1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:target:config:1.0"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:conf="urn:mace:shibboleth:target:config:1.0"
5 xmlns:cred="urn:mace:shibboleth:credentials:1.0"
6 xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
7 elementFormDefault="qualified"
8 attributeFormDefault="unqualified"
9 blockDefault="substitution"
12 <import namespace="urn:mace:shibboleth:credentials:1.0" schemaLocation="credentials.xsd"/>
13 <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
17 1.0 schema for XML-based configuration of Shibboleth target libraries and modules.
18 First appearing in Shibboleth 1.3 release.
22 <element name="ShibbolethTargetConfig">
24 <documentation>Outer element of configuration file</documentation>
28 <element ref="conf:Extensions" minOccurs="0"/>
29 <element ref="cred:Credentials" minOccurs="0"/>
30 <element ref="conf:SHAR" minOccurs="0"/>
31 <element ref="conf:SHIRE" minOccurs="0"/>
32 <element ref="conf:Applications"/>
34 <attribute name="schemadir" type="anyURI" use="required"/>
35 <attribute name="logger" type="anyURI" use="optional"/>
36 <anyAttribute namespace="##any" processContents="lax"/>
40 <element name="Extensions">
42 <documentation>Container for extension libraries and custom configuration</documentation>
46 <element name="Library" minOccurs="0" maxOccurs="unbounded">
49 <extension base="anyType">
50 <attribute name="path" type="anyURI" use="required"/>
51 <attribute name="fatal" type="boolean" use="optional"/>
56 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
61 <complexType name="PluggableType">
63 <extension base="anyType">
64 <attribute name="type" type="string" use="required"/>
71 <documentation>Container for SHAR configuration</documentation>
75 <element name="Listener" type="conf:PluggableType" minOccurs="0"/>
76 <element name="SessionCache" minOccurs="0">
79 <extension base="conf:PluggableType">
80 <attribute name="cleanupInterval" type="unsignedInt" use="optional"/>
81 <attribute name="timeout" type="unsignedInt" use="optional"/>
86 <element name="AttributeCache" minOccurs="0">
89 <extension base="anyType">
90 <attribute name="AAConnectTimeout" type="unsignedInt" use="optional"/>
91 <attribute name="AATimeout" type="unsignedInt" use="optional"/>
92 <attribute name="defaultLifetime" type="unsignedInt" use="optional"/>
93 <attribute name="retryInterval" type="unsignedInt" use="optional"/>
94 <attribute name="strictValidity" type="boolean" use="optional"/>
95 <attribute name="propagateErrors" type="boolean" use="optional"/>
100 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
102 <attribute name="logger" type="anyURI" use="optional"/>
103 <anyAttribute namespace="##any" processContents="lax"/>
107 <element name="SHIRE">
110 Container for configuration glue between target library and the surrounding application environment.
115 <element ref="conf:ApplicationMap" minOccurs="0"/>
116 <element name="ImplementationSpecific" minOccurs="0">
118 <choice maxOccurs="unbounded">
119 <element ref="conf:ISAPI"/>
120 <element ref="conf:NSAPI"/>
121 <element ref="conf:Apache"/>
122 <element ref="conf:Java"/>
123 <any namespace="##other" processContents="lax"/>
127 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
129 <attribute name="logger" type="anyURI" use="optional"/>
130 <anyAttribute namespace="##any" processContents="lax"/>
134 <element name="ISAPI">
137 <element name="Site" maxOccurs="unbounded">
140 <extension base="string">
141 <attribute name="InstanceID" type="unsignedInt" use="required"/>
142 <anyAttribute namespace="##any" processContents="lax"/>
147 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
149 <anyAttribute namespace="##any" processContents="lax"/>
152 <element name="Apache">
155 <extension base="anyType">
156 <attribute name="apacheConfig" type="boolean" use="optional"/>
161 <element name="NSAPI" type="anyType"/>
162 <element name="Java" type="anyType"/>
164 <group name="ContentSettings">
167 Group of settings that can be applied to elements in the ApplicationMap, supersedes httpd.conf/htaccess
171 <element name="requireSession" type="boolean" minOccurs="0"/>
172 <element name="exportAssertion" type="boolean" minOccurs="0"/>
173 <choice minOccurs="0">
174 <element name="htaccess">
177 <element name="OR" type="conf:OperatorType"/>
178 <element name="AND" type="conf:OperatorType"/>
182 <restriction base="conf:OperatorType">
184 <element ref="conf:Rule"/>
190 <element ref="conf:Rule"/>
192 <anyAttribute namespace="##any" processContents="lax"/>
195 <element name="accessPolicy" type="conf:PluggableType"/>
197 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
201 <element name="Rule">
204 <extension base="string">
205 <attribute name="requires" type="string" use="required"/>
210 <complexType name="OperatorType">
212 <element ref="conf:Rule" maxOccurs="unbounded"/>
216 <element name="ApplicationMap">
219 <group ref="conf:ContentSettings"/>
220 <element ref="conf:Host" minOccurs="0" maxOccurs="unbounded"/>
222 <attribute name="uri" type="anyURI" use="optional"/>
223 <anyAttribute namespace="##any" processContents="lax"/>
227 <element name="Host">
230 <group ref="conf:ContentSettings"/>
231 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
233 <attribute name="scheme" use="optional" default="http">
235 <restriction base="string">
236 <enumeration value="http"/>
237 <enumeration value="https"/>
238 <enumeration value="ftp"/>
239 <enumeration value="ldap"/>
240 <enumeration value="ldaps"/>
244 <attribute name="name" type="string" use="required"/>
245 <attribute name="port" type="unsignedInt" use="optional"/>
246 <attribute name="applicationId" type="string" use="optional"/>
247 <anyAttribute namespace="##any" processContents="lax"/>
251 <element name="Path">
254 <group ref="conf:ContentSettings"/>
255 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
257 <attribute name="name" type="string" use="required"/>
258 <attribute name="applicationId" type="string" use="optional"/>
259 <anyAttribute namespace="##any" processContents="lax"/>
263 <element name="Applications">
266 Container for global target settings and application-specific overrides
271 <element ref="conf:Sessions"/>
272 <element ref="conf:Errors"/>
273 <element ref="conf:Policy"/>
274 <element ref="conf:CredentialUse"/>
275 <element ref="conf:Application" minOccurs="0" maxOccurs="unbounded"/>
276 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
278 <attribute name="providerId" type="anyURI" use="required"/>
279 <anyAttribute namespace="##any" processContents="lax"/>
283 <element name="Application">
286 Container for application-specific overrides
291 <element ref="conf:Sessions"/>
292 <element ref="conf:Errors" minOccurs="0"/>
293 <element ref="conf:Policy" minOccurs="0"/>
294 <element ref="conf:CredentialUse" minOccurs="0"/>
295 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
297 <attribute name="id" type="string" use="required"/>
298 <attribute name="providerId" type="anyURI" use="optional"/>
299 <anyAttribute namespace="##any" processContents="lax"/>
303 <element name="Errors">
306 Container for error templates and associated details
311 <extension base="anyType">
312 <attribute name="shire" type="anyURI" use="required"/>
313 <attribute name="rm" type="anyURI" use="required"/>
314 <attribute name="access" type="anyURI" use="required"/>
315 <attribute name="supportContact" type="string" use="required"/>
316 <attribute name="logoLocation" type="anyURI" use="required"/>
322 <element name="Sessions">
325 Container for specifying app session establishment and policy
330 <element name="shireURL">
333 <extension base="anyURI">
334 <attribute name="SSLOnly" type="boolean" use="optional"/>
339 <element name="cookieName">
342 <extension base="string">
343 <attribute name="SSLOnly" type="boolean" use="optional"/>
348 <element name="wayfURL" type="anyURI" minOccurs="0"/>
349 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
351 <attribute name="lifetime" type="unsignedInt" use="optional"/>
352 <attribute name="timeout" type="unsignedInt" use="optional"/>
353 <attribute name="normalizeRequest" type="boolean" use="optional"/>
354 <attribute name="checkAddress" type="boolean" use="optional"/>
355 <anyAttribute namespace="##any" processContents="lax"/>
359 <element name="Policy">
362 Container for specifying various policies for attributes, trust, and federations
367 <element name="Attributes" minOccurs="0">
370 <element ref="saml:AttributeDesignator" minOccurs="0" maxOccurs="unbounded"/>
371 <element name="AAPProvider" type="conf:PluggableType" minOccurs="0" maxOccurs="unbounded"/>
373 <attribute name="signRequest" type="boolean" use="optional"/>
374 <attribute name="signedResponse" type="boolean" use="optional"/>
375 <anyAttribute namespace="##any" processContents="lax"/>
378 <element name="FederationProvider" type="conf:PluggableType" minOccurs="0" maxOccurs="unbounded"/>
379 <element name="TrustProvider" type="conf:PluggableType" minOccurs="0" maxOccurs="unbounded"/>
380 <element name="Audiences" minOccurs="0">
383 <element ref="saml:Audience" maxOccurs="unbounded"/>
385 <anyAttribute namespace="##any" processContents="lax"/>
388 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
390 <anyAttribute namespace="##any" processContents="lax"/>
394 <element name="CredentialUse">
397 Container for specifying credentials to use
402 <element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
405 <extension base="anyType">
406 <attribute name="Name" type="string" use="required"/>
407 <attribute name="TLS" type="string" use="required"/>
408 <attribute name="Signing" type="string" use="required"/>
413 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
415 <attribute name="TLS" type="string" use="required"/>
416 <attribute name="Signing" type="string" use="required"/>
417 <anyAttribute namespace="##any" processContents="lax"/>