projects / shibboleth / sp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add schema for new config settings
[shibboleth/sp.git] / schemas / shibboleth-2.0-native-sp-config.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:2.0:native:sp:config"
3         xmlns="http://www.w3.org/2001/XMLSchema"
4         xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
5   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6         xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
7         xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
8         xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
9         elementFormDefault="qualified"
10         attributeFormDefault="unqualified"
11         blockDefault="substitution"
12         version="2.5">
13
14   <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
15   <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
16   <import namespace="urn:oasis:names:tc:SAML:2.0:protocol" schemaLocation="saml-schema-protocol-2.0.xsd"/>
17   <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
18
19   <annotation>
20     <documentation>
21       2.0 schema for XML-based configuration of Shibboleth Native SP instances.
22       First appearing in Shibboleth 2.0 release.
23     </documentation>
24   </annotation>
25
26   <simpleType name="string">
27     <restriction base="string">
28       <minLength value="1"/>
29     </restriction>
30   </simpleType>
31
32   <simpleType name="listOfStrings">
33     <list itemType="conf:string"/>
34   </simpleType>
35
36   <simpleType name="listOfURIs">
37     <list itemType="anyURI"/>
38   </simpleType>
39
40   <simpleType name="bindingBoolean">
41     <restriction base="string">
42       <enumeration value="true"/>
43       <enumeration value="false"/>
44       <enumeration value="front"/>
45       <enumeration value="back"/>
46     </restriction>
47   </simpleType>
48
49   <simpleType name="relayStateLimitType">
50     <restriction base="string">
51       <enumeration value="none"/>
52       <enumeration value="exact"/>
53       <enumeration value="host"/>
54       <enumeration value="whitelist"/>
55     </restriction>
56   </simpleType>
57
58   <complexType name="PluggableType">
59     <sequence>
60       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
61     </sequence>
62     <attribute name="type" type="conf:string" use="required"/>
63     <anyAttribute namespace="##any" processContents="lax"/>
64   </complexType>
65
66   <complexType name="ExtensionsType">
67     <annotation>
68       <documentation>Container for extension libraries and custom configuration</documentation>
69     </annotation>
70     <sequence>
71       <element name="Library" minOccurs="0" maxOccurs="unbounded">
72         <complexType>
73           <sequence>
74             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
75           </sequence>
76           <attribute name="path" type="anyURI" use="required"/>
77           <attribute name="fatal" type="boolean"/>
78           <anyAttribute namespace="##any" processContents="lax"/>
79         </complexType>
80       </element>
81       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
82     </sequence>
83   </complexType>
84
85   <complexType name="StorageServiceType">
86     <annotation>
87       <documentation>References StorageService plugins</documentation>
88     </annotation>
89     <complexContent>
90       <restriction base="conf:PluggableType">
91         <sequence>
92           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
93         </sequence>
94         <attribute name="id" type="ID" use="required"/>
95         <attribute name="cleanupInterval" type="unsignedInt"/>
96         <anyAttribute namespace="##any" processContents="lax"/>
97       </restriction>
98     </complexContent>
99   </complexType>
100
101   <complexType name="SessionCacheType">
102     <annotation>
103       <documentation>References SessionCache plugins</documentation>
104     </annotation>
105     <complexContent>
106       <restriction base="conf:PluggableType">
107         <sequence>
108           <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
109         </sequence>
110         <attribute name="StorageService" type="IDREF"/>
111         <attribute name="cacheAllowance" type="unsignedInt"/>
112         <attribute name="cacheTimeout" type="unsignedInt"/> <!-- deprecated -->
113         <anyAttribute namespace="##any" processContents="lax"/>
114       </restriction>
115     </complexContent>
116   </complexType>
117
118   <complexType name="ReplayCacheType">
119     <annotation>
120       <documentation>Ties ReplayCache to a custom StorageService</documentation>
121     </annotation>
122     <sequence/>
123     <attribute name="StorageService" type="IDREF"/>
124   </complexType>
125
126   <complexType name="ArtifactMapType">
127     <annotation>
128       <documentation>Customizes an ArtifactMap</documentation>
129     </annotation>
130     <sequence/>
131     <attribute name="StorageService" type="IDREF"/>
132     <attribute name="context" type="conf:string"/>
133     <attribute name="artifactTTL" type="unsignedInt"/>
134   </complexType>
135
136   <complexType name="OutOfProcessType">
137     <annotation>
138       <documentation>Container for out-of-process (shibd) configuration</documentation>
139     </annotation>
140     <sequence>
141       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
142       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
143     </sequence>
144     <attribute name="logger" type="anyURI"/>
145     <attribute name="tranLogFormat" type="conf:string"/>
146     <attribute name="tranLogFiller" type="conf:string"/>
147     <attribute name="catchAll" type="boolean"/>
148     <anyAttribute namespace="##other" processContents="lax"/>
149   </complexType>
150
151   <complexType name="InProcessType">
152     <annotation>
153       <documentation>
154         Container for configuration of locally integrated or platform-specific
155         features (e.g. web server filters)
156       </documentation>
157     </annotation>
158     <sequence>
159       <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
160       <element name="ISAPI" minOccurs="0">
161         <complexType>
162           <sequence>
163             <element name="Site" maxOccurs="unbounded">
164               <complexType>
165                 <sequence>
166                   <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
167                 </sequence>
168                 <attribute name="id" type="unsignedInt" use="required"/>
169                 <attribute name="name" type="conf:string" use="required"/>
170                 <attribute name="port" type="unsignedInt"/>
171                 <attribute name="sslport" type="unsignedInt"/>
172                 <attribute name="scheme" type="conf:string"/>
173               </complexType>
174             </element>
175             <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
176           </sequence>
177           <attribute name="normalizeRequest" type="boolean"/>
178           <attribute name="safeHeaderNames" type="boolean"/>
179           <anyAttribute namespace="##other" processContents="lax"/>
180         </complexType>
181       </element>
182       <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
183     </sequence>
184     <attribute name="logger" type="anyURI"/>
185     <attribute name="unsetHeaderValue" type="conf:string"/>
186     <attribute name="checkSpoofing" type="boolean"/>
187     <attribute name="spoofKey" type="conf:string"/>
188     <attribute name="catchAll" type="boolean"/>
189     <attribute name="extraAuthTypes" type="conf:listOfStrings"/>
190     <anyAttribute namespace="##other" processContents="lax"/>
191   </complexType>
192
193   <element name="AccessControl" type="conf:UniOperatorType">
194     <annotation>
195       <documentation>
196         A simple example access policy language extension that supersedes Apache .htaccess
197       </documentation>
198     </annotation>
199   </element>
200   <complexType name="UniOperatorType">
201     <choice>
202       <element name="AND" type="conf:MultiOperatorType"/>
203       <element name="OR" type="conf:MultiOperatorType"/>
204       <element name="NOT" type="conf:UniOperatorType"/>
205       <element name="Rule" type="conf:RuleType"/>
206       <element name="RuleRegex" type="conf:RuleRegexType"/>
207     </choice>
208   </complexType>
209   <complexType name="MultiOperatorType">
210     <choice minOccurs="2" maxOccurs="unbounded">
211       <element name="AND" type="conf:MultiOperatorType"/>
212       <element name="OR" type="conf:MultiOperatorType"/>
213       <element name="NOT" type="conf:UniOperatorType"/>
214       <element name="Rule" type="conf:RuleType"/>
215       <element name="RuleRegex" type="conf:RuleRegexType"/>
216     </choice>
217   </complexType>
218   <complexType name="RuleType">
219     <simpleContent>
220       <extension base="conf:listOfStrings">
221         <attribute name="require" type="conf:string" use="required"/>
222         <attribute name="list" type="boolean"/>
223       </extension>
224     </simpleContent>
225   </complexType>
226   <complexType name="RuleRegexType">
227     <simpleContent>
228       <extension base="conf:string">
229         <attribute name="require" type="conf:string" use="required"/>
230         <attribute name="ignoreCase" type="boolean"/>
231       </extension>
232     </simpleContent>
233   </complexType>
234
235   <attributeGroup name="ContentSettings">
236     <attribute name="applicationId" type="conf:string"/>
237     <attribute name="authType" type="conf:string"/>
238     <attribute name="requireSession" type="boolean"/>
239     <attribute name="requireSessionWith" type="conf:string"/>
240     <attribute name="exportAssertion" type="boolean"/>
241     <attribute name="exportStdVars" type="boolean"/>
242     <attribute name="redirectToSSL" type="unsignedInt"/>
243     <attribute name="entityID" type="anyURI"/>
244     <attribute name="discoveryURL" type="anyURI"/>
245     <attribute name="isPassive" type="boolean"/>
246     <attribute name="returnOnError" type="boolean"/>
247     <attribute name="forceAuthn" type="boolean"/>
248     <attribute name="authnContextClassRef" type="conf:listOfURIs"/>
249     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
250     <attribute name="NameIDFormat" type="anyURI"/>
251     <attribute name="SPNameQualifier" type="conf:string"/>
252     <attribute name="redirectErrors" type="anyURI"/>
253     <attribute name="sessionError" type="anyURI"/>
254     <attribute name="metadataError" type="anyURI"/>
255     <attribute name="accessError" type="anyURI"/>
256     <attribute name="sslError" type="anyURI"/>
257     <attribute name="target" type="anyURI"/>
258     <attribute name="acsIndex" type="unsignedShort"/>
259     <attribute name="REMOTE_ADDR" type="conf:string"/>
260     <attribute name="encoding" type="conf:string"/>
261     <anyAttribute namespace="##other" processContents="lax"/>
262   </attributeGroup>
263
264   <element name="RequestMap">
265     <annotation>
266       <documentation>
267         Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
268       </documentation>
269     </annotation>
270     <complexType>
271       <sequence>
272         <choice minOccurs="0">
273           <element name="htaccess" type="conf:PluggableType"/>
274           <element ref="conf:AccessControl"/>
275           <element name="AccessControlProvider" type="conf:PluggableType"/>
276         </choice>
277         <choice minOccurs="0" maxOccurs="unbounded">
278           <element name="Host" type="conf:HostType"/>
279           <element name="HostRegex" type="conf:HostRegexType"/>
280         </choice>
281         <element ref="ds:Signature" minOccurs="0"/>
282       </sequence>
283       <attribute name="unicodeAware" type="boolean"/>
284       <attributeGroup ref="conf:ContentSettings"/>
285     </complexType>
286   </element>
287
288   <complexType name="HostType">
289     <sequence>
290       <choice minOccurs="0">
291         <element name="htaccess" type="conf:PluggableType"/>
292         <element ref="conf:AccessControl"/>
293         <element name="AccessControlProvider" type="conf:PluggableType"/>
294       </choice>
295       <choice minOccurs="0" maxOccurs="unbounded">
296         <element name="Path" type="conf:PathType"/>
297         <element name="PathRegex" type="conf:PathRegexType"/>
298         <element name="Query" type="conf:QueryType"/>
299       </choice>
300     </sequence>
301     <attribute name="scheme">
302       <simpleType>
303         <restriction base="conf:string">
304           <enumeration value="http"/>
305           <enumeration value="https"/>
306           <enumeration value="ftp"/>
307           <enumeration value="ldap"/>
308           <enumeration value="ldaps"/>
309         </restriction>
310       </simpleType>
311     </attribute>
312     <attribute name="name" type="conf:string" use="required"/>
313     <attribute name="port" type="unsignedInt"/>
314     <attributeGroup ref="conf:ContentSettings"/>
315   </complexType>
316
317   <complexType name="HostRegexType">
318     <sequence>
319       <choice minOccurs="0">
320         <element name="htaccess" type="conf:PluggableType"/>
321         <element ref="conf:AccessControl"/>
322         <element name="AccessControlProvider" type="conf:PluggableType"/>
323       </choice>
324       <choice minOccurs="0" maxOccurs="unbounded">
325         <element name="Path" type="conf:PathType"/>
326         <element name="PathRegex" type="conf:PathRegexType"/>
327         <element name="Query" type="conf:QueryType"/>
328       </choice>
329     </sequence>
330     <attribute name="regex" type="conf:string" use="required"/>
331     <attribute name="ignoreCase" type="boolean"/>
332     <attributeGroup ref="conf:ContentSettings"/>
333   </complexType>
334
335   <complexType name="PathType">
336     <sequence>
337       <choice minOccurs="0">
338         <element name="htaccess" type="conf:PluggableType"/>
339         <element ref="conf:AccessControl"/>
340         <element name="AccessControlProvider" type="conf:PluggableType"/>
341       </choice>
342       <choice minOccurs="0" maxOccurs="unbounded">
343         <element name="Path" type="conf:PathType"/>
344         <element name="PathRegex" type="conf:PathRegexType"/>
345         <element name="Query" type="conf:QueryType"/>
346       </choice>
347     </sequence>
348     <attribute name="name" type="conf:string" use="required"/>
349     <attributeGroup ref="conf:ContentSettings"/>
350   </complexType>
351
352   <complexType name="PathRegexType">
353     <sequence>
354       <choice minOccurs="0">
355         <element name="htaccess" type="conf:PluggableType"/>
356         <element ref="conf:AccessControl"/>
357         <element name="AccessControlProvider" type="conf:PluggableType"/>
358       </choice>
359       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
360     </sequence>
361     <attribute name="regex" type="conf:string" use="required"/>
362     <attribute name="ignoreCase" type="boolean"/>
363     <attributeGroup ref="conf:ContentSettings"/>
364   </complexType>
365
366   <complexType name="QueryType">
367     <sequence>
368       <choice minOccurs="0">
369         <element name="htaccess" type="conf:PluggableType"/>
370         <element ref="conf:AccessControl"/>
371         <element name="AccessControlProvider" type="conf:PluggableType"/>
372       </choice>
373       <element name="Query" type="conf:QueryType" minOccurs="0" maxOccurs="unbounded"/>
374     </sequence>
375     <attribute name="name" type="conf:string" use="required"/>
376     <attribute name="regex" type="conf:string"/>
377     <attributeGroup ref="conf:ContentSettings"/>
378   </complexType>
379
380   <complexType name="ApplicationDefaultsType">
381     <annotation>
382       <documentation>Container for default settings and application-specific overrides</documentation>
383     </annotation>
384     <sequence>
385       <element name="Sessions" type="conf:SessionsType"/>
386       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
387       <choice minOccurs="0" maxOccurs="unbounded">
388         <element name="RelyingParty" type="conf:RelyingPartyType"/>
389         <element name="Notify" type="conf:NotifyType"/>
390         <element ref="saml:Audience"/>
391         <element name="MetadataProvider" type="conf:PluggableType"/>
392         <element name="TrustEngine" type="conf:PluggableType"/>
393         <element name="AttributeExtractor" type="conf:PluggableType"/>
394         <element name="AttributeResolver" type="conf:PluggableType"/>
395         <element name="AttributeFilter" type="conf:PluggableType"/>
396         <element name="CredentialResolver" type="conf:PluggableType"/>
397         <element name="ApplicationOverride" type="conf:ApplicationOverrideType"/>
398       </choice>
399     </sequence>
400     <attribute name="id" type="conf:string" fixed="default"/>
401     <attribute name="entityID" type="anyURI" use="required"/>
402     <attribute name="policyId" type="conf:string"/>
403     <attributeGroup ref="conf:ApplicationGroup"/>
404     <attributeGroup ref="conf:RelyingPartyGroup"/>
405     <anyAttribute namespace="##other" processContents="lax"/>
406   </complexType>
407
408   <complexType name="ApplicationOverrideType">
409     <annotation>
410       <documentation>Container for application-specific overrides</documentation>
411     </annotation>
412     <sequence>
413       <element name="Sessions" type="conf:SessionsType" minOccurs="0"/>
414       <element name="Errors" type="conf:ErrorsType" minOccurs="0"/>
415       <choice minOccurs="0" maxOccurs="unbounded">
416         <element name="RelyingParty" type="conf:RelyingPartyType"/>
417         <element name="Notify" type="conf:NotifyType"/>
418         <element ref="saml:Audience"/>
419         <element name="MetadataProvider" type="conf:PluggableType"/>
420         <element name="TrustEngine" type="conf:PluggableType"/>
421         <element name="AttributeExtractor" type="conf:PluggableType"/>
422         <element name="AttributeResolver" type="conf:PluggableType"/>
423         <element name="AttributeFilter" type="conf:PluggableType"/>
424         <element name="CredentialResolver" type="conf:PluggableType"/>
425       </choice>
426     </sequence>
427     <attribute name="id" type="conf:string" use="required"/>
428     <attribute name="entityID" type="anyURI"/>
429     <attribute name="policyId" type="conf:string"/>
430     <attributeGroup ref="conf:ApplicationGroup"/>
431     <attributeGroup ref="conf:RelyingPartyGroup"/>
432     <anyAttribute namespace="##other" processContents="lax"/>
433   </complexType>
434
435   <attributeGroup name="ApplicationGroup">
436     <attribute name="homeURL" type="anyURI"/>
437     <attribute name="REMOTE_USER" type="conf:listOfStrings"/>
438     <attribute name="unsetHeaders" type="conf:listOfStrings"/>
439     <attribute name="metadataAttributePrefix" type="conf:string"/>
440     <attribute name="attributePrefix" type="conf:string"/>
441   </attributeGroup>
442
443   <attributeGroup name="RelyingPartyGroup">
444     <attribute name="authType" type="conf:string"/>
445     <attribute name="authUsername" type="conf:string"/>
446     <attribute name="authPassword" type="conf:string"/>
447     <attribute name="signing" type="conf:bindingBoolean"/>
448     <attribute name="signingAlg" type="anyURI"/>
449     <attribute name="digestAlg" type="anyURI"/>
450     <attribute name="encryption" type="conf:bindingBoolean"/>
451     <attribute name="encryptionAlg" type="anyURI"/>
452     <attribute name="keyName" type="conf:string"/>
453     <attribute name="artifactEndpointIndex" type="unsignedShort"/>
454     <attribute name="chunkedEncoding" type="boolean"/>
455     <attribute name="connectTimeout" type="unsignedShort"/>
456     <attribute name="timeout" type="unsignedShort"/>
457     <attribute name="requireConfidentiality" type="boolean"/>
458     <attribute name="requireTransportAuth" type="boolean"/>
459     <attribute name="requireSignedAssertions" type="boolean"/>
460   </attributeGroup>
461     
462   <complexType name="SessionsType">
463     <annotation>
464       <documentation>Container for specifying protocol handlers and session policy</documentation>
465     </annotation>
466     <sequence>
467       <element name="SSO" minOccurs="0">
468         <complexType>
469           <annotation>
470             <documentation>Implicitly configures SessionInitiator and AssertionConsumerService handlers</documentation>
471           </annotation>
472           <simpleContent>
473             <extension base="conf:listOfStrings">
474               <attribute name="discoveryProtocol" type="conf:string"/>
475               <attribute name="discoveryURL" type="anyURI"/>
476               <attributeGroup ref="conf:SessionInitiatorGroup"/>
477             </extension>
478           </simpleContent>
479         </complexType>
480       </element>
481       <element name="Logout" minOccurs="0">
482         <complexType>
483           <annotation>
484             <documentation>Implicitly configures LogoutInitiator and SingleLogoutService handlers</documentation>
485           </annotation>
486           <simpleContent>
487             <extension base="conf:listOfStrings">
488               <attributeGroup ref="conf:LogoutInitiatorGroup"/>
489             </extension>
490           </simpleContent>
491         </complexType>
492       </element>
493       <element name="NameIDMgmt" type="conf:listOfStrings" minOccurs="0">
494         <annotation>
495           <documentation>Implicitly configures ManageNameIDService handlers</documentation>
496         </annotation>
497       </element>
498       <choice minOccurs="0" maxOccurs="unbounded">
499         <element ref="conf:SessionInitiator"/>
500         <element ref="conf:LogoutInitiator"/>
501         <element ref="md:AssertionConsumerService"/>
502         <element ref="md:ArtifactResolutionService"/>
503         <element ref="md:SingleLogoutService"/>
504         <element ref="md:ManageNameIDService"/>
505         <element ref="conf:Handler"/>
506       </choice>
507     </sequence>
508     <attribute name="handlerURL" type="anyURI"/>
509     <attribute name="handlerSSL" type="boolean"/>
510     <attribute name="exportLocation" type="conf:string"/>
511     <attribute name="exportACL" type="conf:listOfStrings"/>
512     <attribute name="cookieName" type="conf:string"/>
513     <attribute name="cookieProps" type="conf:string"/>
514     <attribute name="cookieLifetime" type="unsignedInt"/>
515     <attribute name="idpHistory" type="boolean"/>
516     <attribute name="idpHistoryDays" type="unsignedInt"/>
517     <attribute name="lifetime" type="unsignedInt"/>
518     <attribute name="timeout" type="unsignedInt"/>
519     <attribute name="maxTimeSinceAuthn" type="unsignedInt"/>
520     <attribute name="checkAddress" type="boolean"/>
521     <attribute name="consistentAddress" type="boolean"/>
522     <attribute name="postData" type="conf:string"/>
523     <attribute name="postLimit" type="positiveInteger"/>
524     <attribute name="postTemplate" type="conf:string"/>
525     <attribute name="postExpire" type="boolean"/>
526     <attribute name="relayState" type="conf:string"/>
527     <attribute name="relayStateLimit" type="conf:relayStateLimitType"/>
528     <attribute name="relayStateWhitelist" type="conf:listOfURIs"/>
529     <anyAttribute namespace="##other" processContents="lax"/>
530   </complexType>
531
532   <attribute name="policyId" type="conf:string">
533     <annotation>
534       <documentation>Used to override Policy from profile endpoints</documentation>
535     </annotation>
536   </attribute>
537
538   <attributeGroup name="SessionInitiatorGroup">
539     <annotation>
540       <documentation>Options common to explicit and implicit SessionInitiators</documentation>
541     </annotation>
542     <attribute name="relayState" type="conf:string"/>
543     <attribute name="entityIDParam" type="conf:string"/>
544     <attribute name="entityID" type="anyURI"/>
545     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
546     <attribute name="preservedOptions" type="conf:listOfStrings"/>
547     <attribute name="template" type="anyURI"/>
548     <attribute name="postArtifact" type="boolean"/>
549     <attribute name="acsByIndex" type="boolean"/>
550     <attribute name="isPassive" type="boolean"/>
551     <attribute name="returnOnError" type="boolean"/>
552     <attribute name="forceAuthn" type="boolean"/>
553     <attribute name="authnContextClassRef" type="anyURI"/>
554     <attribute name="authnContextComparison" type="samlp:AuthnContextComparisonType"/>
555     <attribute name="NameIDFormat" type="anyURI"/>
556     <attribute name="SPNameQualifier" type="conf:string"/>
557     <attribute name="requestDelegation" type="boolean"/>
558     <attribute name="target" type="anyURI"/>
559     <anyAttribute namespace="##any" processContents="lax"/>
560   </attributeGroup>
561
562   <element name="SessionInitiator">
563     <annotation>
564       <documentation>Used to specify handlers that can issue AuthnRequests or perform discovery</documentation>
565     </annotation>
566     <complexType>
567       <complexContent>
568         <restriction base="conf:PluggableType">
569           <sequence>
570             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
571           </sequence>
572           <attribute name="Location" type="anyURI"/>
573           <attribute name="id" type="conf:string"/>
574           <attribute name="isDefault" type="boolean"/>
575           <attribute name="URL" type="anyURI"/>
576           <attribute name="acsIndex" type="unsignedShort"/>
577           <attribute name="defaultACSIndex" type="unsignedShort"/>  <!-- deprecated -->
578           <attributeGroup ref="conf:SessionInitiatorGroup"/>
579         </restriction>
580       </complexContent>
581     </complexType>
582   </element>
583
584   <attributeGroup name="LogoutInitiatorGroup">
585     <annotation>
586       <documentation>Options common to explicit and implicit LogoutInitiators</documentation>
587     </annotation>
588     <attribute name="relayState" type="conf:string"/>
589     <attribute name="outgoingBindings" type="conf:listOfURIs"/>
590     <attribute name="template" type="anyURI"/>
591     <attribute name="postArtifact" type="boolean"/>
592     <anyAttribute namespace="##any" processContents="lax"/>
593   </attributeGroup>
594
595   <element name="LogoutInitiator">
596     <annotation>
597       <documentation>Used to specify handlers that can issue LogoutRequests</documentation>
598     </annotation>
599     <complexType>
600       <complexContent>
601         <restriction base="conf:PluggableType">
602           <sequence>
603             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
604           </sequence>
605           <attribute name="Location" type="anyURI"/>
606           <attributeGroup ref="conf:LogoutInitiatorGroup"/>
607         </restriction>
608       </complexContent>
609     </complexType>
610   </element>
611
612   <element name="Handler">
613     <annotation>
614       <documentation>Used to specify custom handlers</documentation>
615     </annotation>
616     <complexType>
617       <complexContent>
618         <restriction base="conf:PluggableType">
619           <sequence>
620             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
621           </sequence>
622           <attribute name="Location" type="anyURI" use="required"/>
623           <attribute name="acl" type="conf:listOfStrings"/>
624           <anyAttribute namespace="##any" processContents="lax"/>
625         </restriction>
626       </complexContent>
627     </complexType>
628   </element>
629
630   <complexType name="ErrorsType">
631     <annotation>
632       <documentation>Container for error templates and associated details</documentation>
633     </annotation>
634     <sequence>
635       <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
636     </sequence>
637     <attribute name="redirectErrors" type="anyURI"/>
638     <attribute name="session" type="anyURI"/>
639     <attribute name="metadata" type="anyURI"/>
640     <attribute name="access" type="anyURI"/>
641     <attribute name="ssl" type="anyURI"/>
642     <attribute name="localLogout" type="anyURI"/>
643     <attribute name="globalLogout" type="anyURI"/>
644     <attribute name="partialLogout" type="anyURI"/>
645     <attribute name="supportContact" type="conf:string"/>
646     <attribute name="logoLocation" type="anyURI"/>
647     <attribute name="styleSheet" type="anyURI"/>
648     <anyAttribute namespace="##any" processContents="lax"/>
649   </complexType>
650
651   <complexType name="RelyingPartyType">
652     <annotation>
653       <documentation>Container for specifying settings to use with particular peers</documentation>
654     </annotation>
655     <sequence/>
656     <attribute name="Name" type="conf:string" use="required"/>
657     <attributeGroup ref="conf:RelyingPartyGroup"/>
658     <attribute name="entityID" type="anyURI"/>
659     <anyAttribute namespace="##other" processContents="lax"/>
660   </complexType>
661
662   <complexType name="NotifyType">
663     <annotation>
664       <documentation>Used to specify locations to receive application notifications</documentation>
665     </annotation>
666     <sequence/>
667     <attribute name="Channel" use="required">
668       <simpleType>
669         <restriction base="string">
670           <enumeration value="front"/>
671           <enumeration value="back"/>
672         </restriction>
673       </simpleType>
674     </attribute>
675     <attribute name="Location" type="anyURI" use="required"/>
676     <anyAttribute namespace="##any" processContents="lax"/>
677   </complexType>
678
679   <element name="SecurityPolicies">
680     <complexType>
681       <annotation>
682         <documentation>Container for specifying sets of policy rules to apply to incoming messages</documentation>
683       </annotation>
684       <sequence>
685         <element name="Policy" minOccurs="1" maxOccurs="unbounded">
686           <annotation>
687             <documentation>Specifies a set of SecurityPolicyRule plugins</documentation>
688           </annotation>
689           <complexType>
690             <choice>
691               <element name="Rule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
692               <element name="PolicyRule" type="conf:PluggableType" minOccurs="1" maxOccurs="unbounded"/>
693             </choice>
694             <attribute name="id" type="conf:string" use="required"/>
695             <attribute name="validate" type="boolean"/>
696             <anyAttribute namespace="##any" processContents="lax"/>
697           </complexType>
698         </element>
699         <choice minOccurs="0">
700           <element name="AlgorithmWhitelist" type="conf:listOfURIs"/>
701           <element name="AlgorithmBlacklist" type="conf:listOfURIs"/>
702         </choice>
703       </sequence>
704     </complexType>
705   </element>
706
707   <element name="TransportOption">
708     <annotation>
709       <documentation>Implementation-specific option to pass to SOAPTransport provider.</documentation>
710     </annotation>
711     <complexType>
712       <simpleContent>
713         <extension base="anySimpleType">
714           <attribute name="provider" type="conf:string" use="required"/>
715           <attribute name="option" type="conf:string" use="required"/>
716         </extension>
717       </simpleContent>
718     </complexType>
719   </element>
720
721   <element name="SPConfig">
722     <complexType>
723       <annotation>
724         <documentation>Root of configuration</documentation>
725       </annotation>
726       <sequence>
727         <element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
728         <element name="OutOfProcess" type="conf:OutOfProcessType" minOccurs="0"/>
729         <element name="InProcess" type="conf:InProcessType" minOccurs="0"/>
730         <choice minOccurs="0">
731           <element name="UnixListener">
732             <complexType>
733               <attribute name="address" type="conf:string" use="required"/>
734               <attribute name="stackSize" type="unsignedInt"/>
735             </complexType>
736           </element>
737           <element name="TCPListener">
738             <complexType>
739               <attribute name="address" type="conf:string" use="required"/>
740               <attribute name="port" type="unsignedInt" use="required"/>
741               <attribute name="acl" type="conf:listOfStrings"/>
742               <attribute name="stackSize" type="unsignedInt"/>
743             </complexType>
744           </element>
745           <element name="Listener" type="conf:PluggableType"/>
746         </choice>
747         <element name="StorageService" type="conf:StorageServiceType" minOccurs="0" maxOccurs="unbounded"/>
748         <element name="SessionCache" type="conf:SessionCacheType" minOccurs="0"/>
749         <element name="ReplayCache" type="conf:ReplayCacheType" minOccurs="0"/>
750         <element name="ArtifactMap" type="conf:ArtifactMapType" minOccurs="0"/>
751         <element name="RequestMapper" type="conf:PluggableType" minOccurs="0"/>
752         <element name="ApplicationDefaults" type="conf:ApplicationDefaultsType"/>
753         <choice>
754           <element name="SecurityPolicyProvider" type="conf:PluggableType"/>
755           <element ref="conf:SecurityPolicies"/> <!-- deprecated -->
756         </choice>
757         <element name="ProtocolProvider" type="conf:PluggableType" minOccurs="0"/>
758         <element ref="conf:TransportOption" minOccurs="0" maxOccurs="unbounded"/>
759         <element ref="ds:Signature" minOccurs="0"/>
760       </sequence>
761       <attribute name="logger" type="anyURI"/>
762       <attribute name="clockSkew" type="unsignedInt"/>
763       <attribute name="unsafeChars" type="conf:string"/>
764       <attribute name="allowedSchemes" type="conf:listOfStrings"/>
765       <attribute name="langFromClient" type="boolean"/>
766       <attribute name="langPriority" type="conf:listOfStrings"/>
767       <attribute name="contactPriority" type="conf:listOfStrings"/>
768       <anyAttribute namespace="##other" processContents="lax"/>
769     </complexType>
770   </element>
771
772 </schema>
Shibboleth SP