurs="unbounded"/>
372       <element name="Notify" type="conf:NotifyType" minOccurs="0" maxOccurs="unbounded"/>
373       <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
374       <element name="MetadataProvider" type="conf:PluggableType"/>
375       <element name="TrustEngine" type="conf:PluggableType"/>
376       <element name="AttributeExtractor" type="conf:PluggableType" minOccurs="0"/>
377       <element name="AttributeResolver" type="conf:PluggableType" minOccurs="0"/>
378       <element name="AttributeFilter" type="conf:PluggableType" minOccurs="0"/>
379       <element name="CredentialResolver" type="conf:PluggableType" minOccurs="0"/>
380       <element name="ApplicationOverride" type="conf:ApplicationOverrideType" minOccurs="0" maxOccurs="unbounded"/>
381     </sequence>
382     <attribute name="id" type="conf:string" fixed="default"/>
383     <attribute name="entityID" type="anyURI" use="required"/>
384     <attribute name="policyId" type="conf:string" use="required"/>
385     <attributeGroup ref="conf:ApplicationGroup"/>
386     <attributeGroup ref="conf:RelyingPartyGroup"/>
387     <anyAttribute namespace="##other" processContents="lax"/>
388   </complexType>
389
390   <complexType name="ApplicationOverrideType">
391     <annotation>
392       <documentation>Container for application-specific overrides</documentation>
393     </annotation>
394     <sequence>
395       <element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
396       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
397       <element name="RelyingParty" type="conf:RelyingPartyType" minOccurs="0" maxOccurs="unbounded"/>
398       <element name="Notify" type="conf:NotifyType" minOccurs="0" maxOccurs="unbounded"/>
399       <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
400       <element name="MetadataProvider" type="conf:PluggableType" minOccurs="0"/>
401       <element name="TrustEngine" type="conf:PluggableType" minOccurs="0"/>
402       <element name="AttributeExtractor" type="conf:PluggableType" minOccurs="0"/>
403       <element name="AttributeResolver" type="conf:PluggableType" minOccurs="0"/>
404       <element name="AttributeFilter" type="conf:PluggableType" minOccurs="0"/>
405       <element name="CredentialResolver" type="conf:PluggableType" minOccurs="0"/>
406     </sequence>
407     <attribute name="id" type="conf:string" use="required"/>
408     <attribute name="entityID" type="anyURI"/>
409     <attribute name="policyId" type="conf:string"/>
410     <attributeGroup ref="conf:ApplicationGroup"/>
411     <attributeGroup ref="conf:RelyingPartyGroup"/>
412     <anyAttribute namespace="##other" processContents="lax"/>
413   </complexType>
414
415   <attributeGroup name="ApplicationGroup">
416     <attribute name="homeURL" type="anyURI"/>
417     <attribute name="REMOTE_USER" type="conf:listOfStrings"/>
418     <attribute name="unsetHeaders" type="conf:listOfStrings"/>
419     <attribute name="metadataAttributePrefix" type="conf:string"/>
420     <attribute name="attributePrefix" type="conf:string"/>
421   </attributeGroup>
422
423   <attributeGroup name="RelyingPartyGroup">
424     <attribute name="authType" type="conf:string"/>
425     <attribute name="authUsername" type="conf:string"/>
426     <attribute name="authPassword" type="conf:string"/>
427     <attribute name="signing" type="conf:bindingBoolean"/>
428     <attribute name="signingAlg" type="anyURI"/>
429     <attribute name="digestAlg" type="anyURI"/>
430     <attribute name="encryption" type="conf:bindingBoolean"/>
431     <attribute name="encryptionAlg" type="anyURI"/>
432     <attribute name="keyName" type="conf:string"/>
433     <attribute name="artifactEndpointIndex" type="unsignedShort"/>
434     <attribute name="chunkedEncoding" type="boolean"/>
435     <attribute name="connectTimeout" type="unsignedShort"/>
436     <attribute name="timeout" type="unsignedShort"/>
437     <attribute name="requireConfidentiality" type="boolean"/>
438     <attribute name="requireTransportAuth" type="boolean"/>
439     <attribute name="requireSignedAssertions" type="boolean"/>
440   </attributeGroup>
441
442   <complexType name="SessionsType">
443     <annotation>
444       <documentation>Container for specifying protocol handlers and session policy</documentation>
445     </annotation>
446     <choice minOccurs="0" maxOccurs="unbounded">
447       <element ref="conf:SessionInitiator"/>
448       <element ref="conf:LogoutInitiator"/>
449       <element ref="md:AssertionConsumerService"/>
450       <element ref="md:ArtifactResolutionService"/>
451       <element ref="md:SingleLogoutService"/>
452       <element ref="md:ManageNameIDService"/>
453       <element name="Handler">
454         <complexType>
455           <complexContent>
456             <restriction base="conf:PluggableType">
457               <sequence>
458                 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
459               </sequence>
460               <attribute name="Location" type="anyURI" use="required"/>
461               <attribute name="acl" type="conf:listOfStrings"/>
462               <anyAttribute namespace="##any" processContents="lax"/>
463             </restriction>
464           </complexContent>
465         </complexType>
466       </element>
467     </choice>
468     <attribute name="handlerURL" type="anyURI" use="required"/>
469     <attribute name="handlerSSL" type="boolean"/>
470     <attribute name="exportLocation" type="conf:string"/>
471     <attribute name="exportACL" type="conf:listOfStrings"/>
472     <attribute name="cookieName" type="conf:string"/>
473     <attribute name="cookieProps" type="conf:string"/>
474     <attribute name="cookieLifetime" type="unsignedInt"/>
475     <attribute name="idpHistory" type="boolean"/>
476     <attribute name="idpHistoryDays" type="unsignedInt"/>
477     <attribute name="lifetime" type="unsignedInt"/>
478     <attribute name="timeout" type="unsignedInt"/>
479     <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>
480     <attribute name="checkAddress" type="boolean"/>
481     <attribute name="consistentAddress" type="boolean"/>
482     <attribute name="postData" type="conf:string"/>
483     <attribute name="postLimit" type="positiveInteger"/>
484     <attribute name="postTemplate" type="conf:string"/>
485     <attribute name="postExpire" type="boolean"/>
486     <anyAttribute namespace="##other" processContents="lax"/>
487   </complexType>
488
489   <attribute name="policyId" type="conf:string">
490     <annotation>
491       <documentation>Used to reference Policy elements from profile endpoints.</documentation>
492     </annotation>
493   </attribute>
494
495   <element name="SessionInitiator">
496     <annotation>
497       <documentation>Used to specify handlers that can issue AuthnRequests or perform discovery</documentation>
498     </annotation>
499     <complexType>
500       <complexContent>
501         <restriction base="conf:PluggableType">
502           <sequence>
503             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
504           </sequence>
505           <attribute name="Location" type="anyURI"/>
506           <attribute name="id" type="conf:string"/>
507           <attribute name="isDefault" type="boolean"/>
508           <attribute name="relayState" type="conf:string"/>
509           <attribute name="entityIDParam" type="conf:string"/>
510           <attribute name="entityID" type="anyURI"/>
511           <attribute name="URL" type="anyURI"/>
512           <attribute name="outgoingBindings" type="conf:listOfURIs"/>
513           <attribute name="template" type="anyURI"/>
514           <attribute name="postArtifact" type="boolean"/>
515           <attribute name="acsByIndex" type="boolean"/>
516           <attribute name="acsIndex" type="unsignedShort"/>
517           <attribute name="defaultACSIndex" type="unsignedShort"/>  <!-- deprecated -->
518           <attribute name="isPassive" type="boolean"/>
519           <attribute name="returnOnError" type="boolean"/>
520           <attribute name="forceAuthn" type="boolean"/>
521           <attribute name="authnContextClassRef" type="anyURI"/>
522           <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
523           <attribute name="NameIDFormat" type="anyURI"/>
524           <attribute name="SPNameQualifier" type="conf:string"/>
525           <attribute name="requestDelegation" type="boolean"/>
526           <attribute name="target" type="anyURI"/>
527           <anyAttribute namespace="##any" processContents="lax"/>
528         </restriction>
529       </complexContent>
530     </complexType>
531   </element>
532
533   <element name="LogoutInitiator">
534     <annotation>
535       <documentation>Used to specify handlers that can issue LogoutRequests</documentation>
536     </annotation>
537     <complexType>
538       <complexContent>
539         <restriction base="conf:PluggableType">
540           <sequence>
541             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
542           </sequence>
543           <attribute name="Location" type="anyURI"/>
544           <attribute name="relayState" type="conf:string"/>
545           <attribute name="outgoingBindings" type="conf:listOfURIs"/>
546           <attribute name="template" type="anyURI"/>
547           <attribute name="postArtifact" type="boolean"/>
548           <anyAttribute namespace="##any" processContents="lax"/>
549         </restriction>
550       </complexContent>
551     </complexType>
552   </element>
553
554   <complexType name="ErrorsType">
555     <annotation>
556       <documentation>Container for error templates and associated details</documentation>
557     </annotation>
558     <sequence>
559       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
560     </sequence>
561     <attribute name="redirectErrors" type="anyURI"/>
562     <attribute name="session" type="anyURI"/>
563     <attribute name="metadata" type="anyURI"/>
564     <attribute name="access" type="anyURI"/>
565     <attribute name="ssl" type="anyURI"/>
566     <attribute name="localLogout" type="anyURI"/>
567     <attribute name="globalLogout" type="anyURI"/>
568     <attribute name="partialLogout" type="anyURI"/>
569     <attribute name="supportContact" type="conf:string"/>
570     <attribute name="logoLocation" type="anyURI"/>
571     <attribute name="styleSheet" type="anyURI"/>
572     <anyAttribute namespace="##any" processContents="lax"/>
573   </complexType>
574
575   <complexType name="RelyingPartyType">
576     <annotation>
577       <documentation>Container for specifying settings to use with particular peers</documentation>
578     </annotation>
579     <sequence/>
580     <attribute name="Name" type="conf:string" use="required"/>
581     <attributeGroup ref="conf:RelyingPartyGroup"/>
582     <attribute name="entityID" type="anyURI"/>
583     <anyAttribute namespace="##other" processContents="lax"/>
584   </complexType>
585
586   <complexType name="NotifyType">
587     <annotation>
588       <documentation>Used to specify locations to receive application notifications</documentation>
589     </annotation>
590     <sequence/>
591     <attribute name="Channel" use="required">
592       <simpleType>
593         <restriction base="string">
594           <enumeration value="front"/>
595           <enumeration value="back"/>
596         </restriction>
597       </simpleType>
598     </attribute>
599     <attribute name="Location" type="anyURI" use="required"/>
600     <anyAttribute namespace="##any" processContents="lax"/>
601   </complexType>
602
603   <element name="SecurityPolicies">
604     <complexType>
605       <annotation>
606         <documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>
607       </annotation>
608       <sequence>
609         <element name="Policy" minOccurs="1" maxOccurs="unbounded">
610           <annotation>
611             <documentation>Specifies a set of SecurityPolicyRule plugins</documentation>
612           </annotation>
613           <complexType>
614             <choice>
615               <element name="Rule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
616               <element name="PolicyRule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
617             </choice>
618             <attribute name="id" type="conf:string" use="required"/>
619             <attribute name="validate" type="boolean"/>
620             <anyAttribute namespace="##any" processContents="lax"/>
621           </complexType>
622         </element>
623         <choice minOccurs="0">
624           <element name="AlgorithmWhitelist" type="conf:listOfURIs"/>
625           <element name="AlgorithmBlacklist" type="conf:listOfURIs"/>
626         </choice>
627       </sequence>
628     </complexType>
629   </element>
630
631   <element name="TransportOption">
632     <annotation>
633       <documentation>Implementation-specific option to pass to SOAPTransport provider.</documentation>
634     </annotation>
635     <complexType>
636       <simpleContent>
637         <extension base="anySimpleType">
638           <attribute name="provider" type="conf:string" use="required"/>
639           <attribute name="option" type="conf:string" use="required"/>
640         </extension>
641       </simpleContent>
642     </complexType>
643   </element>
644
645   <element name="SPConfig">
646     <complexType>
647       <annotation>
648         <documentation>Root of configuration</documentation>
649       </annotation>
650       <sequence>
651         <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
652         <element name="OutOfProcess" type="conf:OutOfProcessType" minOccurs="0"/>
653         <element name="InProcess" type="conf:InProcessType" minOccurs="0"/>
654         <choice minOccurs="0">
655           <element name="UnixListener">
656             <complexType>
657               <attribute name="address" type="conf:string" use="required"/>
658               <attribute name="stackSize" type="unsignedInt"/>
659             </complexType>
660           </element>
661           <element name="TCPListener">
662             <complexType>
663               <attribute name="address" type="conf:string" use="required"/>
664               <attribute name="port" type="unsignedInt" use="required"/>
665               <attribute name="acl" type="conf:listOfStrings"/>
666               <attribute name="stackSize" type="unsignedInt"/>
667             </complexType>
668           </element>
669           <element name="Listener" type="conf:PluggableType"/>
670         </choice>
671         <element name="StorageService" type="conf:StorageServiceType" minOccurs="0" maxOccurs="unbounded"/>
672         <element name="SessionCache" type="conf:SessionCacheType" minOccurs="0"/>
673         <element name="ReplayCache" type="conf:ReplayCacheType" minOccurs="0"/>
674         <element name="ArtifactMap" type="conf:ArtifactMapType" minOccurs="0"/>
675         <element name="RequestMapper" type="conf:PluggableType" minOccurs="0"/>
676         <element name="ApplicationDefaults" type="conf:ApplicationDefaultsType"/>
677         <choice>
678           <element name="SecurityPolicyProvider" type="conf:PluggableType"/>
679           <element ref="conf:SecurityPolicies"/> <!-- deprecated -->
680         </choice>
681         <element ref="conf:TransportOption" minOccurs="0" maxOccurs="unbounded"/>
682         <element ref="ds:Signature" minOccurs="0"/>
683       </sequence>
684       <attribute name="logger" type="anyURI"/>
685       <attribute name="clockSkew" type="unsignedInt"/>
686       <attribute name="unsafeChars" type="conf:string"/>
687       <attribute name="allowedSchemes" type="conf:listOfStrings"/>
688       <anyAttribute namespace="##other" processContents="lax"/>
689     </complexType>
690   </element>
691
692 </schema>
Shibboleth SP