<?xml version="1.0" encoding="UTF-8"?> <schema targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified" attributeFormDefault="unqualified" blockDefault="substitution" version="2.0"> <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/> <import namespace="http://www.w3.org/2001/04/xmlenc#" schemaLocation="xenc-schema.xsd"/> <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="sstc-saml-schema-assertion-2.0.xsd"/> <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/> <annotation> <documentation> Document identifier: sstc-saml-schema-metadata-2.0 Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security Revision history: V2.0 CD-04 (January, 2005): Schema for SAML metadata, first published in SAML 2.0. </documentation> </annotation> <simpleType name="entityIDType"> <restriction base="anyURI"> <maxLength value="1024"/> </restriction> </simpleType> <complexType name="localizedNameType"> <simpleContent> <extension base="string"> <attribute ref="xml:lang" use="required"/> </extension> </simpleContent> </complexType> <complexType name="localizedURIType"> <simpleContent> <extension base="anyURI"> <attribute ref="xml:lang" use="required"/> </extension> </simpleContent> </complexType> <element name="Extensions" type="md:ExtensionsType"/> <complexType final="#all" name="ExtensionsType"> <sequence> <any namespace="##other" processContents="lax" maxOccurs="unbounded"/> </sequence> </complexType> <complexType name="EndpointType"> <sequence> <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="Binding" type="anyURI" use="required"/> <attribute name="Location" type="anyURI" use="required"/> <attribute name="ResponseLocation" type="anyURI" use="optional"/> <anyAttribute namespace="##other" processContents="lax"/> </complexType> <complexType name="IndexedEndpointType"> <complexContent> <extension base="md:EndpointType"> <attribute name="index" type="unsignedShort" use="required"/> <attribute name="isDefault" type="boolean" use="optional"/> </extension> </complexContent> </complexType> <element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/> <complexType name="EntitiesDescriptorType"> <sequence> <element ref="ds:Signature" minOccurs="0"/> <element ref="md:Extensions" minOccurs="0"/> <choice minOccurs="1" maxOccurs="unbounded"> <element ref="md:EntityDescriptor"/> <element ref="md:EntitiesDescriptor"/> </choice> </sequence> <attribute name="validUntil" type="dateTime" use="optional"/> <attribute name="cacheDuration" type="duration" use="optional"/> <attribute name="ID" type="ID" use="optional"/> <attribute name="Name" type="string" use="optional"/> </complexType> <element name="EntityDescriptor" type="md:EntityDescriptorType"/> <complexType name="EntityDescriptorType"> <sequence> <element ref="ds:Signature" minOccurs="0"/> <element ref="md:Extensions" minOccurs="0"/> <choice> <choice maxOccurs="unbounded"> <element ref="md:RoleDescriptor"/> <element ref="md:IDPSSODescriptor"/> <element ref="md:SPSSODescriptor"/> <element ref="md:AuthnAuthorityDescriptor"/> <element ref="md:AttributeAuthorityDescriptor"/> <element ref="md:PDPDescriptor"/> </choice> <element ref="md:AffiliationDescriptor"/> </choice> <element ref="md:Organization" minOccurs="0"/> <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/> <element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="entityID" type="md:entityIDType" use="required"/> <attribute name="validUntil" type="dateTime" use="optional"/> <attribute name="cacheDuration" type="duration" use="optional"/> <attribute name="ID" type="ID" use="optional"/> <anyAttribute namespace="##other" processContents="lax"/> </complexType> <element name="Organization" type="md:OrganizationType"/> <complexType name="OrganizationType"> <sequence> <element ref="md:Extensions" minOccurs="0"/> <element ref="md:OrganizationName" maxOccurs="unbounded"/> <element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/> <element ref="md:OrganizationURL" maxOccurs="unbounded"/> </sequence> <anyAttribute namespace="##other" processContents="lax"/> </complexType> <element name="OrganizationName" type="md:localizedNameType"/> <element name="OrganizationDisplayName" type="md:localizedNameType"/> <element name="OrganizationURL" type="md:localizedURIType"/> <element name="ContactPerson" type="md:ContactType"/> <complexType name="ContactType"> <sequence> <element ref="md:Extensions" minOccurs="0"/> <element ref="md:Company" minOccurs="0"/> <element ref="md:GivenName" minOccurs="0"/> <element ref="md:SurName" minOccurs="0"/> <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/> <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="contactType" type="md:ContactTypeType" use="required"/> <anyAttribute namespace="##other" processContents="lax"/> </complexType> <element name="Company" type="string"/> <element name="GivenName" type="string"/> <element name="SurName" type="string"/> <element name="EmailAddress" type="anyURI"/> <element name="TelephoneNumber" type="string"/> <simpleType name="ContactTypeType"> <restriction base="string"> <enumeration value="technical"/> <enumeration value="support"/> <enumeration value="administrative"/> <enumeration value="billing"/> <enumeration value="other"/> </restriction> </simpleType> <element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/> <complexType name="AdditionalMetadataLocationType"> <simpleContent> <extension base="anyURI"> <attribute name="namespace" type="anyURI" use="required"/> </extension> </simpleContent> </complexType> <element name="RoleDescriptor" type="md:RoleDescriptorType"/> <complexType name="RoleDescriptorType" abstract="true"> <sequence> <element ref="ds:Signature" minOccurs="0"/> <element ref="md:Extensions" minOccurs="0"/> <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/> <element ref="md:Organization" minOccurs="0"/> <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="ID" type="ID" use="optional"/> <attribute name="validUntil" type="dateTime" use="optional"/> <attribute name="cacheDuration" type="duration" use="optional"/> <attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/> <attribute name="errorURL" type="anyURI" use="optional"/> <anyAttribute namespace="##other" processContents="lax"/> </complexType> <simpleType name="anyURIListType"> <list itemType="anyURI"/> </simpleType> <element name="KeyDescriptor" type="md:KeyDescriptorType"/> <complexType name="KeyDescriptorType"> <sequence> <element ref="ds:KeyInfo"/> <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="use" type="md:KeyTypes" use="optional"/> </complexType> <simpleType name="KeyTypes"> <restriction base="string"> <enumeration value="encryption"/> <enumeration value="signing"/> </restriction> </simpleType> <element name="EncryptionMethod" type="xenc:EncryptionMethodType"/> <complexType name="SSODescriptorType" abstract="true"> <complexContent> <extension base="md:RoleDescriptorType"> <sequence> <element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/> <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/> <element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/> <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> </sequence> </extension> </complexContent> </complexType> <element name="ArtifactResolutionService" type="md:IndexedEndpointType"/> <element name="SingleLogoutService" type="md:EndpointType"/> <element name="ManageNameIDService" type="md:EndpointType"/> <element name="NameIDFormat" type="anyURI"/> <element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/> <complexType name="IDPSSODescriptorType"> <complexContent> <extension base="md:SSODescriptorType"> <sequence> <element ref="md:SingleSignOnService" maxOccurs="unbounded"/> <element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/> <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/> <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/> </extension> </complexContent> </complexType> <element name="SingleSignOnService" type="md:EndpointType"/> <element name="NameIDMappingService" type="md:EndpointType"/> <element name="AssertionIDRequestService" type="md:EndpointType"/> <element name="AttributeProfile" type="anyURI"/> <element name="SPSSODescriptor" type="md:SPSSODescriptorType"/> <complexType name="SPSSODescriptorType"> <complexContent> <extension base="md:SSODescriptorType"> <sequence> <element ref="md:AssertionConsumerService" maxOccurs="unbounded"/> <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="AuthnRequestsSigned" type="boolean" use="optional"/> <attribute name="WantAssertionsSigned" type="boolean" use="optional"/> </extension> </complexContent> </complexType> <element name="AssertionConsumerService" type="md:IndexedEndpointType"/> <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/> <complexType name="AttributeConsumingServiceType"> <sequence> <element ref="md:ServiceName" maxOccurs="unbounded"/> <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/> <element ref="md:RequestedAttribute" maxOccurs="unbounded"/> </sequence> <attribute name="index" type="unsignedShort" use="required"/> <attribute name="isDefault" type="boolean" use="optional"/> </complexType> <element name="ServiceName" type="md:localizedNameType"/> <element name="ServiceDescription" type="md:localizedNameType"/> <element name="RequestedAttribute" type="md:RequestedAttributeType"/> <complexType name="RequestedAttributeType"> <complexContent> <extension base="saml:AttributeType"> <attribute name="isRequired" type="boolean" use="optional"/> </extension> </complexContent> </complexType> <element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/> <complexType name="AuthnAuthorityDescriptorType"> <complexContent> <extension base="md:RoleDescriptorType"> <sequence> <element ref="md:AuthnQueryService" maxOccurs="unbounded"/> <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> </sequence> </extension> </complexContent> </complexType> <element name="AuthnQueryService" type="md:EndpointType"/> <element name="PDPDescriptor" type="md:PDPDescriptorType"/> <complexType name="PDPDescriptorType"> <complexContent> <extension base="md:RoleDescriptorType"> <sequence> <element ref="md:AuthzService" maxOccurs="unbounded"/> <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> </sequence> </extension> </complexContent> </complexType> <element name="AuthzService" type="md:EndpointType"/> <element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/> <complexType name="AttributeAuthorityDescriptorType"> <complexContent> <extension base="md:RoleDescriptorType"> <sequence> <element ref="md:AttributeService" maxOccurs="unbounded"/> <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/> <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/> </sequence> </extension> </complexContent> </complexType> <element name="AttributeService" type="md:EndpointType"/> <element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/> <complexType name="AffiliationDescriptorType"> <sequence> <element ref="ds:Signature" minOccurs="0"/> <element ref="md:Extensions" minOccurs="0"/> <element ref="md:AffiliateMember" maxOccurs="unbounded"/> <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/> <attribute name="validUntil" type="dateTime" use="optional"/> <attribute name="cacheDuration" type="duration" use="optional"/> <attribute name="ID" type="ID" use="optional"/> <anyAttribute namespace="##other" processContents="lax"/> </complexType> <element name="AffiliateMember" type="md:entityIDType"/> </schema>