projects / shibboleth / sp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Reduce number of global elements by adding types, and switch plugins back to lax...
[shibboleth/sp.git] / schemas / shibboleth-2.0-native-sp-config.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
3         xmlns="http://www.w3.org/2001/XMLSchema"
4         xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
5         xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
6         xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
7         xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
8         elementFormDefault="qualified"
9         attributeFormDefault="unqualified"
10         blockDefault="substitution"
11         version="2.4">
12
13   <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
14   <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/>
15   <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
16
17   <annotation>
18     <documentation>
19       2.0 schema for XML-based configuration of Shibboleth Native SP instances.
20       First appearing in Shibboleth 2.0 release.
21     </documentation>
22   </annotation>
23
24   <simpleType name="string">
25     <restriction base="string">
26       <minLength value="1"/>
27     </restriction>
28   </simpleType>
29
30   <simpleType name="listOfStrings">
31     <list itemType="conf:string"/>
32   </simpleType>
33
34   <simpleType name="listOfURIs">
35     <list itemType="anyURI"/>
36   </simpleType>
37
38   <simpleType name="bindingBoolean">
39     <restriction base="string">
40       <enumeration value="true"/>
41       <enumeration value="false"/>
42       <enumeration value="front"/>
43       <enumeration value="back"/>
44     </restriction>
45   </simpleType>
46
47   <complexType name="PluggableType">
48     <sequence>
49       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
50     </sequence>
51     <attribute name="type" type="conf:string" use="required"/>
52     <anyAttribute namespace="##any" processContents="lax"/>
53   </complexType>
54
55   <complexType name="ExtensionsType">
56     <annotation>
57       <documentation>Container for extension libraries and custom configuration</documentation>
58     </annotation>
59     <sequence>
60       <element name="Library" minOccurs="0" maxOccurs="unbounded">
61         <complexType>
62           <sequence>
63             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
64           </sequence>
65           <attribute name="path" type="anyURI" use="required"/>
66           <attribute name="fatal" type="boolean"/>
67           <anyAttribute namespace="##any" processContents="lax"/>
68         </complexType>
69       </element>
70       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
71     </sequence>
72   </complexType>
73
74   <complexType name="StorageServiceType">
75     <annotation>
76       <documentation>References StorageService plugins</documentation>
77     </annotation>
78     <complexContent>
79       <restriction base="conf:PluggableType">
80         <sequence>
81           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
82         </sequence>
83         <attribute name="id" type="ID" use="required"/>
84         <attribute name="cleanupInterval" type="unsignedInt"/>
85         <anyAttribute namespace="##any" processContents="lax"/>
86       </restriction>
87     </complexContent>
88   </complexType>
89
90   <complexType name="SessionCacheType">
91     <annotation>
92       <documentation>References SessionCache plugins</documentation>
93     </annotation>
94     <complexContent>
95       <restriction base="conf:PluggableType">
96         <sequence>
97           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
98         </sequence>
99         <attribute name="StorageService" type="IDREF"/>
100         <attribute name="cacheTimeout" type="unsignedInt"/>
101         <anyAttribute namespace="##any" processContents="lax"/>
102       </restriction>
103     </complexContent>
104   </complexType>
105
106   <complexType name="ReplayCacheType">
107     <annotation>
108       <documentation>Ties ReplayCache to a custom StorageService</documentation>
109     </annotation>
110     <sequence/>
111     <attribute name="StorageService" type="IDREF" use="required"/>
112   </complexType>
113
114   <complexType name="ArtifactMapType">
115     <annotation>
116       <documentation>Customizes an ArtifactMap</documentation>
117     </annotation>
118     <sequence/>
119     <attribute name="StorageService" type="IDREF"/>
120     <attribute name="context" type="conf:string"/>
121     <attribute name="artifactTTL" type="unsignedInt"/>
122   </complexType>
123
124   <complexType name="OutOfProcessType">
125     <annotation>
126       <documentation>Container for out-of-process (shibd) configuration</documentation>
127     </annotation>
128     <sequence>
129       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
130       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
131     </sequence>
132     <attribute name="logger" type="anyURI"/>
133     <attribute name="catchAll" type="boolean"/>
134     <anyAttribute namespace="##other" processContents="lax"/>
135   </complexType>
136
137   <complexType name="InProcessType">
138     <annotation>
139       <documentation>
140         Container for configuration of locally integrated or platform-specific
141         features (e.g. web server filters)
142       </documentation>
143     </annotation>
144     <sequence>
145       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
146       <element name="ISAPI" minOccurs="0">
147         <complexType>
148           <sequence>
149             <element name="Site" maxOccurs="unbounded">
150               <complexType>
151                 <sequence>
152                   <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
153                 </sequence>
154                 <attribute name="id" type="unsignedInt" use="required"/>
155                 <attribute name="name" type="conf:string" use="required"/>
156                 <attribute name="port" type="unsignedInt"/>
157                 <attribute name="sslport" type="unsignedInt"/>
158                 <attribute name="scheme" type="conf:string"/>
159               </complexType>
160             </element>
161             <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
162           </sequence>
163           <attribute name="normalizeRequest" type="boolean"/>
164           <attribute name="safeHeaderNames" type="boolean"/>
165           <anyAttribute namespace="##other" processContents="lax"/>
166         </complexType>
167       </element>
168       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
169     </sequence>
170     <attribute name="logger" type="anyURI"/>
171     <attribute name="unsetHeaderValue" type="conf:string"/>
172     <attribute name="checkSpoofing" type="boolean"/>
173     <attribute name="spoofKey" type="conf:string"/>
174     <attribute name="catchAll" type="boolean"/>
175     <anyAttribute namespace="##other" processContents="lax"/>
176   </complexType>
177
178   <element name="AccessControl" type="conf:UniOperatorType">
179     <annotation>
180       <documentation>
181         A simple example access policy language extension that supersedes Apache .htaccess
182       </documentation>
183     </annotation>
184   </element>
185   <complexType name="UniOperatorType">
186     <choice>
187       <element name="AND" type="conf:MultiOperatorType"/>
188       <element name="OR" type="conf:MultiOperatorType"/>
189       <element name="NOT" type="conf:UniOperatorType"/>
190       <element name="Rule" type="conf:RuleType"/>
191       <element name="RuleRegex" type="conf:RuleRegexType"/>
192     </choice>
193   </complexType>
194   <complexType name="MultiOperatorType">
195     <choice minOccurs="2" maxOccurs="unbounded">
196       <element name="AND" type="conf:MultiOperatorType"/>
197       <element name="OR" type="conf:MultiOperatorType"/>
198       <element name="NOT" type="conf:UniOperatorType"/>
199       <element name="Rule" type="conf:RuleType"/>
200       <element name="RuleRegex" type="conf:RuleRegexType"/>
201     </choice>
202   </complexType>
203   <complexType name="RuleType">
204     <simpleContent>
205       <extension base="conf:listOfStrings">
206         <attribute name="require" type="conf:string" use="required"/>
207         <attribute name="list" type="boolean"/>
208       </extension>
209     </simpleContent>
210   </complexType>
211   <complexType name="RuleRegexType">
212     <simpleContent>
213       <extension base="conf:string">
214         <attribute name="require" type="conf:string" use="required"/>
215         <attribute name="ignoreCase" type="boolean"/>
216       </extension>
217     </simpleContent>
218   </complexType>
219
220   <attributeGroup name="ContentSettings">
221     <attribute name="authType" type="conf:string"/>
222     <attribute name="requireSession" type="boolean"/>
223     <attribute name="requireSessionWith" type="conf:string"/>
224     <attribute name="exportAssertion" type="boolean"/>
225     <attribute name="redirectToSSL" type="unsignedInt"/>
226     <attribute name="entityID" type="anyURI"/>
227     <attribute name="discoveryURL" type="anyURI"/>
228     <attribute name="isPassive" type="boolean"/>
229     <attribute name="returnOnError" type="boolean"/>
230     <attribute name="forceAuthn" type="boolean"/>
231     <attribute name="authnContextClassRef" type="anyURI"/>
232     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
233     <attribute name="NameIDFormat" type="anyURI"/>
234     <attribute name="SPNameQualifier" type="conf:string"/>
235     <attribute name="redirectErrors" type="anyURI"/>
236     <attribute name="sessionError" type="anyURI"/>
237     <attribute name="metadataError" type="anyURI"/>
238     <attribute name="accessError" type="anyURI"/>
239     <attribute name="sslError" type="anyURI"/>
240     <attribute name="target" type="anyURI"/>
241     <attribute name="acsIndex" type="unsignedShort"/>
242     <attribute name="REMOTE_ADDR" type="conf:string"/>
243     <anyAttribute namespace="##other" processContents="lax"/>
244   </attributeGroup>
245
246   <element name="RequestMap">
247     <annotation>
248       <documentation>
249         Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
250       </documentation>
251     </annotation>
252     <complexType>
253       <sequence>
254         <choice minOccurs="0">
255           <element name="htaccess" type="conf:PluggableType"/>
256           <element ref="conf:AccessControl"/>
257           <element name="AccessControlProvider" type="conf:PluggableType"/>
258         </choice>
259         <choice minOccurs="0" maxOccurs="unbounded">
260           <element name="Host" type="conf:HostType"/>
261           <element name="HostRegex" type="conf:HostRegexType"/>
262         </choice>
263       </sequence>
264       <attribute name="applicationId" type="conf:string" fixed="default"/>
265       <attributeGroup ref="conf:ContentSettings"/>
266     </complexType>
267   </element>
268
269   <complexType name="HostType">
270     <sequence>
271       <choice minOccurs="0">
272         <element name="htaccess" type="conf:PluggableType"/>
273         <element ref="conf:AccessControl"/>
274         <element name="AccessControlProvider" type="conf:PluggableType"/>
275       </choice>
276       <choice minOccurs="0" maxOccurs="unbounded">
277         <element name="Path" type="conf:PathType"/>
278         <element name="PathRegex" type="conf:PathRegexType"/>
279         <element name="Query" type="conf:QueryType"/>
280       </choice>
281     </sequence>
282     <attribute name="scheme">
283       <simpleType>
284         <restriction base="conf:string">
285           <enumeration value="http"/>
286           <enumeration value="https"/>
287           <enumeration value="ftp"/>
288           <enumeration value="ldap"/>
289           <enumeration value="ldaps"/>
290         </restriction>
291       </simpleType>
292     </attribute>
293     <attribute name="name" type="conf:string" use="required"/>
294     <attribute name="port" type="unsignedInt"/>
295     <attribute name="applicationId" type="conf:string"/>
296     <attributeGroup ref="conf:ContentSettings"/>
297   </complexType>
298
299   <complexType name="HostRegexType">
300     <sequence>
301       <choice minOccurs="0">
302         <element name="htaccess" type="conf:PluggableType"/>
303         <element ref="conf:AccessControl"/>
304         <element name="AccessControlProvider" type="conf:PluggableType"/>
305       </choice>
306       <choice minOccurs="0" maxOccurs="unbounded">
307         <element name="Path" type="conf:PathType"/>
308         <element name="PathRegex" type="conf:PathRegexType"/>
309         <element name="Query" type="conf:QueryType"/>
310       </choice>
311     </sequence>
312     <attribute name="regex" type="conf:string" use="required"/>
313     <attribute name="ignoreCase" type="boolean"/>
314     <attribute name="applicationId" type="conf:string"/>
315     <attributeGroup ref="conf:ContentSettings"/>
316   </complexType>
317
318   <complexType name="PathType">
319     <sequence>
320       <choice minOccurs="0">
321         <element name="htaccess" type="conf:PluggableType"/>
322         <element ref="conf:AccessControl"/>
323         <element name="AccessControlProvider" type="conf:PluggableType"/>
324       </choice>
325       <choice minOccurs="0" maxOccurs="unbounded">
326         <element name="Path" type="conf:PathType"/>
327         <element name="PathRegex" type="conf:PathRegexType"/>
328         <element name="Query" type="conf:QueryType"/>
329       </choice>
330     </sequence>
331     <attribute name="name" type="conf:string" use="required"/>
332     <attribute name="applicationId" type="conf:string"/>
333     <attributeGroup ref="conf:ContentSettings"/>
334   </complexType>
335
336   <complexType name="PathRegexType">
337     <sequence>
338       <choice minOccurs="0">
339         <element name="htaccess" type="conf:PluggableType"/>
340         <element ref="conf:AccessControl"/>
341         <element name="AccessControlProvider" type="conf:PluggableType"/>
342       </choice>
343       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
344     </sequence>
345     <attribute name="regex" type="conf:string" use="required"/>
346     <attribute name="ignoreCase" type="boolean"/>
347     <attribute name="applicationId" type="conf:string"/>
348     <attributeGroup ref="conf:ContentSettings"/>
349   </complexType>
350
351   <complexType name="QueryType">
352     <sequence>
353       <choice minOccurs="0">
354         <element name="htaccess" type="conf:PluggableType"/>
355         <element ref="conf:AccessControl"/>
356         <element name="AccessControlProvider" type="conf:PluggableType"/>
357       </choice>
358       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
359     </sequence>
360     <attribute name="name" type="conf:string" use="required"/>
361     <attribute name="regex" type="conf:string"/>
362     <attributeGroup ref="conf:ContentSettings"/>
363   </complexType>
364
365   <complexType name="ApplicationDefaultsType">
366     <annotation>
367       <documentation>Container for default settings and application-specific overrides</documentation>
368     </annotation>
369     <sequence>
370       <element name="Sessions" type="conf:SessionsType"/>
371       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
372       <element name="RelyingParty" type="conf:RelyingPartyType" minOccurs="0" maxOccurs="unbounded"/>
373       <element name="Notify" type="conf:NotifyType" minOccurs="0" maxOccurs="unbounded"/>
374       <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
375       <element name="MetadataProvider" type="conf:PluggableType"/>
376       <element name="TrustEngine" type="conf:PluggableType"/>
377       <element name="AttributeExtractor" type="conf:PluggableType" minOccurs="0"/>
378       <element name="AttributeResolver" type="conf:PluggableType" minOccurs="0"/>
379       <element name="AttributeFilter" type="conf:PluggableType" minOccurs="0"/>
380       <element name="CredentialResolver" type="conf:PluggableType" minOccurs="0"/>
381       <element name="ApplicationOverride" type="conf:ApplicationOverrideType" minOccurs="0" maxOccurs="unbounded"/>
382     </sequence>
383     <attribute name="id" type="conf:string" fixed="default"/>
384     <attribute name="entityID" type="anyURI" use="required"/>
385     <attribute name="policyId" type="conf:string" use="required"/>
386     <attributeGroup ref="conf:ApplicationGroup"/>
387     <attributeGroup ref="conf:RelyingPartyGroup"/>
388     <anyAttribute namespace="##other" processContents="lax"/>
389   </complexType>
390
391   <complexType name="ApplicationOverrideType">
392     <annotation>
393       <documentation>Container for application-specific overrides</documentation>
394     </annotation>
395     <sequence>
396       <element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
397       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
398       <element name="RelyingParty" type="conf:RelyingPartyType" minOccurs="0" maxOccurs="unbounded"/>
399       <element name="Notify" type="conf:NotifyType" minOccurs="0" maxOccurs="unbounded"/>
400       <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
401       <element name="MetadataProvider" type="conf:PluggableType" minOccurs="0"/>
402       <element name="TrustEngine" type="conf:PluggableType" minOccurs="0"/>
403       <element name="AttributeExtractor" type="conf:PluggableType" minOccurs="0"/>
404       <element name="AttributeResolver" type="conf:PluggableType" minOccurs="0"/>
405       <element name="AttributeFilter" type="conf:PluggableType" minOccurs="0"/>
406       <element name="CredentialResolver" type="conf:PluggableType" minOccurs="0"/>
407     </sequence>
408     <attribute name="id" type="conf:string" use="required"/>
409     <attribute name="entityID" type="anyURI"/>
410     <attribute name="policyId" type="conf:string"/>
411     <attributeGroup ref="conf:ApplicationGroup"/>
412     <attributeGroup ref="conf:RelyingPartyGroup"/>
413     <anyAttribute namespace="##other" processContents="lax"/>
414   </complexType>
415
416   <attributeGroup name="ApplicationGroup">
417     <attribute name="homeURL" type="anyURI"/>
418     <attribute name="REMOTE_USER" type="conf:listOfStrings"/>
419     <attribute name="unsetHeaders" type="conf:listOfStrings"/>
420     <attribute name="metadataAttributePrefix" type="conf:string"/>
421     <attribute name="attributePrefix" type="conf:string"/>
422   </attributeGroup>
423
424   <attributeGroup name="RelyingPartyGroup">
425     <attribute name="authType" type="conf:string"/>
426     <attribute name="authUsername" type="conf:string"/>
427     <attribute name="authPassword" type="conf:string"/>
428     <attribute name="signing" type="conf:bindingBoolean"/>
429     <attribute name="signingAlg" type="anyURI"/>
430     <attribute name="digestAlg" type="anyURI"/>
431     <attribute name="encryption" type="conf:bindingBoolean"/>
432     <attribute name="encryptionAlg" type="anyURI"/>
433     <attribute name="keyName" type="conf:string"/>
434     <attribute name="artifactEndpointIndex" type="unsignedShort"/>
435     <attribute name="chunkedEncoding" type="boolean"/>
436     <attribute name="connectTimeout" type="unsignedShort"/>
437     <attribute name="timeout" type="unsignedShort"/>
438     <attribute name="requireConfidentiality" type="boolean"/>
439     <attribute name="requireTransportAuth" type="boolean"/>
440     <attribute name="requireSignedAssertions" type="boolean"/>
441   </attributeGroup>
442
443   <complexType name="SessionsType">
444     <annotation>
445       <documentation>Container for specifying protocol handlers and session policy</documentation>
446     </annotation>
447     <choice minOccurs="0" maxOccurs="unbounded">
448       <element ref="conf:SessionInitiator"/>
449       <element ref="conf:LogoutInitiator"/>
450       <element ref="md:AssertionConsumerService"/>
451       <element ref="md:ArtifactResolutionService"/>
452       <element ref="md:SingleLogoutService"/>
453       <element ref="md:ManageNameIDService"/>
454       <element name="Handler">
455         <complexType>
456           <complexContent>
457             <restriction base="conf:PluggableType">
458               <sequence>
459                 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
460               </sequence>
461               <attribute name="Location" type="anyURI" use="required"/>
462               <attribute name="acl" type="conf:listOfStrings"/>
463               <anyAttribute namespace="##any" processContents="lax"/>
464             </restriction>
465           </complexContent>
466         </complexType>
467       </element>
468     </choice>
469     <attribute name="handlerURL" type="anyURI" use="required"/>
470     <attribute name="handlerSSL" type="boolean"/>
471     <attribute name="exportLocation" type="conf:string"/>
472     <attribute name="exportACL" type="conf:listOfStrings"/>
473     <attribute name="cookieName" type="conf:string"/>
474     <attribute name="cookieProps" type="conf:string"/>
475     <attribute name="cookieLifetime" type="unsignedInt"/>
476     <attribute name="idpHistory" type="boolean"/>
477     <attribute name="idpHistoryDays" type="unsignedInt"/>
478     <attribute name="lifetime" type="unsignedInt"/>
479     <attribute name="timeout" type="unsignedInt"/>
480     <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>
481     <attribute name="checkAddress" type="boolean"/>
482     <attribute name="consistentAddress" type="boolean"/>
483     <attribute name="postData" type="conf:string"/>
484     <attribute name="postLimit" type="positiveInteger"/>
485     <attribute name="postTemplate" type="conf:string"/>
486     <attribute name="postExpire" type="boolean"/>
487     <anyAttribute namespace="##other" processContents="lax"/>
488   </complexType>
489
490   <attribute name="policyId" type="conf:string">
491     <annotation>
492       <documentation>Used to reference Policy elements from profile endpoints.</documentation>
493     </annotation>
494   </attribute>
495
496   <element name="SessionInitiator">
497     <annotation>
498       <documentation>Used to specify handlers that can issue AuthnRequests or perform discovery</documentation>
499     </annotation>
500     <complexType>
501       <complexContent>
502         <restriction base="conf:PluggableType">
503           <sequence>
504             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
505           </sequence>
506           <attribute name="Location" type="anyURI"/>
507           <attribute name="id" type="conf:string"/>
508           <attribute name="isDefault" type="boolean"/>
509           <attribute name="relayState" type="conf:string"/>
510           <attribute name="entityIDParam" type="conf:string"/>
511           <attribute name="entityID" type="anyURI"/>
512           <attribute name="URL" type="anyURI"/>
513           <attribute name="outgoingBindings" type="conf:listOfURIs"/>
514           <attribute name="template" type="anyURI"/>
515           <attribute name="postArtifact" type="boolean"/>
516           <attribute name="acsByIndex" type="boolean"/>
517           <attribute name="acsIndex" type="unsignedShort"/>
518           <attribute name="defaultACSIndex" type="unsignedShort"/>  <!-- deprecated -->
519           <attribute name="isPassive" type="boolean"/>
520           <attribute name="returnOnError" type="boolean"/>
521           <attribute name="forceAuthn" type="boolean"/>
522           <attribute name="authnContextClassRef" type="anyURI"/>
523           <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
524           <attribute name="NameIDFormat" type="anyURI"/>
525           <attribute name="SPNameQualifier" type="conf:string"/>
526           <attribute name="requestDelegation" type="boolean"/>
527           <attribute name="target" type="anyURI"/>
528           <anyAttribute namespace="##any" processContents="lax"/>
529         </restriction>
530       </complexContent>
531     </complexType>
532   </element>
533
534   <element name="LogoutInitiator">
535     <annotation>
536       <documentation>Used to specify handlers that can issue LogoutRequests</documentation>
537     </annotation>
538     <complexType>
539       <complexContent>
540         <restriction base="conf:PluggableType">
541           <sequence>
542             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
543           </sequence>
544           <attribute name="Location" type="anyURI"/>
545           <attribute name="relayState" type="conf:string"/>
546           <attribute name="outgoingBindings" type="conf:listOfURIs"/>
547           <attribute name="template" type="anyURI"/>
548           <attribute name="postArtifact" type="boolean"/>
549           <anyAttribute namespace="##any" processContents="lax"/>
550         </restriction>
551       </complexContent>
552     </complexType>
553   </element>
554
555   <complexType name="ErrorsType">
556     <annotation>
557       <documentation>Container for error templates and associated details</documentation>
558     </annotation>
559     <sequence>
560       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
561     </sequence>
562     <attribute name="redirectErrors" type="anyURI"/>
563     <attribute name="session" type="anyURI"/>
564     <attribute name="metadata" type="anyURI"/>
565     <attribute name="access" type="anyURI"/>
566     <attribute name="ssl" type="anyURI"/>
567     <attribute name="localLogout" type="anyURI"/>
568     <attribute name="globalLogout" type="anyURI"/>
569     <attribute name="partialLogout" type="anyURI"/>
570     <attribute name="supportContact" type="conf:string"/>
571     <attribute name="logoLocation" type="anyURI"/>
572     <attribute name="styleSheet" type="anyURI"/>
573     <anyAttribute namespace="##any" processContents="lax"/>
574   </complexType>
575
576   <complexType name="RelyingPartyType">
577     <annotation>
578       <documentation>Container for specifying settings to use with particular peers</documentation>
579     </annotation>
580     <sequence/>
581     <attribute name="Name" type="conf:string" use="required"/>
582     <attributeGroup ref="conf:RelyingPartyGroup"/>
583     <attribute name="entityID" type="anyURI"/>
584     <anyAttribute namespace="##other" processContents="lax"/>
585   </complexType>
586
587   <complexType name="NotifyType">
588     <annotation>
589       <documentation>Used to specify locations to receive application notifications</documentation>
590     </annotation>
591     <sequence/>
592     <attribute name="Channel" use="required">
593       <simpleType>
594         <restriction base="string">
595           <enumeration value="front"/>
596           <enumeration value="back"/>
597         </restriction>
598       </simpleType>
599     </attribute>
600     <attribute name="Location" type="anyURI" use="required"/>
601     <anyAttribute namespace="##any" processContents="lax"/>
602   </complexType>
603
604   <complexType name="SecurityPoliciesType">
605     <annotation>
606       <documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>
607     </annotation>
608     <sequence>
609       <element name="Policy" minOccurs="1" maxOccurs="unbounded">
610         <annotation>
611           <documentation>Specifies a set of SecurityPolicyRule plugins</documentation>
612         </annotation>
613         <complexType>
614           <choice>
615             <element name="Rule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
616             <element name="PolicyRule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
617           </choice>
618           <attribute name="id" type="conf:string" use="required"/>
619           <attribute name="validate" type="boolean"/>
620           <anyAttribute namespace="##any" processContents="lax"/>
621         </complexType>
622       </element>
623       <choice minOccurs="0">
624         <element name="AlgorithmWhitelist" type="conf:listOfURIs"/>
625         <element name="AlgorithmBlacklist" type="conf:listOfURIs"/>
626       </choice>
627     </sequence>
628   </complexType>
629
630   <element name="TransportOption">
631     <annotation>
632       <documentation>Implementation-specific option to pass to SOAPTransport provider.</documentation>
633     </annotation>
634     <complexType>
635       <simpleContent>
636         <extension base="anySimpleType">
637           <attribute name="provider" type="conf:string" use="required"/>
638           <attribute name="option" type="conf:string" use="required"/>
639         </extension>
640       </simpleContent>
641     </complexType>
642   </element>
643
644   <element name="SPConfig">
645     <complexType>
646       <annotation>
647         <documentation>Root of configuration</documentation>
648       </annotation>
649       <sequence>
650         <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
651         <element name="OutOfProcess" type="conf:OutOfProcessType"/>
652         <element name="InProcess" type="conf:InProcessType"/>
653         <choice minOccurs="0">
654           <element name="UnixListener">
655             <complexType>
656               <attribute name="address" type="conf:string" use="required"/>
657               <attribute name="stackSize" type="unsignedInt"/>
658             </complexType>
659           </element>
660           <element name="TCPListener">
661             <complexType>
662               <attribute name="address" type="conf:string" use="required"/>
663               <attribute name="port" type="unsignedInt" use="required"/>
664               <attribute name="acl" type="conf:listOfStrings"/>
665               <attribute name="stackSize" type="unsignedInt"/>
666             </complexType>
667           </element>
668           <element name="Listener" type="conf:PluggableType"/>
669         </choice>
670         <element name="StorageService" type="conf:StorageServiceType" minOccurs="0" maxOccurs="unbounded"/>
671         <element name="SessionCache" type="conf:SessionCacheType" minOccurs="0"/>
672         <element name="ReplayCache" type="conf:ReplayCacheType" minOccurs="0"/>
673         <element name="ArtifactMap" type="conf:ArtifactMapType" minOccurs="0"/>
674         <element name="RequestMapper" type="conf:PluggableType" minOccurs="0"/>
675         <element name="ApplicationDefaults" type="conf:ApplicationDefaultsType"/>
676         <element name="SecurityPolicies" type="conf:SecurityPoliciesType"/>
677         <element ref="conf:TransportOption" minOccurs="0" maxOccurs="unbounded"/>
678       </sequence>
679       <attribute name="logger" type="anyURI"/>
680       <attribute name="clockSkew" type="unsignedInt"/>
681       <attribute name="unsafeChars" type="conf:string"/>
682       <attribute name="allowedSchemes" type="conf:listOfStrings"/>
683       <anyAttribute namespace="##other" processContents="lax"/>
684     </complexType>
685   </element>
686
687 </schema>
Shibboleth SP