projects / shibboleth / sp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
https://bugs.internet2.edu/jira/browse/SSPCPP-303
[shibboleth/sp.git] / schemas / shibboleth-2.0-native-sp-config.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
3         xmlns="http://www.w3.org/2001/XMLSchema"
4         xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
5     xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6         xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
7         xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
8         xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
9         elementFormDefault="qualified"
10         attributeFormDefault="unqualified"
11         blockDefault="substitution"
12         version="2.4">
13
14   <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
15   <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
16   <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/>
17   <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
18
19   <annotation>
20     <documentation>
21       2.0 schema for XML-based configuration of Shibboleth Native SP instances.
22       First appearing in Shibboleth 2.0 release.
23     </documentation>
24   </annotation>
25
26   <simpleType name="string">
27     <restriction base="string">
28       <minLength value="1"/>
29     </restriction>
30   </simpleType>
31
32   <simpleType name="listOfStrings">
33     <list itemType="conf:string"/>
34   </simpleType>
35
36   <simpleType name="listOfURIs">
37     <list itemType="anyURI"/>
38   </simpleType>
39
40   <simpleType name="bindingBoolean">
41     <restriction base="string">
42       <enumeration value="true"/>
43       <enumeration value="false"/>
44       <enumeration value="front"/>
45       <enumeration value="back"/>
46     </restriction>
47   </simpleType>
48
49   <complexType name="PluggableType">
50     <sequence>
51       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
52     </sequence>
53     <attribute name="type" type="conf:string" use="required"/>
54     <anyAttribute namespace="##any" processContents="lax"/>
55   </complexType>
56
57   <complexType name="ExtensionsType">
58     <annotation>
59       <documentation>Container for extension libraries and custom configuration</documentation>
60     </annotation>
61     <sequence>
62       <element name="Library" minOccurs="0" maxOccurs="unbounded">
63         <complexType>
64           <sequence>
65             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
66           </sequence>
67           <attribute name="path" type="anyURI" use="required"/>
68           <attribute name="fatal" type="boolean"/>
69           <anyAttribute namespace="##any" processContents="lax"/>
70         </complexType>
71       </element>
72       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
73     </sequence>
74   </complexType>
75
76   <complexType name="StorageServiceType">
77     <annotation>
78       <documentation>References StorageService plugins</documentation>
79     </annotation>
80     <complexContent>
81       <restriction base="conf:PluggableType">
82         <sequence>
83           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
84         </sequence>
85         <attribute name="id" type="ID" use="required"/>
86         <attribute name="cleanupInterval" type="unsignedInt"/>
87         <anyAttribute namespace="##any" processContents="lax"/>
88       </restriction>
89     </complexContent>
90   </complexType>
91
92   <complexType name="SessionCacheType">
93     <annotation>
94       <documentation>References SessionCache plugins</documentation>
95     </annotation>
96     <complexContent>
97       <restriction base="conf:PluggableType">
98         <sequence>
99           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
100         </sequence>
101         <attribute name="StorageService" type="IDREF"/>
102         <attribute name="cacheAllowance" type="unsignedInt"/>
103         <attribute name="cacheTimeout" type="unsignedInt"/> <!-- deprecated -->
104         <anyAttribute namespace="##any" processContents="lax"/>
105       </restriction>
106     </complexContent>
107   </complexType>
108
109   <complexType name="ReplayCacheType">
110     <annotation>
111       <documentation>Ties ReplayCache to a custom StorageService</documentation>
112     </annotation>
113     <sequence/>
114     <attribute name="StorageService" type="IDREF"/>
115   </complexType>
116
117   <complexType name="ArtifactMapType">
118     <annotation>
119       <documentation>Customizes an ArtifactMap</documentation>
120     </annotation>
121     <sequence/>
122     <attribute name="StorageService" type="IDREF"/>
123     <attribute name="context" type="conf:string"/>
124     <attribute name="artifactTTL" type="unsignedInt"/>
125   </complexType>
126
127   <complexType name="OutOfProcessType">
128     <annotation>
129       <documentation>Container for out-of-process (shibd) configuration</documentation>
130     </annotation>
131     <sequence>
132       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
133       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
134     </sequence>
135     <attribute name="logger" type="anyURI"/>
136     <attribute name="catchAll" type="boolean"/>
137     <anyAttribute namespace="##other" processContents="lax"/>
138   </complexType>
139
140   <complexType name="InProcessType">
141     <annotation>
142       <documentation>
143         Container for configuration of locally integrated or platform-specific
144         features (e.g. web server filters)
145       </documentation>
146     </annotation>
147     <sequence>
148       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
149       <element name="ISAPI" minOccurs="0">
150         <complexType>
151           <sequence>
152             <element name="Site" maxOccurs="unbounded">
153               <complexType>
154                 <sequence>
155                   <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
156                 </sequence>
157                 <attribute name="id" type="unsignedInt" use="required"/>
158                 <attribute name="name" type="conf:string" use="required"/>
159                 <attribute name="port" type="unsignedInt"/>
160                 <attribute name="sslport" type="unsignedInt"/>
161                 <attribute name="scheme" type="conf:string"/>
162               </complexType>
163             </element>
164             <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
165           </sequence>
166           <attribute name="normalizeRequest" type="boolean"/>
167           <attribute name="safeHeaderNames" type="boolean"/>
168           <anyAttribute namespace="##other" processContents="lax"/>
169         </complexType>
170       </element>
171       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
172     </sequence>
173     <attribute name="logger" type="anyURI"/>
174     <attribute name="unsetHeaderValue" type="conf:string"/>
175     <attribute name="checkSpoofing" type="boolean"/>
176     <attribute name="spoofKey" type="conf:string"/>
177     <attribute name="catchAll" type="boolean"/>
178     <anyAttribute namespace="##other" processContents="lax"/>
179   </complexType>
180
181   <element name="AccessControl" type="conf:UniOperatorType">
182     <annotation>
183       <documentation>
184         A simple example access policy language extension that supersedes Apache .htaccess
185       </documentation>
186     </annotation>
187   </element>
188   <complexType name="UniOperatorType">
189     <choice>
190       <element name="AND" type="conf:MultiOperatorType"/>
191       <element name="OR" type="conf:MultiOperatorType"/>
192       <element name="NOT" type="conf:UniOperatorType"/>
193       <element name="Rule" type="conf:RuleType"/>
194       <element name="RuleRegex" type="conf:RuleRegexType"/>
195     </choice>
196   </complexType>
197   <complexType name="MultiOperatorType">
198     <choice minOccurs="2" maxOccurs="unbounded">
199       <element name="AND" type="conf:MultiOperatorType"/>
200       <element name="OR" type="conf:MultiOperatorType"/>
201       <element name="NOT" type="conf:UniOperatorType"/>
202       <element name="Rule" type="conf:RuleType"/>
203       <element name="RuleRegex" type="conf:RuleRegexType"/>
204     </choice>
205   </complexType>
206   <complexType name="RuleType">
207     <simpleContent>
208       <extension base="conf:listOfStrings">
209         <attribute name="require" type="conf:string" use="required"/>
210         <attribute name="list" type="boolean"/>
211       </extension>
212     </simpleContent>
213   </complexType>
214   <complexType name="RuleRegexType">
215     <simpleContent>
216       <extension base="conf:string">
217         <attribute name="require" type="conf:string" use="required"/>
218         <attribute name="ignoreCase" type="boolean"/>
219       </extension>
220     </simpleContent>
221   </complexType>
222
223   <attributeGroup name="ContentSettings">
224     <attribute name="applicationId" type="conf:string"/>
225     <attribute name="authType" type="conf:string"/>
226     <attribute name="requireSession" type="boolean"/>
227     <attribute name="requireSessionWith" type="conf:string"/>
228     <attribute name="exportAssertion" type="boolean"/>
229     <attribute name="redirectToSSL" type="unsignedInt"/>
230     <attribute name="entityID" type="anyURI"/>
231     <attribute name="discoveryURL" type="anyURI"/>
232     <attribute name="isPassive" type="boolean"/>
233     <attribute name="returnOnError" type="boolean"/>
234     <attribute name="forceAuthn" type="boolean"/>
235     <attribute name="authnContextClassRef" type="anyURI"/>
236     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
237     <attribute name="NameIDFormat" type="anyURI"/>
238     <attribute name="SPNameQualifier" type="conf:string"/>
239     <attribute name="redirectErrors" type="anyURI"/>
240     <attribute name="sessionError" type="anyURI"/>
241     <attribute name="metadataError" type="anyURI"/>
242     <attribute name="accessError" type="anyURI"/>
243     <attribute name="sslError" type="anyURI"/>
244     <attribute name="target" type="anyURI"/>
245     <attribute name="acsIndex" type="unsignedShort"/>
246     <attribute name="REMOTE_ADDR" type="conf:string"/>
247     <anyAttribute namespace="##other" processContents="lax"/>
248   </attributeGroup>
249
250   <element name="RequestMap">
251     <annotation>
252       <documentation>
253         Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
254       </documentation>
255     </annotation>
256     <complexType>
257       <sequence>
258         <choice minOccurs="0">
259           <element name="htaccess" type="conf:PluggableType"/>
260           <element ref="conf:AccessControl"/>
261           <element name="AccessControlProvider" type="conf:PluggableType"/>
262         </choice>
263         <choice minOccurs="0" maxOccurs="unbounded">
264           <element name="Host" type="conf:HostType"/>
265           <element name="HostRegex" type="conf:HostRegexType"/>
266         </choice>
267         <element ref="ds:Signature" minOccurs="0"/>
268       </sequence>
269       <attributeGroup ref="conf:ContentSettings"/>
270     </complexType>
271   </element>
272
273   <complexType name="HostType">
274     <sequence>
275       <choice minOccurs="0">
276         <element name="htaccess" type="conf:PluggableType"/>
277         <element ref="conf:AccessControl"/>
278         <element name="AccessControlProvider" type="conf:PluggableType"/>
279       </choice>
280       <choice minOccurs="0" maxOccurs="unbounded">
281         <element name="Path" type="conf:PathType"/>
282         <element name="PathRegex" type="conf:PathRegexType"/>
283         <element name="Query" type="conf:QueryType"/>
284       </choice>
285     </sequence>
286     <attribute name="scheme">
287       <simpleType>
288         <restriction base="conf:string">
289           <enumeration value="http"/>
290           <enumeration value="https"/>
291           <enumeration value="ftp"/>
292           <enumeration value="ldap"/>
293           <enumeration value="ldaps"/>
294         </restriction>
295       </simpleType>
296     </attribute>
297     <attribute name="name" type="conf:string" use="required"/>
298     <attribute name="port" type="unsignedInt"/>
299     <attributeGroup ref="conf:ContentSettings"/>
300   </complexType>
301
302   <complexType name="HostRegexType">
303     <sequence>
304       <choice minOccurs="0">
305         <element name="htaccess" type="conf:PluggableType"/>
306         <element ref="conf:AccessControl"/>
307         <element name="AccessControlProvider" type="conf:PluggableType"/>
308       </choice>
309       <choice minOccurs="0" maxOccurs="unbounded">
310         <element name="Path" type="conf:PathType"/>
311         <element name="PathRegex" type="conf:PathRegexType"/>
312         <element name="Query" type="conf:QueryType"/>
313       </choice>
314     </sequence>
315     <attribute name="regex" type="conf:string" use="required"/>
316     <attribute name="ignoreCase" type="boolean"/>
317     <attributeGroup ref="conf:ContentSettings"/>
318   </complexType>
319
320   <complexType name="PathType">
321     <sequence>
322       <choice minOccurs="0">
323         <element name="htaccess" type="conf:PluggableType"/>
324         <element ref="conf:AccessControl"/>
325         <element name="AccessControlProvider" type="conf:PluggableType"/>
326       </choice>
327       <choice minOccurs="0" maxOccurs="unbounded">
328         <element name="Path" type="conf:PathType"/>
329         <element name="PathRegex" type="conf:PathRegexType"/>
330         <element name="Query" type="conf:QueryType"/>
331       </choice>
332     </sequence>
333     <attribute name="name" type="conf:string" use="required"/>
334     <attributeGroup ref="conf:ContentSettings"/>
335   </complexType>
336
337   <complexType name="PathRegexType">
338     <sequence>
339       <choice minOccurs="0">
340         <element name="htaccess" type="conf:PluggableType"/>
341         <element ref="conf:AccessControl"/>
342         <element name="AccessControlProvider" type="conf:PluggableType"/>
343       </choice>
344       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
345     </sequence>
346     <attribute name="regex" type="conf:string" use="required"/>
347     <attribute name="ignoreCase" type="boolean"/>
348     <attributeGroup ref="conf:ContentSettings"/>
349   </complexType>
350
351   <complexType name="QueryType">
352     <sequence>
353       <choice minOccurs="0">
354         <element name="htaccess" type="conf:PluggableType"/>
355         <element ref="conf:AccessControl"/>
356         <element name="AccessControlProvider" type="conf:PluggableType"/>
357       </choice>
358       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
359     </sequence>
360     <attribute name="name" type="conf:string" use="required"/>
361     <attribute name="regex" type="conf:string"/>
362     <attributeGroup ref="conf:ContentSettings"/>
363   </complexType>
364
365   <complexType name="ApplicationDefaultsType">
366     <annotation>
367       <documentation>Container for default settings and application-specific overrides</documentation>
368     </annotation>
369     <sequence>
370       <element name="Sessions" type="conf:SessionsType"/>
371       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
372       <choice minOccurs="0" maxOccurs="unbounded">
373         <element name="RelyingParty" type="conf:RelyingPartyType"/>
374         <element name="Notify" type="conf:NotifyType"/>
375         <element ref="saml:Audience"/>
376         <element name="MetadataProvider" type="conf:PluggableType"/>
377         <element name="TrustEngine" type="conf:PluggableType"/>
378         <element name="AttributeExtractor" type="conf:PluggableType"/>
379         <element name="AttributeResolver" type="conf:PluggableType"/>
380         <element name="AttributeFilter" type="conf:PluggableType"/>
381         <element name="CredentialResolver" type="conf:PluggableType"/>
382         <element name="ApplicationOverride" type="conf:ApplicationOverrideType"/>
383       </choice>
384     </sequence>
385     <attribute name="id" type="conf:string" fixed="default"/>
386     <attribute name="entityID" type="anyURI" use="required"/>
387     <attribute name="policyId" type="conf:string"/>
388     <attributeGroup ref="conf:ApplicationGroup"/>
389     <attributeGroup ref="conf:RelyingPartyGroup"/>
390     <anyAttribute namespace="##other" processContents="lax"/>
391   </complexType>
392
393   <complexType name="ApplicationOverrideType">
394     <annotation>
395       <documentation>Container for application-specific overrides</documentation>
396     </annotation>
397     <sequence>
398       <element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
399       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
400       <choice minOccurs="0" maxOccurs="unbounded">
401         <element name="RelyingParty" type="conf:RelyingPartyType"/>
402         <element name="Notify" type="conf:NotifyType"/>
403         <element ref="saml:Audience"/>
404         <element name="MetadataProvider" type="conf:PluggableType"/>
405         <element name="TrustEngine" type="conf:PluggableType"/>
406         <element name="AttributeExtractor" type="conf:PluggableType"/>
407         <element name="AttributeResolver" type="conf:PluggableType"/>
408         <element name="AttributeFilter" type="conf:PluggableType"/>
409         <element name="CredentialResolver" type="conf:PluggableType"/>
410       </choice>
411     </sequence>
412     <attribute name="id" type="conf:string" use="required"/>
413     <attribute name="entityID" type="anyURI"/>
414     <attribute name="policyId" type="conf:string"/>
415     <attributeGroup ref="conf:ApplicationGroup"/>
416     <attributeGroup ref="conf:RelyingPartyGroup"/>
417     <anyAttribute namespace="##other" processContents="lax"/>
418   </complexType>
419
420   <attributeGroup name="ApplicationGroup">
421     <attribute name="homeURL" type="anyURI"/>
422     <attribute name="REMOTE_USER" type="conf:listOfStrings"/>
423     <attribute name="unsetHeaders" type="conf:listOfStrings"/>
424     <attribute name="metadataAttributePrefix" type="conf:string"/>
425     <attribute name="attributePrefix" type="conf:string"/>
426   </attributeGroup>
427
428   <attributeGroup name="RelyingPartyGroup">
429     <attribute name="authType" type="conf:string"/>
430     <attribute name="authUsername" type="conf:string"/>
431     <attribute name="authPassword" type="conf:string"/>
432     <attribute name="signing" type="conf:bindingBoolean"/>
433     <attribute name="signingAlg" type="anyURI"/>
434     <attribute name="digestAlg" type="anyURI"/>
435     <attribute name="encryption" type="conf:bindingBoolean"/>
436     <attribute name="encryptionAlg" type="anyURI"/>
437     <attribute name="keyName" type="conf:string"/>
438     <attribute name="artifactEndpointIndex" type="unsignedShort"/>
439     <attribute name="chunkedEncoding" type="boolean"/>
440     <attribute name="connectTimeout" type="unsignedShort"/>
441     <attribute name="timeout" type="unsignedShort"/>
442     <attribute name="requireConfidentiality" type="boolean"/>
443     <attribute name="requireTransportAuth" type="boolean"/>
444     <attribute name="requireSignedAssertions" type="boolean"/>
445   </attributeGroup>
446     
447   <complexType name="SessionsType">
448     <annotation>
449       <documentation>Container for specifying protocol handlers and session policy</documentation>
450     </annotation>
451     <sequence>
452       <element name="SSO" minOccurs="0">
453         <complexType>
454           <annotation>
455             <documentation>Implicitly configures SessionInitiator and AssertionConsumerService handlers</documentation>
456           </annotation>
457           <simpleContent>
458             <extension base="conf:listOfStrings">
459               <attribute name="discoveryProtocol" type="conf:string"/>
460               <attribute name="discoveryURL" type="anyURI"/>
461               <attributeGroup ref="conf:SessionInitiatorGroup"/>
462             </extension>
463           </simpleContent>
464         </complexType>
465       </element>
466       <element name="Logout" minOccurs="0">
467         <complexType>
468           <annotation>
469             <documentation>Implicitly configures LogoutInitiator and SingleLogoutService handlers</documentation>
470           </annotation>
471           <simpleContent>
472             <extension base="conf:listOfStrings">
473               <attributeGroup ref="conf:LogoutInitiatorGroup"/>
474             </extension>
475           </simpleContent>
476         </complexType>
477       </element>
478       <element name="NameIDMgmt" type="conf:listOfStrings" minOccurs="0">
479         <annotation>
480           <documentation>Implicitly configures ManageNameIDService handlers</documentation>
481         </annotation>
482       </element>
483       <choice minOccurs="0" maxOccurs="unbounded">
484         <element ref="conf:SessionInitiator"/>
485         <element ref="conf:LogoutInitiator"/>
486         <element ref="md:AssertionConsumerService"/>
487         <element ref="md:ArtifactResolutionService"/>
488         <element ref="md:SingleLogoutService"/>
489         <element ref="md:ManageNameIDService"/>
490         <element ref="conf:Handler"/>
491       </choice>
492     </sequence>
493     <attribute name="handlerURL" type="anyURI"/>
494     <attribute name="handlerSSL" type="boolean"/>
495     <attribute name="exportLocation" type="conf:string"/>
496     <attribute name="exportACL" type="conf:listOfStrings"/>
497     <attribute name="cookieName" type="conf:string"/>
498     <attribute name="cookieProps" type="conf:string"/>
499     <attribute name="cookieLifetime" type="unsignedInt"/>
500     <attribute name="idpHistory" type="boolean"/>
501     <attribute name="idpHistoryDays" type="unsignedInt"/>
502     <attribute name="lifetime" type="unsignedInt"/>
503     <attribute name="timeout" type="unsignedInt"/>
504     <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>
505     <attribute name="checkAddress" type="boolean"/>
506     <attribute name="consistentAddress" type="boolean"/>
507     <attribute name="postData" type="conf:string"/>
508     <attribute name="postLimit" type="positiveInteger"/>
509     <attribute name="postTemplate" type="conf:string"/>
510     <attribute name="postExpire" type="boolean"/>
511     <attribute name="relayState" type="conf:string"/>
512     <anyAttribute namespace="##other" processContents="lax"/>
513   </complexType>
514
515   <attribute name="policyId" type="conf:string">
516     <annotation>
517       <documentation>Used to override Policy from profile endpoints</documentation>
518     </annotation>
519   </attribute>
520
521   <attributeGroup name="SessionInitiatorGroup">
522     <annotation>
523       <documentation>Options common to explicit and implicit SessionInitiators</documentation>
524     </annotation>
525     <attribute name="relayState" type="conf:string"/>
526     <attribute name="entityIDParam" type="conf:string"/>
527     <attribute name="entityID" type="anyURI"/>
528     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
529     <attribute name="preservedOptions" type="conf:listOfStrings"/>
530     <attribute name="template" type="anyURI"/>
531     <attribute name="postArtifact" type="boolean"/>
532     <attribute name="acsByIndex" type="boolean"/>
533     <attribute name="isPassive" type="boolean"/>
534     <attribute name="returnOnError" type="boolean"/>
535     <attribute name="forceAuthn" type="boolean"/>
536     <attribute name="authnContextClassRef" type="anyURI"/>
537     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
538     <attribute name="NameIDFormat" type="anyURI"/>
539     <attribute name="SPNameQualifier" type="conf:string"/>
540     <attribute name="requestDelegation" type="boolean"/>
541     <attribute name="target" type="anyURI"/>
542     <anyAttribute namespace="##any" processContents="lax"/>
543   </attributeGroup>
544
545   <element name="SessionInitiator">
546     <annotation>
547       <documentation>Used to specify handlers that can issue AuthnRequests or perform discovery</documentation>
548     </annotation>
549     <complexType>
550       <complexContent>
551         <restriction base="conf:PluggableType">
552           <sequence>
553             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
554           </sequence>
555           <attribute name="Location" type="anyURI"/>
556           <attribute name="id" type="conf:string"/>
557           <attribute name="isDefault" type="boolean"/>
558           <attribute name="URL" type="anyURI"/>
559           <attribute name="acsIndex" type="unsignedShort"/>
560           <attribute name="defaultACSIndex" type="unsignedShort"/>  <!-- deprecated -->
561           <attributeGroup ref="conf:SessionInitiatorGroup"/>
562         </restriction>
563       </complexContent>
564     </complexType>
565   </element>
566
567   <attributeGroup name="LogoutInitiatorGroup">
568     <annotation>
569       <documentation>Options common to explicit and implicit LogoutInitiators</documentation>
570     </annotation>
571     <attribute name="relayState" type="conf:string"/>
572     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
573     <attribute name="template" type="anyURI"/>
574     <attribute name="postArtifact" type="boolean"/>
575     <anyAttribute namespace="##any" processContents="lax"/>
576   </attributeGroup>
577
578   <element name="LogoutInitiator">
579     <annotation>
580       <documentation>Used to specify handlers that can issue LogoutRequests</documentation>
581     </annotation>
582     <complexType>
583       <complexContent>
584         <restriction base="conf:PluggableType">
585           <sequence>
586             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
587           </sequence>
588           <attribute name="Location" type="anyURI"/>
589           <attributeGroup ref="conf:LogoutInitiatorGroup"/>
590         </restriction>
591       </complexContent>
592     </complexType>
593   </element>
594
595   <element name="Handler">
596     <annotation>
597       <documentation>Used to specify custom handlers</documentation>
598     </annotation>
599     <complexType>
600       <complexContent>
601         <restriction base="conf:PluggableType">
602           <sequence>
603             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
604           </sequence>
605           <attribute name="Location" type="anyURI" use="required"/>
606           <attribute name="acl" type="conf:listOfStrings"/>
607           <anyAttribute namespace="##any" processContents="lax"/>
608         </restriction>
609       </complexContent>
610     </complexType>
611   </element>
612
613   <complexType name="ErrorsType">
614     <annotation>
615       <documentation>Container for error templates and associated details</documentation>
616     </annotation>
617     <sequence>
618       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
619     </sequence>
620     <attribute name="redirectErrors" type="anyURI"/>
621     <attribute name="session" type="anyURI"/>
622     <attribute name="metadata" type="anyURI"/>
623     <attribute name="access" type="anyURI"/>
624     <attribute name="ssl" type="anyURI"/>
625     <attribute name="localLogout" type="anyURI"/>
626     <attribute name="globalLogout" type="anyURI"/>
627     <attribute name="partialLogout" type="anyURI"/>
628     <attribute name="supportContact" type="conf:string"/>
629     <attribute name="logoLocation" type="anyURI"/>
630     <attribute name="styleSheet" type="anyURI"/>
631     <anyAttribute namespace="##any" processContents="lax"/>
632   </complexType>
633
634   <complexType name="RelyingPartyType">
635     <annotation>
636       <documentation>Container for specifying settings to use with particular peers</documentation>
637     </annotation>
638     <sequence/>
639     <attribute name="Name" type="conf:string" use="required"/>
640     <attributeGroup ref="conf:RelyingPartyGroup"/>
641     <attribute name="entityID" type="anyURI"/>
642     <anyAttribute namespace="##other" processContents="lax"/>
643   </complexType>
644
645   <complexType name="NotifyType">
646     <annotation>
647       <documentation>Used to specify locations to receive application notifications</documentation>
648     </annotation>
649     <sequence/>
650     <attribute name="Channel" use="required">
651       <simpleType>
652         <restriction base="string">
653           <enumeration value="front"/>
654           <enumeration value="back"/>
655         </restriction>
656       </simpleType>
657     </attribute>
658     <attribute name="Location" type="anyURI" use="required"/>
659     <anyAttribute namespace="##any" processContents="lax"/>
660   </complexType>
661
662   <element name="SecurityPolicies">
663     <complexType>
664       <annotation>
665         <documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>
666       </annotation>
667       <sequence>
668         <element name="Policy" minOccurs="1" maxOccurs="unbounded">
669           <annotation>
670             <documentation>Specifies a set of SecurityPolicyRule plugins</documentation>
671           </annotation>
672           <complexType>
673             <choice>
674               <element name="Rule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
675               <element name="PolicyRule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
676             </choice>
677             <attribute name="id" type="conf:string" use="required"/>
678             <attribute name="validate" type="boolean"/>
679             <anyAttribute namespace="##any" processContents="lax"/>
680           </complexType>
681         </element>
682         <choice minOccurs="0">
683           <element name="AlgorithmWhitelist" type="conf:listOfURIs"/>
684           <element name="AlgorithmBlacklist" type="conf:listOfURIs"/>
685         </choice>
686       </sequence>
687     </complexType>
688   </element>
689
690   <element name="TransportOption">
691     <annotation>
692       <documentation>Implementation-specific option to pass to SOAPTransport provider.</documentation>
693     </annotation>
694     <complexType>
695       <simpleContent>
696         <extension base="anySimpleType">
697           <attribute name="provider" type="conf:string" use="required"/>
698           <attribute name="option" type="conf:string" use="required"/>
699         </extension>
700       </simpleContent>
701     </complexType>
702   </element>
703
704   <element name="SPConfig">
705     <complexType>
706       <annotation>
707         <documentation>Root of configuration</documentation>
708       </annotation>
709       <sequence>
710         <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
711         <element name="OutOfProcess" type="conf:OutOfProcessType" minOccurs="0"/>
712         <element name="InProcess" type="conf:InProcessType" minOccurs="0"/>
713         <choice minOccurs="0">
714           <element name="UnixListener">
715             <complexType>
716               <attribute name="address" type="conf:string" use="required"/>
717               <attribute name="stackSize" type="unsignedInt"/>
718             </complexType>
719           </element>
720           <element name="TCPListener">
721             <complexType>
722               <attribute name="address" type="conf:string" use="required"/>
723               <attribute name="port" type="unsignedInt" use="required"/>
724               <attribute name="acl" type="conf:listOfStrings"/>
725               <attribute name="stackSize" type="unsignedInt"/>
726             </complexType>
727           </element>
728           <element name="Listener" type="conf:PluggableType"/>
729         </choice>
730         <element name="StorageService" type="conf:StorageServiceType" minOccurs="0" maxOccurs="unbounded"/>
731         <element name="SessionCache" type="conf:SessionCacheType" minOccurs="0"/>
732         <element name="ReplayCache" type="conf:ReplayCacheType" minOccurs="0"/>
733         <element name="ArtifactMap" type="conf:ArtifactMapType" minOccurs="0"/>
734         <element name="RequestMapper" type="conf:PluggableType" minOccurs="0"/>
735         <element name="ApplicationDefaults" type="conf:ApplicationDefaultsType"/>
736         <choice>
737           <element name="SecurityPolicyProvider" type="conf:PluggableType"/>
738           <element ref="conf:SecurityPolicies"/> <!-- deprecated -->
739         </choice>
740         <element name="ProtocolProvider" type="conf:PluggableType" minOccurs="0"/>
741         <element ref="conf:TransportOption" minOccurs="0" maxOccurs="unbounded"/>
742         <element ref="ds:Signature" minOccurs="0"/>
743       </sequence>
744       <attribute name="logger" type="anyURI"/>
745       <attribute name="clockSkew" type="unsignedInt"/>
746       <attribute name="unsafeChars" type="conf:string"/>
747       <attribute name="allowedSchemes" type="conf:listOfStrings"/>
748       <anyAttribute namespace="##other" processContents="lax"/>
749     </complexType>
750   </element>
751
752 </schema>
Shibboleth SP