1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:target:config:1.0"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:conf="urn:mace:shibboleth:target:config:1.0"
5 xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
6 elementFormDefault="qualified"
7 attributeFormDefault="unqualified"
8 blockDefault="substitution"
11 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
12 <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
16 1.0 schema for XML-based configuration of Shibboleth target libraries and modules.
17 First appearing in Shibboleth 1.2 release.
21 <complexType name="PluggableType">
23 <restriction base="anyType">
25 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
27 <attribute name="type" type="string" use="required"/>
28 <attribute name="uri" type="anyURI" use="optional"/>
29 <anyAttribute namespace="##other" processContents="lax"/>
34 <element name="ShibbolethTargetConfig" type="conf:SPConfigType"/>
35 <element name="SPConfig" type="conf:SPConfigType"/>
36 <complexType name="SPConfigType">
38 <documentation>Root element of configuration file</documentation>
41 <element ref="conf:Extensions" minOccurs="0"/>
42 <choice minOccurs="0">
43 <element name="Global" type="conf:GlobalConfigurationType"/>
44 <element name="SHAR" type="conf:GlobalConfigurationType"/>
46 <choice minOccurs="0">
47 <element name="Local" type="conf:LocalConfigurationType"/>
48 <element name="SHIRE" type="conf:LocalConfigurationType"/>
50 <element ref="conf:Applications"/>
51 <element name="CredentialsProvider" type="conf:PluggableType" minOccurs="0" maxOccurs="unbounded"/>
53 <attribute name="logger" type="anyURI" use="optional"/>
54 <attribute name="clockSkew" type="unsignedInt" use="optional"/>
55 <anyAttribute namespace="##other" processContents="lax"/>
58 <element name="Extensions">
60 <documentation>Container for extension libraries and custom configuration</documentation>
64 <element name="Library" minOccurs="0" maxOccurs="unbounded">
67 <restriction base="anyType">
69 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
71 <attribute name="path" type="anyURI" use="required"/>
72 <attribute name="fatal" type="boolean" use="optional"/>
73 <anyAttribute namespace="##other" processContents="lax"/>
78 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
83 <complexType name="GlobalConfigurationType">
85 <documentation>Container for global (server independent) configuration</documentation>
88 <element ref="conf:Extensions" minOccurs="0"/>
90 <element name="UnixListener">
91 <complexType mixed="false">
93 <restriction base="anyType">
94 <attribute name="address" type="string" use="required"/>
99 <element name="TCPListener">
100 <complexType mixed="false">
102 <restriction base="anyType">
103 <attribute name="address" type="string" use="required"/>
104 <attribute name="port" type="unsignedInt" use="required"/>
105 <attribute name="acl" use="optional" default="127.0.0.1">
107 <list itemType="string"/>
114 <element name="Listener" type="conf:PluggableType"/>
117 <element name="MemorySessionCache">
118 <complexType mixed="false">
120 <restriction base="anyType">
121 <attributeGroup ref="conf:SessionCacheProperties"/>
122 <anyAttribute namespace="##other" processContents="lax"/>
127 <element name="MySQLSessionCache">
130 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
132 <attributeGroup ref="conf:SessionCacheProperties"/>
133 <attribute name="mysqlTimeout" type="unsignedInt" use="optional" default="14400"/>
134 <attribute name="storeAttributes" type="boolean" use="optional" default="false"/>
135 <anyAttribute namespace="##other" processContents="lax"/>
138 <element name="SessionCache">
141 <extension base="conf:PluggableType">
142 <attributeGroup ref="conf:SessionCacheProperties"/>
148 <choice minOccurs="0">
149 <element name="MySQLReplayCache">
152 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
154 <anyAttribute namespace="##other" processContents="lax"/>
157 <element name="ReplayCache" type="conf:PluggableType"/>
159 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
161 <attribute name="logger" type="anyURI" use="optional"/>
162 <anyAttribute namespace="##other" processContents="lax"/>
165 <attributeGroup name="SessionCacheProperties">
166 <attribute name="cleanupInterval" type="unsignedInt" use="optional" default="300"/>
167 <attribute name="cacheTimeout" type="unsignedInt" use="optional" default="28800"/>
168 <attribute name="AAConnectTimeout" type="unsignedInt" use="optional" default="15"/>
169 <attribute name="AATimeout" type="unsignedInt" use="optional" default="30"/>
170 <attribute name="defaultLifetime" type="unsignedInt" use="optional" default="1800"/>
171 <attribute name="retryInterval" type="unsignedInt" use="optional" default="300"/>
172 <attribute name="strictValidity" type="boolean" use="optional" default="true"/>
173 <attribute name="propagateErrors" type="boolean" use="optional" default="false"/>
176 <complexType name="LocalConfigurationType">
179 Container for configuration of locally integrated or platform-specific
180 features (e.g. web server filters)
184 <element ref="conf:Extensions" minOccurs="0"/>
185 <element name="RequestMapProvider" type="conf:PluggableType" minOccurs="0"/>
186 <element name="Implementation" minOccurs="0">
188 <choice maxOccurs="unbounded">
189 <element ref="conf:ISAPI"/>
190 <element ref="conf:NSAPI"/>
191 <element ref="conf:Java"/>
192 <any namespace="##other" processContents="lax"/>
196 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
198 <attribute name="logger" type="anyURI" use="optional"/>
199 <attribute name="localRelayState" type="boolean" use="optional" default="false"/>
200 <anyAttribute namespace="##other" processContents="lax"/>
203 <element name="ISAPI">
206 <element name="Site" maxOccurs="unbounded">
207 <complexType mixed="false">
209 <restriction base="anyType">
211 <element name="Alias" type="string" minOccurs="0" maxOccurs="unbounded"/>
213 <attribute name="id" type="unsignedInt" use="required"/>
214 <attribute name="name" type="string" use="required"/>
215 <attribute name="port" type="unsignedInt" use="optional"/>
216 <attribute name="scheme" type="string" use="optional"/>
221 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
223 <attribute name="normalizeRequest" type="boolean" use="optional"/>
224 <anyAttribute namespace="##other" processContents="lax"/>
227 <element name="NSAPI" type="anyType"/>
228 <element name="Java" type="anyType"/>
230 <element name="htaccess" type="conf:UniOperatorType">
233 A simple example access policy language extension that supersedes Apache .htaccess
237 <element name="OR" type="conf:MultiOperatorType"/>
238 <element name="AND" type="conf:MultiOperatorType"/>
239 <element name="NOT" type="conf:UniOperatorType"/>
240 <complexType name="UniOperatorType">
242 <element ref="conf:AND"/>
243 <element ref="conf:OR"/>
244 <element ref="conf:NOT"/>
245 <element ref="conf:Rule"/>
248 <complexType name="MultiOperatorType">
249 <choice minOccurs="2" maxOccurs="unbounded">
250 <element ref="conf:AND"/>
251 <element ref="conf:OR"/>
252 <element ref="conf:NOT"/>
253 <element ref="conf:Rule"/>
256 <element name="Rule">
259 <extension base="conf:listOfStrings">
260 <attribute name="require" type="string" use="required"/>
265 <simpleType name="listOfStrings">
266 <list itemType='string'/>
269 <attributeGroup name="ContentSettings">
270 <attribute name="requireSession" type="boolean" use="optional"/>
271 <attribute name="exportAssertion" type="boolean" use="optional"/>
272 <anyAttribute namespace="##other" processContents="lax"/>
274 <element name="AccessControlProvider" type="conf:PluggableType"/>
276 <element name="RequestMap">
279 Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
284 <choice minOccurs="0">
285 <element ref="conf:htaccess"/>
286 <element ref="conf:AccessControlProvider"/>
288 <element ref="conf:Host" minOccurs="0" maxOccurs="unbounded"/>
290 <attribute name="applicationId" type="string" fixed="default"/>
291 <attributeGroup ref="conf:ContentSettings"/>
295 <element name="Host">
298 <choice minOccurs="0">
299 <element ref="conf:htaccess"/>
300 <element ref="conf:AccessControlProvider"/>
302 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
304 <attribute name="scheme" use="optional">
306 <restriction base="string">
307 <enumeration value="http"/>
308 <enumeration value="https"/>
309 <enumeration value="ftp"/>
310 <enumeration value="ldap"/>
311 <enumeration value="ldaps"/>
315 <attribute name="name" type="string" use="required"/>
316 <attribute name="port" type="unsignedInt" use="optional"/>
317 <attribute name="applicationId" type="string" use="optional"/>
318 <attributeGroup ref="conf:ContentSettings"/>
322 <element name="Path">
325 <choice minOccurs="0">
326 <element ref="conf:htaccess"/>
327 <element ref="conf:AccessControlProvider"/>
329 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
331 <attribute name="name" type="string" use="required"/>
332 <attribute name="applicationId" type="string" use="optional"/>
333 <attributeGroup ref="conf:ContentSettings"/>
337 <element name="Applications">
340 Container for global target settings and application-specific overrides
345 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
346 <element ref="conf:Sessions"/>
347 <element ref="conf:Errors"/>
348 <element ref="conf:CredentialUse" minOccurs="0"/>
349 <choice minOccurs="0" maxOccurs="unbounded">
350 <element ref="saml:AttributeDesignator"/>
351 <element ref="saml:Audience"/>
352 <element name="AAPProvider" type="conf:PluggableType"/>
353 <element name="FederationProvider" type="conf:PluggableType"/>
354 <element name="TrustProvider" type="conf:PluggableType"/>
355 <element name="RevocationProvider" type="conf:PluggableType"/>
357 <element ref="conf:Application" minOccurs="0" maxOccurs="unbounded"/>
359 <attribute name="id" type="string" fixed="default"/>
360 <attribute name="providerId" type="anyURI" use="required"/>
361 <attribute name="homeURL" type="anyURI" use="optional"/>
362 <anyAttribute namespace="##other" processContents="lax"/>
366 <element name="Application">
369 Container for application-specific overrides
374 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
375 <element ref="conf:Sessions"/>
376 <element ref="conf:Errors" minOccurs="0"/>
377 <element ref="conf:CredentialUse" minOccurs="0"/>
378 <choice minOccurs="0" maxOccurs="unbounded">
379 <element ref="saml:AttributeDesignator"/>
380 <element ref="saml:Audience"/>
381 <element name="AAPProvider" type="conf:PluggableType"/>
382 <element name="FederationProvider" type="conf:PluggableType"/>
383 <element name="TrustProvider" type="conf:PluggableType"/>
384 <element name="RevocationProvider" type="conf:PluggableType"/>
387 <attribute name="id" type="string" use="required"/>
388 <attribute name="providerId" type="anyURI" use="optional"/>
389 <attribute name="homeURL" type="anyURI" use="optional"/>
390 <anyAttribute namespace="##other" processContents="lax"/>
394 <element name="Sessions">
396 <documentation>Container for specifying app session establishment and policy</documentation>
399 <attribute name="wayfURL" type="anyURI" use="optional"/>
400 <!-- deprecated --> <attribute name="shireURL" type="anyURI" use="optional"/>
401 <attribute name="shireSSL" type="boolean" use="optional"/>
402 <attribute name="cookieName" type="string" use="optional"/>
403 <attribute name="cookieProps" type="string" use="optional"/>
404 <attribute name="lifetime" type="unsignedInt" use="optional"/>
405 <attribute name="timeout" type="unsignedInt" use="optional"/>
406 <attribute name="checkAddress" type="boolean" use="optional"/>
407 <attribute name="oldAuthnRequest" type="boolean" use="optional"/>
408 <anyAttribute namespace="##any" processContents="lax"/>
412 <element name="Errors">
414 <documentation>Container for error templates and associated details</documentation>
418 <restriction base="anyType">
419 <!-- deprecated --> <attribute name="shire" type="anyURI" use="optional"/>
420 <attribute name="session" type="anyURI" use="optional"/>
421 <attribute name="rm" type="anyURI" use="required"/>
422 <attribute name="access" type="anyURI" use="optional"/>
423 <attribute name="supportContact" type="string" use="optional"/>
424 <attribute name="logoLocation" type="anyURI" use="optional"/>
425 <attribute name="styleSheet" type="anyURI" use="optional"/>
426 <anyAttribute namespace="##any" processContents="lax"/>
432 <attributeGroup name="CredentialUseGroup">
433 <attribute name="TLS" type="string" use="required"/>
434 <attribute name="Signing" type="string" use="required"/>
435 <attribute name="signRequest" type="boolean" use="optional" default="false"/>
436 <attribute name="signedResponse" type="boolean" use="optional" default="false"/>
437 <attribute name="signedAssertions" type="boolean" use="optional" default="false"/>
440 <element name="CredentialUse">
442 <documentation>Container for specifying credentials to use</documentation>
446 <element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
447 <complexType mixed="false">
449 <restriction base="anyType">
450 <attribute name="Name" type="string" use="required"/>
451 <attributeGroup ref="conf:CredentialUseGroup"/>
456 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
458 <attributeGroup ref="conf:CredentialUseGroup"/>
459 <anyAttribute namespace="##other" processContents="lax"/>