-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
296 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,296 @@ | ||
| <?xml version="1.0" encoding="US-ASCII"?> | ||
| <schema targetNamespace="urn:mace:shibboleth:1.0" | ||
| xmlns="http://www.w3.org/2001/XMLSchema" | ||
| xmlns:ds="http://www.w3.org/2000/09/xmldsig#" | ||
| xmlns:xml="http://www.w3.org/XML/1998/namespace" | ||
| xmlns:shib="urn:mace:shibboleth:1.0" | ||
| xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" | ||
| elementFormDefault="qualified" | ||
| attributeFormDefault="unqualified" | ||
| version="1.2"> | ||
|
|
||
| <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/> | ||
| <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/> | ||
| <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/> | ||
|
|
||
| <!-- Status-Related Information --> | ||
|
|
||
| <!-- | ||
| The following SAML sub-status codes are defined in this namespace: | ||
| "InvalidHandle" | ||
| Used with samlp:Requester, signals AA did not recognize handle as valid | ||
| --> | ||
|
|
||
| <!-- | ||
| Relaxes SAML AttributeValue type definition. Xerces-C has a bug that prevents | ||
| anyAttribute content appearing on anyType. It works in 2.2 but not in later versions. | ||
| --> | ||
|
|
||
| <complexType name="AttributeValueType" mixed="true"> | ||
| <annotation> | ||
| <documentation xml:lang="en"> | ||
| By convention, all Shibboleth 1.1 origin attribute values carry this unconstrained xsi:type. | ||
| </documentation> | ||
| </annotation> | ||
| <complexContent> | ||
| <extension base="anyType"/> | ||
| </complexContent> | ||
| </complexType> | ||
|
|
||
| <!-- Attribute Acceptance Policies --> | ||
|
|
||
| <simpleType name="AttributeRuleValueType"> | ||
| <restriction base="string"> | ||
| <enumeration value="literal"/> | ||
| <enumeration value="regexp"/> | ||
| <enumeration value="xpath"/> | ||
| </restriction> | ||
| </simpleType> | ||
|
|
||
| <complexType name="SiteRuleType"> | ||
| <sequence> | ||
| <element name="Scope" minOccurs="0" maxOccurs="unbounded"> | ||
| <complexType> | ||
| <simpleContent> | ||
| <extension base="string"> | ||
| <attribute name="Accept" type="boolean" use="optional" default="true"/> | ||
| <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/> | ||
| <anyAttribute namespace="##other" processContents="lax"/> | ||
| </extension> | ||
| </simpleContent> | ||
| </complexType> | ||
| </element> | ||
| <choice minOccurs="0"> | ||
| <element name="AnyValue"> | ||
| <complexType> | ||
| <sequence/> | ||
| <anyAttribute namespace="##other" processContents="lax"/> | ||
| </complexType> | ||
| </element> | ||
| <element name="Value" maxOccurs="unbounded"> | ||
| <complexType> | ||
| <simpleContent> | ||
| <extension base="string"> | ||
| <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/> | ||
| <anyAttribute namespace="##other" processContents="lax"/> | ||
| </extension> | ||
| </simpleContent> | ||
| </complexType> | ||
| </element> | ||
| </choice> | ||
| </sequence> | ||
| </complexType> | ||
|
|
||
| <element name="AnySite" type="shib:SiteRuleType"/> | ||
| <element name="SiteRule"> | ||
| <complexType> | ||
| <complexContent> | ||
| <extension base="shib:SiteRuleType"> | ||
| <attribute name="Name" type="string" use="required"/> | ||
| <anyAttribute namespace="##other" processContents="lax"/> | ||
| </extension> | ||
| </complexContent> | ||
| </complexType> | ||
| </element> | ||
|
|
||
| <complexType name="AttributeRuleType"> | ||
| <sequence> | ||
| <element ref="shib:AnySite" minOccurs="0"/> | ||
| <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/> | ||
| </sequence> | ||
| <attribute name="Name" type="string" use="required"/> | ||
| <attribute name="Namespace" type="string" use="optional"/> | ||
| <attribute name="Factory" type="string" use="optional"/> | ||
| <attribute name="Alias" type="string" use="optional"/> | ||
| <attribute name="Header" type="string" use="optional"/> | ||
| <anyAttribute namespace="##other" processContents="lax"/> | ||
| </complexType> | ||
|
|
||
| <element name="AttributeRule" type="shib:AttributeRuleType"> | ||
| <key name="SiteRuleKey"> | ||
| <selector xpath="./shib:SiteRule"/> | ||
| <field xpath="@Name"/> | ||
| </key> | ||
| </element> | ||
|
|
||
| <element name="AttributeAcceptancePolicy"> | ||
| <complexType> | ||
| <sequence> | ||
| <element name="AnyAttribute" minOccurs="0"> | ||
| <complexType> | ||
| <sequence/> | ||
| </complexType> | ||
| </element> | ||
| <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/> | ||
| </sequence> | ||
| <anyAttribute namespace="##other" processContents="lax"/> | ||
| </complexType> | ||
| </element> | ||
|
|
||
|
|
||
| <!-- Shibboleth Metadata --> | ||
|
|
||
| <complexType name="SiteType"> | ||
| <annotation> | ||
| <documentation xml:lang="en">All sites have a Name attribute, plus optional i18n-ized aliases.</documentation> | ||
| </annotation> | ||
| <sequence> | ||
| <element name="Alias" minOccurs="0" maxOccurs="unbounded"> | ||
| <complexType> | ||
| <simpleContent> | ||
| <extension base="string"> | ||
| <attribute ref="xml:lang"/> | ||
| </extension> | ||
| </simpleContent> | ||
| </complexType> | ||
| </element> | ||
| <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/> | ||
| </sequence> | ||
| <attribute name="Name" type="string" use="required"/> | ||
| <attribute name="ErrorURL" type="anyURI" use="optional"/> | ||
| <anyAttribute namespace="##any" processContents="lax"/> | ||
| </complexType> | ||
|
|
||
| <simpleType name="ContactTypeType"> | ||
| <restriction base="string"> | ||
| <enumeration value="technical"/> | ||
| <enumeration value="support"/> | ||
| <enumeration value="administrative"/> | ||
| <enumeration value="billing"/> | ||
| <enumeration value="other"/> | ||
| </restriction> | ||
| </simpleType> | ||
|
|
||
| <complexType name="ContactType"> | ||
| <annotation><documentation xml:lang="en">A human contact for a site.</documentation></annotation> | ||
| <sequence/> | ||
| <attribute name="Type" type="shib:ContactTypeType" use="required"/> | ||
| <attribute name="Name" type="string" use="required"/> | ||
| <attribute name="Email" type="string" use="optional"/> | ||
| </complexType> | ||
|
|
||
| <complexType name="regexp_string"> | ||
| <annotation> | ||
| <documentation xml:lang="en">A string element with an optional attribute signaling regexp content.</documentation> | ||
| </annotation> | ||
| <simpleContent> | ||
| <extension base="string"> | ||
| <attribute name="regexp" type="boolean" use="optional" default="false"/> | ||
| </extension> | ||
| </simpleContent> | ||
| </complexType> | ||
|
|
||
| <complexType name="AuthorityType"> | ||
| <annotation> | ||
| <documentation xml:lang="en">Metadata about a SAML authority.</documentation> | ||
| </annotation> | ||
| <sequence/> | ||
| <attribute name="Name" type="string" use="required"/> | ||
| <attribute name="Location" type="anyURI" use="required"/> | ||
| <anyAttribute namespace="##any" processContents="lax"/> | ||
| </complexType> | ||
|
|
||
| <complexType name="OriginSiteType"> | ||
| <annotation> | ||
| <documentation xml:lang="en"> | ||
| Origin sites add at least one handle service (with a name), plus optional domains trusted for attribute scoping. | ||
| </documentation> | ||
| </annotation> | ||
| <complexContent> | ||
| <extension base="shib:SiteType"> | ||
| <sequence> | ||
| <element name="HandleService" type="shib:AuthorityType" maxOccurs="unbounded"/> | ||
| <element name="AttributeAuthority" type="shib:AuthorityType" minOccurs="0" maxOccurs="unbounded"/> | ||
| <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/> | ||
| </sequence> | ||
| </extension> | ||
| </complexContent> | ||
| </complexType> | ||
|
|
||
| <complexType name="DestinationSiteType"> | ||
| <annotation> | ||
| <documentation xml:lang="en"> | ||
| Destination sites add at least one attribute requester (with a name). | ||
| </documentation> | ||
| </annotation> | ||
| <complexContent> | ||
| <extension base="shib:SiteType"> | ||
| <sequence> | ||
| <element name="AssertionConsumerServiceURL" maxOccurs="unbounded"> | ||
| <complexType> | ||
| <sequence/> | ||
| <attribute name="Location" type="string" use="required"/> | ||
| <attribute name="Id" type="string" use="optional"/> | ||
| <anyAttribute namespace="##any" processContents="lax"/> | ||
| </complexType> | ||
| </element> | ||
| <element name="AttributeRequester" maxOccurs="unbounded"> | ||
| <complexType> | ||
| <sequence/> | ||
| <attribute name="Name" type="string" use="required"/> | ||
| <anyAttribute namespace="##any" processContents="lax"/> | ||
| </complexType> | ||
| </element> | ||
| </sequence> | ||
| </extension> | ||
| </complexContent> | ||
| </complexType> | ||
|
|
||
| <complexType name="SiteGroupType"> | ||
| <annotation> | ||
| <documentation xml:lang="en">Used to logically group sites together, optionally signed.</documentation> | ||
| </annotation> | ||
| <sequence> | ||
| <choice maxOccurs="unbounded"> | ||
| <element ref="shib:OriginSite"/> | ||
| <element ref="shib:DestinationSite"/> | ||
| <element ref="shib:SiteGroup"/> | ||
| </choice> | ||
| <element ref="ds:Signature" minOccurs="0"/> | ||
| </sequence> | ||
| <attribute name="Name" type="string" use="required"/> | ||
| <attribute name="lastChanged" type="dateTime" use="optional"/> | ||
| <attribute name="validUntil" type="dateTime" use="optional"/> | ||
| <attribute name="cacheDuration" type="duration" use="optional"/> | ||
| <anyAttribute namespace="##any" processContents="lax"/> | ||
| </complexType> | ||
|
|
||
| <element name="OriginSite" type="shib:OriginSiteType"/> | ||
| <element name="DestinationSite" type="shib:DestinationSiteType"/> | ||
| <element name="SiteGroup" type="shib:SiteGroupType"/> | ||
|
|
||
|
|
||
| <!-- Old (pre 1.2) Trust Metadata --> | ||
|
|
||
| <complexType name="KeyAuthorityType"> | ||
| <annotation> | ||
| <documentation xml:lang="en"> | ||
| Binds a set of keying material to one or more named system entities. | ||
| </documentation> | ||
| </annotation> | ||
| <sequence> | ||
| <element ref="ds:KeyInfo"/> | ||
| <element name="Subject" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/> | ||
| </sequence> | ||
| <anyAttribute namespace="##any" processContents="lax"/> | ||
| </complexType> | ||
| <element name="KeyAuthority" type="shib:KeyAuthorityType"/> | ||
|
|
||
| <element name="Trust"> | ||
| <annotation> | ||
| <documentation xml:lang="en">An optionally signed collection of KeyAuthority data.</documentation> | ||
| </annotation> | ||
| <complexType> | ||
| <sequence> | ||
| <element ref="shib:KeyAuthority" maxOccurs="unbounded"/> | ||
| <element ref="ds:Signature" minOccurs="0"/> | ||
| </sequence> | ||
| <attribute name="lastChanged" type="dateTime" use="optional"/> | ||
| <attribute name="validUntil" type="dateTime" use="optional"/> | ||
| <attribute name="cacheDuration" type="duration" use="optional"/> | ||
| <anyAttribute namespace="##any" processContents="lax"/> | ||
| </complexType> | ||
| </element> | ||
|
|
||
| </schema> |