1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:target:config:1.0"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:conf="urn:mace:shibboleth:target:config:1.0"
5 xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
6 elementFormDefault="qualified"
7 attributeFormDefault="unqualified"
8 blockDefault="substitution"
11 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
12 <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
16 1.0 schema for XML-based configuration of Shibboleth target libraries and modules.
17 First appearing in Shibboleth 1.2 release.
21 <complexType name="PluggableType">
23 <restriction base="anyType">
25 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
27 <attribute name="type" type="string" use="required"/>
28 <attribute name="uri" type="anyURI" use="optional"/>
29 <anyAttribute namespace="##other" processContents="lax"/>
34 <element name="ShibbolethTargetConfig" type="conf:SPConfigType"/>
35 <element name="SPConfig" type="conf:SPConfigType"/>
36 <complexType name="SPConfigType">
38 <documentation>Root element of configuration file</documentation>
41 <element ref="conf:Extensions" minOccurs="0"/>
42 <choice minOccurs="0">
43 <element name="Global" type="conf:GlobalConfigurationType"/>
44 <element name="SHAR" type="conf:GlobalConfigurationType"/>
46 <choice minOccurs="0">
47 <element name="Local" type="conf:LocalConfigurationType"/>
48 <element name="SHIRE" type="conf:LocalConfigurationType"/>
50 <element ref="conf:Applications"/>
51 <element name="CredentialsProvider" type="conf:PluggableType" minOccurs="0" maxOccurs="unbounded"/>
53 <attribute name="logger" type="anyURI" use="optional"/>
54 <attribute name="clockSkew" type="unsignedInt" use="optional"/>
55 <anyAttribute namespace="##other" processContents="lax"/>
58 <element name="Extensions">
60 <documentation>Container for extension libraries and custom configuration</documentation>
64 <element name="Library" minOccurs="0" maxOccurs="unbounded">
67 <restriction base="anyType">
69 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
71 <attribute name="path" type="anyURI" use="required"/>
72 <attribute name="fatal" type="boolean" use="optional"/>
73 <anyAttribute namespace="##other" processContents="lax"/>
78 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
83 <complexType name="GlobalConfigurationType">
85 <documentation>Container for global (server independent) configuration</documentation>
88 <element ref="conf:Extensions" minOccurs="0"/>
90 <element name="UnixListener">
91 <complexType mixed="false">
93 <restriction base="anyType">
94 <attribute name="address" type="string" use="required"/>
99 <element name="TCPListener">
100 <complexType mixed="false">
102 <restriction base="anyType">
103 <attribute name="address" type="string" use="required"/>
104 <attribute name="port" type="unsignedInt" use="required"/>
105 <attribute name="acl" use="optional" default="127.0.0.1">
107 <list itemType="string"/>
114 <element name="Listener" type="conf:PluggableType"/>
117 <element name="MemorySessionCache">
118 <complexType mixed="false">
120 <restriction base="anyType">
121 <attributeGroup ref="conf:SessionCacheProperties"/>
122 <anyAttribute namespace="##other" processContents="lax"/>
127 <element name="MySQLSessionCache">
130 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
132 <attributeGroup ref="conf:SessionCacheProperties"/>
133 <attribute name="mysqlTimeout" type="unsignedInt" use="optional" default="14400"/>
134 <attribute name="storeAttributes" type="boolean" use="optional" default="false"/>
135 <anyAttribute namespace="##other" processContents="lax"/>
138 <element name="SessionCache">
141 <extension base="conf:PluggableType">
142 <attributeGroup ref="conf:SessionCacheProperties"/>
148 <choice minOccurs="0">
149 <element name="MySQLReplayCache">
152 <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
154 <anyAttribute namespace="##other" processContents="lax"/>
157 <element name="ReplayCache" type="conf:PluggableType"/>
159 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
161 <attribute name="logger" type="anyURI" use="optional"/>
162 <anyAttribute namespace="##other" processContents="lax"/>
165 <attributeGroup name="SessionCacheProperties">
166 <attribute name="cleanupInterval" type="unsignedInt" use="optional" default="300"/>
167 <attribute name="cacheTimeout" type="unsignedInt" use="optional" default="28800"/>
168 <attribute name="AAConnectTimeout" type="unsignedInt" use="optional" default="15"/>
169 <attribute name="AATimeout" type="unsignedInt" use="optional" default="30"/>
170 <attribute name="defaultLifetime" type="unsignedInt" use="optional" default="1800"/>
171 <attribute name="retryInterval" type="unsignedInt" use="optional" default="300"/>
172 <attribute name="strictValidity" type="boolean" use="optional" default="true"/>
173 <attribute name="propagateErrors" type="boolean" use="optional" default="false"/>
176 <complexType name="LocalConfigurationType">
179 Container for configuration of locally integrated or platform-specific
180 features (e.g. web server filters)
184 <element ref="conf:Extensions" minOccurs="0"/>
185 <element name="RequestMapProvider" type="conf:PluggableType" minOccurs="0"/>
186 <element name="Implementation" minOccurs="0">
188 <choice maxOccurs="unbounded">
189 <element ref="conf:ISAPI"/>
190 <element ref="conf:NSAPI"/>
191 <element ref="conf:Java"/>
192 <any namespace="##other" processContents="lax"/>
196 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
198 <attribute name="logger" type="anyURI" use="optional"/>
199 <attribute name="localRelayState" type="boolean" use="optional" default="false"/>
200 <anyAttribute namespace="##other" processContents="lax"/>
203 <element name="ISAPI">
206 <element name="Site" maxOccurs="unbounded">
207 <complexType mixed="false">
209 <restriction base="anyType">
211 <element name="Alias" type="string" minOccurs="0" maxOccurs="unbounded"/>
213 <attribute name="id" type="unsignedInt" use="required"/>
214 <attribute name="name" type="string" use="required"/>
215 <attribute name="port" type="unsignedInt" use="optional"/>
216 <attribute name="sslport" type="unsignedInt" use="optional"/>
217 <attribute name="scheme" type="string" use="optional"/>
222 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
224 <attribute name="normalizeRequest" type="boolean" use="optional"/>
225 <anyAttribute namespace="##other" processContents="lax"/>
228 <element name="NSAPI" type="anyType"/>
229 <element name="Java" type="anyType"/>
231 <element name="htaccess" type="conf:UniOperatorType">
234 A simple example access policy language extension that supersedes Apache .htaccess
238 <element name="OR" type="conf:MultiOperatorType"/>
239 <element name="AND" type="conf:MultiOperatorType"/>
240 <element name="NOT" type="conf:UniOperatorType"/>
241 <complexType name="UniOperatorType">
243 <element ref="conf:AND"/>
244 <element ref="conf:OR"/>
245 <element ref="conf:NOT"/>
246 <element ref="conf:Rule"/>
249 <complexType name="MultiOperatorType">
250 <choice minOccurs="2" maxOccurs="unbounded">
251 <element ref="conf:AND"/>
252 <element ref="conf:OR"/>
253 <element ref="conf:NOT"/>
254 <element ref="conf:Rule"/>
257 <element name="Rule">
260 <extension base="conf:listOfStrings">
261 <attribute name="require" type="string" use="required"/>
266 <simpleType name="listOfStrings">
267 <list itemType='string'/>
270 <attributeGroup name="ContentSettings">
271 <attribute name="requireSession" type="boolean" use="optional"/>
272 <attribute name="exportAssertion" type="boolean" use="optional"/>
273 <anyAttribute namespace="##other" processContents="lax"/>
275 <element name="AccessControlProvider" type="conf:PluggableType"/>
277 <element name="RequestMap">
280 Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
285 <choice minOccurs="0">
286 <element ref="conf:htaccess"/>
287 <element ref="conf:AccessControlProvider"/>
289 <element ref="conf:Host" minOccurs="0" maxOccurs="unbounded"/>
291 <attribute name="applicationId" type="string" fixed="default"/>
292 <attributeGroup ref="conf:ContentSettings"/>
296 <element name="Host">
299 <choice minOccurs="0">
300 <element ref="conf:htaccess"/>
301 <element ref="conf:AccessControlProvider"/>
303 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
305 <attribute name="scheme" use="optional">
307 <restriction base="string">
308 <enumeration value="http"/>
309 <enumeration value="https"/>
310 <enumeration value="ftp"/>
311 <enumeration value="ldap"/>
312 <enumeration value="ldaps"/>
316 <attribute name="name" type="string" use="required"/>
317 <attribute name="port" type="unsignedInt" use="optional"/>
318 <attribute name="applicationId" type="string" use="optional"/>
319 <attributeGroup ref="conf:ContentSettings"/>
323 <element name="Path">
326 <choice minOccurs="0">
327 <element ref="conf:htaccess"/>
328 <element ref="conf:AccessControlProvider"/>
330 <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
332 <attribute name="name" type="string" use="required"/>
333 <attribute name="applicationId" type="string" use="optional"/>
334 <attributeGroup ref="conf:ContentSettings"/>
338 <element name="Applications">
341 Container for global target settings and application-specific overrides
346 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
347 <element ref="conf:Sessions"/>
348 <element ref="conf:Errors"/>
349 <element ref="conf:CredentialUse" minOccurs="0"/>
350 <choice minOccurs="0" maxOccurs="unbounded">
351 <element ref="saml:AttributeDesignator"/>
352 <element ref="saml:Audience"/>
353 <element name="AAPProvider" type="conf:PluggableType"/>
354 <element name="FederationProvider" type="conf:PluggableType"/>
355 <element name="TrustProvider" type="conf:PluggableType"/>
356 <element name="RevocationProvider" type="conf:PluggableType"/>
358 <element ref="conf:Application" minOccurs="0" maxOccurs="unbounded"/>
360 <attribute name="id" type="string" fixed="default"/>
361 <attribute name="providerId" type="anyURI" use="required"/>
362 <attribute name="homeURL" type="anyURI" use="optional"/>
363 <anyAttribute namespace="##other" processContents="lax"/>
367 <element name="Application">
370 Container for application-specific overrides
375 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
376 <element ref="conf:Sessions"/>
377 <element ref="conf:Errors" minOccurs="0"/>
378 <element ref="conf:CredentialUse" minOccurs="0"/>
379 <choice minOccurs="0" maxOccurs="unbounded">
380 <element ref="saml:AttributeDesignator"/>
381 <element ref="saml:Audience"/>
382 <element name="AAPProvider" type="conf:PluggableType"/>
383 <element name="FederationProvider" type="conf:PluggableType"/>
384 <element name="TrustProvider" type="conf:PluggableType"/>
385 <element name="RevocationProvider" type="conf:PluggableType"/>
388 <attribute name="id" type="string" use="required"/>
389 <attribute name="providerId" type="anyURI" use="optional"/>
390 <attribute name="homeURL" type="anyURI" use="optional"/>
391 <anyAttribute namespace="##other" processContents="lax"/>
395 <element name="Sessions">
397 <documentation>Container for specifying app session establishment and policy</documentation>
400 <attribute name="wayfURL" type="anyURI" use="optional"/>
401 <!-- deprecated --> <attribute name="shireURL" type="anyURI" use="optional"/>
402 <attribute name="shireSSL" type="boolean" use="optional"/>
403 <attribute name="cookieName" type="string" use="optional"/>
404 <attribute name="cookieProps" type="string" use="optional"/>
405 <attribute name="lifetime" type="unsignedInt" use="optional"/>
406 <attribute name="timeout" type="unsignedInt" use="optional"/>
407 <attribute name="checkAddress" type="boolean" use="optional"/>
408 <attribute name="oldAuthnRequest" type="boolean" use="optional"/>
409 <anyAttribute namespace="##any" processContents="lax"/>
413 <element name="Errors">
415 <documentation>Container for error templates and associated details</documentation>
419 <restriction base="anyType">
420 <!-- deprecated --> <attribute name="shire" type="anyURI" use="optional"/>
421 <attribute name="session" type="anyURI" use="optional"/>
422 <attribute name="rm" type="anyURI" use="required"/>
423 <attribute name="access" type="anyURI" use="optional"/>
424 <attribute name="supportContact" type="string" use="optional"/>
425 <attribute name="logoLocation" type="anyURI" use="optional"/>
426 <attribute name="styleSheet" type="anyURI" use="optional"/>
427 <anyAttribute namespace="##any" processContents="lax"/>
433 <attributeGroup name="CredentialUseGroup">
434 <attribute name="TLS" type="string" use="required"/>
435 <attribute name="Signing" type="string" use="required"/>
436 <attribute name="signRequest" type="boolean" use="optional" default="false"/>
437 <attribute name="signedResponse" type="boolean" use="optional" default="false"/>
438 <attribute name="signedAssertions" type="boolean" use="optional" default="false"/>
441 <element name="CredentialUse">
443 <documentation>Container for specifying credentials to use</documentation>
447 <element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
448 <complexType mixed="false">
450 <restriction base="anyType">
451 <attribute name="Name" type="string" use="required"/>
452 <attributeGroup ref="conf:CredentialUseGroup"/>
457 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
459 <attributeGroup ref="conf:CredentialUseGroup"/>
460 <anyAttribute namespace="##other" processContents="lax"/>
projects / shibboleth / sp.git / blob