1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:1.0"
3 xmlns="http://www.w3.org/2001/XMLSchema"
4 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
5 xmlns:xml="http://www.w3.org/XML/1998/namespace"
6 xmlns:shib="urn:mace:shibboleth:1.0"
7 xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
8 elementFormDefault="qualified"
9 attributeFormDefault="unqualified"
12 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
13 <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
14 <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
16 <!-- Status-Related Information -->
19 The following SAML sub-status codes are defined in this namespace:
22 Used with samlp:Requester, signals AA did not recognize handle as valid
26 Relaxes SAML AttributeValue type definition. Xerces-C has a bug that prevents
27 anyAttribute content appearing on anyType. It works in 2.2 but not in later versions.
30 <complexType name="AttributeValueType" mixed="true">
32 <documentation xml:lang="en">
33 By convention, all Shibboleth 1.1 origin attribute values carry this unconstrained xsi:type.
37 <extension base="anyType"/>
41 <!-- Attribute Acceptance Policies -->
43 <simpleType name="AttributeRuleValueType">
44 <restriction base="string">
45 <enumeration value="literal"/>
46 <enumeration value="regexp"/>
47 <enumeration value="xpath"/>
51 <complexType name="SiteRuleType">
53 <element name="Scope" minOccurs="0" maxOccurs="unbounded">
56 <extension base="string">
57 <attribute name="Accept" type="boolean" use="optional" default="true"/>
58 <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
59 <anyAttribute namespace="##other" processContents="lax"/>
64 <choice minOccurs="0">
65 <element name="AnyValue">
68 <anyAttribute namespace="##other" processContents="lax"/>
71 <element name="Value" maxOccurs="unbounded">
74 <extension base="string">
75 <attribute name="Accept" type="boolean" use="optional" default="true"/>
76 <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
77 <anyAttribute namespace="##other" processContents="lax"/>
86 <element name="AnySite" type="shib:SiteRuleType"/>
87 <element name="SiteRule">
90 <extension base="shib:SiteRuleType">
91 <attribute name="Name" type="string" use="required"/>
92 <anyAttribute namespace="##other" processContents="lax"/>
98 <complexType name="AttributeRuleType">
100 <element ref="shib:AnySite" minOccurs="0"/>
101 <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
103 <attribute name="Name" type="string" use="required"/>
104 <attribute name="Namespace" type="string" use="optional"/>
105 <attribute name="Factory" type="string" use="optional"/>
106 <attribute name="Alias" type="string" use="optional"/>
107 <attribute name="Header" type="string" use="optional"/>
108 <attribute name="Scoped" type="boolean" use="optional" default="false"/>
109 <attribute name="CaseSensitive" type="boolean" use="optional" default="true"/>
110 <anyAttribute namespace="##other" processContents="lax"/>
113 <element name="AttributeRule" type="shib:AttributeRuleType">
114 <key name="SiteRuleKey">
115 <selector xpath="./shib:SiteRule"/>
116 <field xpath="@Name"/>
120 <element name="AttributeAcceptancePolicy">
123 <element name="AnyAttribute" minOccurs="0">
128 <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
130 <anyAttribute namespace="##other" processContents="lax"/>
135 <!-- Shibboleth Metadata -->
137 <complexType name="SiteType">
139 <documentation xml:lang="en">All sites have a Name attribute, plus optional i18n-ized aliases.</documentation>
142 <element name="Alias" minOccurs="0" maxOccurs="unbounded">
145 <extension base="string">
146 <attribute ref="xml:lang"/>
151 <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/>
153 <attribute name="Name" type="string" use="required"/>
154 <attribute name="ErrorURL" type="anyURI" use="optional"/>
155 <anyAttribute namespace="##any" processContents="lax"/>
158 <simpleType name="ContactTypeType">
159 <restriction base="string">
160 <enumeration value="technical"/>
161 <enumeration value="support"/>
162 <enumeration value="administrative"/>
163 <enumeration value="billing"/>
164 <enumeration value="other"/>
168 <complexType name="ContactType">
169 <annotation><documentation xml:lang="en">A human contact for a site.</documentation></annotation>
171 <attribute name="Type" type="shib:ContactTypeType" use="required"/>
172 <attribute name="Name" type="string" use="required"/>
173 <attribute name="Email" type="string" use="optional"/>
176 <complexType name="regexp_string">
178 <documentation xml:lang="en">A string element with an optional attribute signaling regexp content.</documentation>
181 <extension base="string">
182 <attribute name="regexp" type="boolean" use="optional" default="false"/>
187 <complexType name="AuthorityType">
189 <documentation xml:lang="en">Metadata about a SAML authority.</documentation>
192 <attribute name="Name" type="string" use="required"/>
193 <attribute name="Location" type="anyURI" use="required"/>
194 <anyAttribute namespace="##any" processContents="lax"/>
197 <complexType name="OriginSiteType">
199 <documentation xml:lang="en">
200 Origin sites add at least one handle service (with a name), plus optional domains trusted for attribute scoping.
204 <extension base="shib:SiteType">
206 <element name="HandleService" type="shib:AuthorityType" maxOccurs="unbounded"/>
207 <element name="AttributeAuthority" type="shib:AuthorityType" minOccurs="0" maxOccurs="unbounded"/>
208 <element ref="shib:Domain" minOccurs="0" maxOccurs="unbounded"/>
214 <element name="Domain" type="shib:regexp_string">
216 <documentation xml:lang="en">A metadata extension used to regulate allowable attribute scopes.</documentation>
220 <complexType name="DestinationSiteType">
222 <documentation xml:lang="en">
223 Destination sites add at least one attribute requester (with a name).
227 <extension base="shib:SiteType">
229 <element name="AssertionConsumerServiceURL" maxOccurs="unbounded">
231 <attribute name="Location" type="string" use="required"/>
232 <attribute name="Id" type="string" use="optional"/>
233 <anyAttribute namespace="##any" processContents="lax"/>
236 <element name="AttributeRequester" maxOccurs="unbounded">
238 <attribute name="Name" type="string" use="required"/>
239 <anyAttribute namespace="##any" processContents="lax"/>
247 <complexType name="SiteGroupType">
249 <documentation xml:lang="en">Used to logically group sites together, optionally signed.</documentation>
252 <choice maxOccurs="unbounded">
253 <element ref="shib:OriginSite"/>
254 <element ref="shib:DestinationSite"/>
255 <element ref="shib:SiteGroup"/>
257 <element ref="ds:Signature" minOccurs="0"/>
259 <attribute name="Name" type="string" use="required"/>
260 <attribute name="lastChanged" type="dateTime" use="optional"/>
261 <attribute name="validUntil" type="dateTime" use="optional"/>
262 <attribute name="cacheDuration" type="duration" use="optional"/>
263 <anyAttribute namespace="##any" processContents="lax"/>
266 <element name="OriginSite" type="shib:OriginSiteType"/>
267 <element name="DestinationSite" type="shib:DestinationSiteType"/>
268 <element name="SiteGroup" type="shib:SiteGroupType"/>
271 <!-- Old (pre 1.2) Trust Metadata -->
273 <complexType name="KeyAuthorityType">
275 <documentation xml:lang="en">
276 Binds a set of keying material to one or more named system entities.
280 <element ref="ds:KeyInfo"/>
281 <element name="Subject" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
283 <anyAttribute namespace="##any" processContents="lax"/>
285 <element name="KeyAuthority" type="shib:KeyAuthorityType"/>
287 <element name="Trust">
289 <documentation xml:lang="en">An optionally signed collection of KeyAuthority data.</documentation>
293 <element ref="shib:KeyAuthority" maxOccurs="unbounded"/>
294 <element ref="ds:Signature" minOccurs="0"/>
296 <attribute name="lastChanged" type="dateTime" use="optional"/>
297 <attribute name="validUntil" type="dateTime" use="optional"/>
298 <attribute name="cacheDuration" type="duration" use="optional"/>
299 <anyAttribute namespace="##any" processContents="lax"/>