<?xml version="1.0" encoding="US-ASCII"?> <schema targetNamespace="urn:mace:shibboleth:1.0" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:shib="urn:mace:shibboleth:1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2"> <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/> <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/> <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/> <!-- Status-Related Information --> <!-- The following SAML sub-status codes are defined in this namespace: "InvalidHandle" Used with samlp:Requester, signals AA did not recognize handle as valid --> <!-- Relaxes SAML AttributeValue type definition. Xerces-C has a bug that prevents anyAttribute content appearing on anyType. It works in 2.2 but not in later versions. --> <complexType name="AttributeValueType" mixed="true"> <annotation> <documentation xml:lang="en"> By convention, all Shibboleth 1.1 origin attribute values carry this unconstrained xsi:type. </documentation> </annotation> <complexContent> <extension base="anyType"/> </complexContent> </complexType> <!-- Attribute Acceptance Policies --> <simpleType name="AttributeRuleValueType"> <restriction base="string"> <enumeration value="literal"/> <enumeration value="regexp"/> <enumeration value="xpath"/> </restriction> </simpleType> <complexType name="SiteRuleType"> <sequence> <element name="Scope" minOccurs="0" maxOccurs="unbounded"> <complexType> <simpleContent> <extension base="string"> <attribute name="Accept" type="boolean" use="optional" default="true"/> <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/> <anyAttribute namespace="##other" processContents="lax"/> </extension> </simpleContent> </complexType> </element> <choice minOccurs="0"> <element name="AnyValue"> <complexType> <sequence/> <anyAttribute namespace="##other" processContents="lax"/> </complexType> </element> <element name="Value" maxOccurs="unbounded"> <complexType> <simpleContent> <extension base="string"> <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/> <anyAttribute namespace="##other" processContents="lax"/> </extension> </simpleContent> </complexType> </element> </choice> </sequence> </complexType> <element name="AnySite" type="shib:SiteRuleType"/> <element name="SiteRule"> <complexType> <complexContent> <extension base="shib:SiteRuleType"> <attribute name="Name" type="string" use="required"/> <anyAttribute namespace="##other" processContents="lax"/> </extension> </complexContent> </complexType> </element> <complexType name="AttributeRuleType"> <sequence> <element ref="shib:AnySite" minOccurs="0"/> <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="Name" type="string" use="required"/> <attribute name="Namespace" type="string" use="optional"/> <attribute name="Factory" type="string" use="optional"/> <attribute name="Alias" type="string" use="optional"/> <attribute name="Header" type="string" use="optional"/> <anyAttribute namespace="##other" processContents="lax"/> </complexType> <element name="AttributeRule" type="shib:AttributeRuleType"> <key name="SiteRuleKey"> <selector xpath="./shib:SiteRule"/> <field xpath="@Name"/> </key> </element> <element name="AttributeAcceptancePolicy"> <complexType> <sequence> <element name="AnyAttribute" minOccurs="0"> <complexType> <sequence/> </complexType> </element> <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/> </sequence> <anyAttribute namespace="##other" processContents="lax"/> </complexType> </element> <!-- Shibboleth Metadata --> <complexType name="SiteType"> <annotation> <documentation xml:lang="en">All sites have a Name attribute, plus optional i18n-ized aliases.</documentation> </annotation> <sequence> <element name="Alias" minOccurs="0" maxOccurs="unbounded"> <complexType> <simpleContent> <extension base="string"> <attribute ref="xml:lang"/> </extension> </simpleContent> </complexType> </element> <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="Name" type="string" use="required"/> <attribute name="ErrorURL" type="anyURI" use="optional"/> <anyAttribute namespace="##any" processContents="lax"/> </complexType> <simpleType name="ContactTypeType"> <restriction base="string"> <enumeration value="technical"/> <enumeration value="support"/> <enumeration value="administrative"/> <enumeration value="billing"/> <enumeration value="other"/> </restriction> </simpleType> <complexType name="ContactType"> <annotation><documentation xml:lang="en">A human contact for a site.</documentation></annotation> <sequence/> <attribute name="Type" type="shib:ContactTypeType" use="required"/> <attribute name="Name" type="string" use="required"/> <attribute name="Email" type="string" use="optional"/> </complexType> <complexType name="regexp_string"> <annotation> <documentation xml:lang="en">A string element with an optional attribute signaling regexp content.</documentation> </annotation> <simpleContent> <extension base="string"> <attribute name="regexp" type="boolean" use="optional" default="false"/> </extension> </simpleContent> </complexType> <complexType name="AuthorityType"> <annotation> <documentation xml:lang="en">Metadata about a SAML authority.</documentation> </annotation> <sequence/> <attribute name="Name" type="string" use="required"/> <attribute name="Location" type="anyURI" use="required"/> <anyAttribute namespace="##any" processContents="lax"/> </complexType> <complexType name="OriginSiteType"> <annotation> <documentation xml:lang="en"> Origin sites add at least one handle service (with a name), plus optional domains trusted for attribute scoping. </documentation> </annotation> <complexContent> <extension base="shib:SiteType"> <sequence> <element name="HandleService" type="shib:AuthorityType" maxOccurs="unbounded"/> <element name="AttributeAuthority" type="shib:AuthorityType" minOccurs="0" maxOccurs="unbounded"/> <element name="Domain" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/> </sequence> </extension> </complexContent> </complexType> <complexType name="DestinationSiteType"> <annotation> <documentation xml:lang="en"> Destination sites add at least one attribute requester (with a name). </documentation> </annotation> <complexContent> <extension base="shib:SiteType"> <sequence> <element name="AssertionConsumerServiceURL" maxOccurs="unbounded"> <complexType> <sequence/> <attribute name="Location" type="string" use="required"/> <attribute name="Id" type="string" use="optional"/> <anyAttribute namespace="##any" processContents="lax"/> </complexType> </element> <element name="AttributeRequester" maxOccurs="unbounded"> <complexType> <sequence/> <attribute name="Name" type="string" use="required"/> <anyAttribute namespace="##any" processContents="lax"/> </complexType> </element> </sequence> </extension> </complexContent> </complexType> <complexType name="SiteGroupType"> <annotation> <documentation xml:lang="en">Used to logically group sites together, optionally signed.</documentation> </annotation> <sequence> <choice maxOccurs="unbounded"> <element ref="shib:OriginSite"/> <element ref="shib:DestinationSite"/> <element ref="shib:SiteGroup"/> </choice> <element ref="ds:Signature" minOccurs="0"/> </sequence> <attribute name="Name" type="string" use="required"/> <attribute name="lastChanged" type="dateTime" use="optional"/> <attribute name="validUntil" type="dateTime" use="optional"/> <attribute name="cacheDuration" type="duration" use="optional"/> <anyAttribute namespace="##any" processContents="lax"/> </complexType> <element name="OriginSite" type="shib:OriginSiteType"/> <element name="DestinationSite" type="shib:DestinationSiteType"/> <element name="SiteGroup" type="shib:SiteGroupType"/> <!-- Old (pre 1.2) Trust Metadata --> <complexType name="KeyAuthorityType"> <annotation> <documentation xml:lang="en"> Binds a set of keying material to one or more named system entities. </documentation> </annotation> <sequence> <element ref="ds:KeyInfo"/> <element name="Subject" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/> </sequence> <anyAttribute namespace="##any" processContents="lax"/> </complexType> <element name="KeyAuthority" type="shib:KeyAuthorityType"/> <element name="Trust"> <annotation> <documentation xml:lang="en">An optionally signed collection of KeyAuthority data.</documentation> </annotation> <complexType> <sequence> <element ref="shib:KeyAuthority" maxOccurs="unbounded"/> <element ref="ds:Signature" minOccurs="0"/> </sequence> <attribute name="lastChanged" type="dateTime" use="optional"/> <attribute name="validUntil" type="dateTime" use="optional"/> <attribute name="cacheDuration" type="duration" use="optional"/> <anyAttribute namespace="##any" processContents="lax"/> </complexType> </element> </schema>