+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema targetNamespace="urn:mace:shibboleth:credentials:1.0"
- xmlns:credentials="urn:mace:shibboleth:credentials:1.0"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- elementFormDefault="qualified" attributeFormDefault="unqualified">
- <xs:import namespace="http://www.w3.org/2000/09/xmldsig#"
- schemaLocation="xmldsig-core-schema.xsd"/>
- <xs:element name="Credentials">
- <xs:complexType>
- <xs:choice minOccurs="1" maxOccurs="unbounded">
- <xs:element name="KeyStoreResolver"
- type="credentials:KeyStoreResolverType"/>
- <xs:element name="FileResolver"
- type="credentials:FileResolverType"/>
- <xs:element name="CustomResolver"
- type="credentials:CustomResolverType"/>
- </xs:choice>
- <xs:anyAttribute namespace="##any" processContents="lax"/>
- </xs:complexType>
- </xs:element>
- <xs:element name="Credential">
- <xs:complexType>
- <xs:choice minOccurs="1" maxOccurs="1">
- <xs:element name="KeyStoreResolver"
- type="credentials:KeyStoreResolverType"/>
- <xs:element name="FileResolver"
- type="credentials:FileResolverType"/>
- <xs:element name="CustomResolver"
- type="credentials:CustomResolverType"/>
- </xs:choice>
- <xs:anyAttribute namespace="##any" processContents="lax"/>
- </xs:complexType>
- </xs:element>
- <xs:simpleType name="FormatType">
- <xs:restriction base="xs:string">
- <xs:enumeration value="PEM"/>
- <xs:enumeration value="DER"/>
- <xs:enumeration value="PKCS12"/>
- </xs:restriction>
- </xs:simpleType>
- <xs:complexType name="BaseCredentialFinder">
- <xs:attribute name="Id" type="xs:string" use="optional"/>
- </xs:complexType>
- <xs:complexType name="KeyStoreResolverType">
- <xs:annotation>
- <xs:documentation>Pulls credentials from a Java
- keystore.</xs:documentation>
- </xs:annotation>
- <xs:complexContent>
- <xs:extension base="credentials:BaseCredentialFinder">
- <xs:sequence>
- <xs:element name="Path" type="xs:string"/>
- <xs:element name="KeyAlias" type="xs:string"/>
- <xs:element name="CertAlias" type="xs:string"
- minOccurs="0"/>
- <xs:element name="StorePassword" type="xs:string"/>
- <xs:element name="KeyPassword" type="xs:string"
- minOccurs="0"/>
- </xs:sequence>
- <xs:attribute name="storeType" type="xs:string" use="optional"
- default="JKS"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- <xs:complexType name ="FileResolverType">
- <xs:annotation>
- <xs:documentation>Pulls credentials from files.</xs:documentation>
- </xs:annotation>
- <xs:complexContent>
- <xs:extension base="credentials:BaseCredentialFinder">
- <xs:sequence>
- <xs:element name="Key" minOccurs="0">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Path" type="xs:string"/>
- </xs:sequence>
- <xs:attribute name="format"
- type="credentials:FormatType" use="optional"
- default="PEM"/>
- <xs:attribute name="password" type="xs:string"
- use="optional"/>
- </xs:complexType>
- </xs:element>
- <xs:element name="Certificate" minOccurs="0">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Path" type="xs:string"/>
- <xs:element name="CAPath" type="xs:string"
- minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="format"
- type="credentials:FormatType" use="optional"
- default="PEM"/>
- <xs:attribute name="password" type="xs:string"
- use="optional"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- <xs:complexType name="CustomResolverType">
- <xs:annotation>
- <xs:documentation>Allows for specification of a Java class that
- loads credentials from a custom storage mechanism.
- </xs:documentation>
- </xs:annotation>
- <xs:complexContent>
- <xs:extension base="credentials:BaseCredentialFinder">
- <xs:sequence>
- <xs:any namespace="##any" processContents="lax"
- minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="class" type="xs:string" use="required"/>
- <xs:anyAttribute namespace="##any"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-</xs:schema>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="unqualified" attributeFormDefault="unqualified" version="1.1">
- <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
- <annotation>
- <documentation>
- Document identifier: sstc-saml-schema-assertion-1.1-draft-02
- Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
- Revision history:
- draft-01 (Eve Maler):
- Note that V1.1 of this schema has the same namespace as V1.0.
- Minor cosmetic updates.
- Changed IDType to restrict from xsd:ID.
- Changed IDReferenceType to restrict from xsd:IDREF.
- Set version attribute on schema element to 1.1.
- draft-02 (Prateek Mishra, Rob Philpott):
- Added DoNotCacheCondition element and DoNotCacheConditionType
- draft-03 (Scott Cantor)
- Rebased ID content directly on XML Schema types
- </documentation>
- </annotation>
- <simpleType name="DecisionType">
- <restriction base="string">
- <enumeration value="Permit"/>
- <enumeration value="Deny"/>
- <enumeration value="Indeterminate"/>
- </restriction>
- </simpleType>
- <element name="AssertionIDReference" type="NCName"/>
- <element name="Assertion" type="saml:AssertionType"/>
- <complexType name="AssertionType">
- <sequence>
- <element ref="saml:Conditions" minOccurs="0"/>
- <element ref="saml:Advice" minOccurs="0"/>
- <choice maxOccurs="unbounded">
- <element ref="saml:Statement"/>
- <element ref="saml:SubjectStatement"/>
- <element ref="saml:AuthenticationStatement"/>
- <element ref="saml:AuthorizationDecisionStatement"/>
- <element ref="saml:AttributeStatement"/>
- </choice>
- <element ref="ds:Signature" minOccurs="0"/>
- </sequence>
- <attribute name="MajorVersion" type="integer" use="required"/>
- <attribute name="MinorVersion" type="integer" use="required"/>
- <attribute name="AssertionID" type="ID" use="required"/>
- <attribute name="Issuer" type="string" use="required"/>
- <attribute name="IssueInstant" type="dateTime" use="required"/>
- </complexType>
- <element name="Conditions" type="saml:ConditionsType"/>
- <complexType name="ConditionsType">
- <choice minOccurs="0" maxOccurs="unbounded">
- <element ref="saml:AudienceRestrictionCondition"/>
- <element ref="saml:DoNotCacheCondition"/>
- <element ref="saml:Condition"/>
- </choice>
- <attribute name="NotBefore" type="dateTime" use="optional"/>
- <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
- </complexType>
- <element name="Condition" type="saml:ConditionAbstractType"/>
- <complexType name="ConditionAbstractType" abstract="true"/>
- <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/>
- <complexType name="AudienceRestrictionConditionType">
- <complexContent>
- <extension base="saml:ConditionAbstractType">
- <sequence>
- <element ref="saml:Audience" maxOccurs="unbounded"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
- <element name="Audience" type="anyURI"/>
- <element name="DoNotCacheCondition" type="saml:DoNotCacheConditionType" />
- <complexType name="DoNotCacheConditionType">
- <complexContent>
- <extension base="saml:ConditionAbstractType"/>
- </complexContent>
- </complexType>
- <element name="Advice" type="saml:AdviceType"/>
- <complexType name="AdviceType">
- <choice minOccurs="0" maxOccurs="unbounded">
- <element ref="saml:AssertionIDReference"/>
- <element ref="saml:Assertion"/>
- <any namespace="##other" processContents="lax"/>
- </choice>
- </complexType>
- <element name="Statement" type="saml:StatementAbstractType"/>
- <complexType name="StatementAbstractType" abstract="true"/>
- <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/>
- <complexType name="SubjectStatementAbstractType" abstract="true">
- <complexContent>
- <extension base="saml:StatementAbstractType">
- <sequence>
- <element ref="saml:Subject"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
- <element name="Subject" type="saml:SubjectType"/>
- <complexType name="SubjectType">
- <choice>
- <sequence>
- <element ref="saml:NameIdentifier"/>
- <element ref="saml:SubjectConfirmation" minOccurs="0"/>
- </sequence>
- <element ref="saml:SubjectConfirmation"/>
- </choice>
- </complexType>
- <element name="NameIdentifier" type="saml:NameIdentifierType"/>
- <complexType name="NameIdentifierType">
- <simpleContent>
- <extension base="string">
- <attribute name="NameQualifier" type="string" use="optional"/>
- <attribute name="Format" type="anyURI" use="optional"/>
- </extension>
- </simpleContent>
- </complexType>
- <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
- <complexType name="SubjectConfirmationType">
- <sequence>
- <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/>
- <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
- <element ref="ds:KeyInfo" minOccurs="0"/>
- </sequence>
- </complexType>
- <element name="SubjectConfirmationData" type="anyType"/>
- <element name="ConfirmationMethod" type="anyURI"/>
- <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/>
- <complexType name="AuthenticationStatementType">
- <complexContent>
- <extension base="saml:SubjectStatementAbstractType">
- <sequence>
- <element ref="saml:SubjectLocality" minOccurs="0"/>
- <element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="AuthenticationMethod" type="anyURI" use="required"/>
- <attribute name="AuthenticationInstant" type="dateTime" use="required"/>
- </extension>
- </complexContent>
- </complexType>
- <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
- <complexType name="SubjectLocalityType">
- <attribute name="IPAddress" type="string" use="optional"/>
- <attribute name="DNSAddress" type="string" use="optional"/>
- </complexType>
- <element name="AuthorityBinding" type="saml:AuthorityBindingType"/>
- <complexType name="AuthorityBindingType">
- <attribute name="AuthorityKind" type="QName" use="required"/>
- <attribute name="Location" type="anyURI" use="required"/>
- <attribute name="Binding" type="anyURI" use="required"/>
- </complexType>
- <element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/>
- <complexType name="AuthorizationDecisionStatementType">
- <complexContent>
- <extension base="saml:SubjectStatementAbstractType">
- <sequence>
- <element ref="saml:Action" maxOccurs="unbounded"/>
- <element ref="saml:Evidence" minOccurs="0"/>
- </sequence>
- <attribute name="Resource" type="anyURI" use="required"/>
- <attribute name="Decision" type="saml:DecisionType" use="required"/>
- </extension>
- </complexContent>
- </complexType>
- <element name="Action" type="saml:ActionType"/>
- <complexType name="ActionType">
- <simpleContent>
- <extension base="string">
- <attribute name="Namespace" type="anyURI"/>
- </extension>
- </simpleContent>
- </complexType>
- <element name="Evidence" type="saml:EvidenceType"/>
- <complexType name="EvidenceType">
- <choice maxOccurs="unbounded">
- <element ref="saml:AssertionIDReference"/>
- <element ref="saml:Assertion"/>
- </choice>
- </complexType>
- <element name="AttributeStatement" type="saml:AttributeStatementType"/>
- <complexType name="AttributeStatementType">
- <complexContent>
- <extension base="saml:SubjectStatementAbstractType">
- <sequence>
- <element ref="saml:Attribute" maxOccurs="unbounded"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
- <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/>
- <complexType name="AttributeDesignatorType">
- <attribute name="AttributeName" type="string" use="required"/>
- <attribute name="AttributeNamespace" type="anyURI" use="required"/>
- </complexType>
- <element name="Attribute" type="saml:AttributeType"/>
- <complexType name="AttributeType">
- <complexContent>
- <extension base="saml:AttributeDesignatorType">
- <sequence>
- <element ref="saml:AttributeValue" maxOccurs="unbounded"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
- <element name="AttributeValue" type="anyType"/>
-</schema>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:protocol" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="unqualified" attributeFormDefault="unqualified" version="1.1">
- <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
- <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
- <annotation>
- <documentation>
- Document identifier: sstc-saml-schema-protocol-1.1-draft-03
- Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
- Revision history:
- draft-01 (Eve Maler):
- Note that V1.1 of this schema has the same namespace as V1.0.
- Minor cosmetic updates.
- Set version attribute on schema element to 1.1.
- draft-01 (Eve Maler):
- Fix document Identifier.
- draft-02 (Prateek Mishra, Rob Philpott):
- Added DoNotCacheCondition.
- draft-04 (Scott Cantor):
- Rebased ID content directly on XML Schema types
- </documentation>
- </annotation>
- <complexType name="RequestAbstractType" abstract="true">
- <sequence>
- <element ref="samlp:RespondWith" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="ds:Signature" minOccurs="0"/>
- </sequence>
- <attribute name="RequestID" type="ID" use="required"/>
- <attribute name="MajorVersion" type="integer" use="required"/>
- <attribute name="MinorVersion" type="integer" use="required"/>
- <attribute name="IssueInstant" type="dateTime" use="required"/>
- </complexType>
- <element name="RespondWith" type="QName"/>
- <element name="Request" type="samlp:RequestType"/>
- <complexType name="RequestType">
- <complexContent>
- <extension base="samlp:RequestAbstractType">
- <choice>
- <element ref="samlp:Query"/>
- <element ref="samlp:SubjectQuery"/>
- <element ref="samlp:AuthenticationQuery"/>
- <element ref="samlp:AttributeQuery"/>
- <element ref="samlp:AuthorizationDecisionQuery"/>
- <element ref="saml:AssertionIDReference" maxOccurs="unbounded"/>
- <element ref="samlp:AssertionArtifact" maxOccurs="unbounded"/>
- </choice>
- </extension>
- </complexContent>
- </complexType>
- <element name="AssertionArtifact" type="string"/>
- <element name="Query" type="samlp:QueryAbstractType"/>
- <complexType name="QueryAbstractType" abstract="true"/>
- <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
- <complexType name="SubjectQueryAbstractType" abstract="true">
- <complexContent>
- <extension base="samlp:QueryAbstractType">
- <sequence>
- <element ref="saml:Subject"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
- <element name="AuthenticationQuery" type="samlp:AuthenticationQueryType"/>
- <complexType name="AuthenticationQueryType">
- <complexContent>
- <extension base="samlp:SubjectQueryAbstractType">
- <attribute name="AuthenticationMethod" type="anyURI"/>
- </extension>
- </complexContent>
- </complexType>
- <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
- <complexType name="AttributeQueryType">
- <complexContent>
- <extension base="samlp:SubjectQueryAbstractType">
- <sequence>
- <element ref="saml:AttributeDesignator" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Resource" type="anyURI" use="optional"/>
- </extension>
- </complexContent>
- </complexType>
- <element name="AuthorizationDecisionQuery" type="samlp:AuthorizationDecisionQueryType"/>
- <complexType name="AuthorizationDecisionQueryType">
- <complexContent>
- <extension base="samlp:SubjectQueryAbstractType">
- <sequence>
- <element ref="saml:Action" maxOccurs="unbounded"/>
- <element ref="saml:Evidence" minOccurs="0"/>
- </sequence>
- <attribute name="Resource" type="anyURI" use="required"/>
- </extension>
- </complexContent>
- </complexType>
- <complexType name="ResponseAbstractType" abstract="true">
- <sequence>
- <element ref="ds:Signature" minOccurs="0"/>
- </sequence>
- <attribute name="ResponseID" type="ID" use="required"/>
- <attribute name="InResponseTo" type="NCName" use="optional"/>
- <attribute name="MajorVersion" type="integer" use="required"/>
- <attribute name="MinorVersion" type="integer" use="required"/>
- <attribute name="IssueInstant" type="dateTime" use="required"/>
- <attribute name="Recipient" type="anyURI" use="optional"/>
- </complexType>
- <element name="Response" type="samlp:ResponseType"/>
- <complexType name="ResponseType">
- <complexContent>
- <extension base="samlp:ResponseAbstractType">
- <sequence>
- <element ref="samlp:Status"/>
- <element ref="saml:Assertion" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
- <element name="Status" type="samlp:StatusType"/>
- <complexType name="StatusType">
- <sequence>
- <element ref="samlp:StatusCode"/>
- <element ref="samlp:StatusMessage" minOccurs="0"/>
- <element ref="samlp:StatusDetail" minOccurs="0"/>
- </sequence>
- </complexType>
- <element name="StatusCode" type="samlp:StatusCodeType"/>
- <complexType name="StatusCodeType">
- <sequence>
- <element ref="samlp:StatusCode" minOccurs="0"/>
- </sequence>
- <attribute name="Value" type="QName" use="required"/>
- </complexType>
- <element name="StatusMessage" type="string"/>
- <element name="StatusDetail" type="samlp:StatusDetailType"/>
- <complexType name="StatusDetailType">
- <sequence>
- <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- </complexType>
-</schema>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- v12_to_v11.xsl
-
- XSL stylesheet converting a Shibboleth 1.2 sites metadata file into the equivalent for
- Shibboleth 1.1.
-
- Author: Ian A. Young <ian@iay.org.uk>
-
- $Id$
--->
-<xsl:stylesheet version="1.0"
- xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
- xmlns:shibb10="urn:mace:shibboleth:1.0"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- exclude-result-prefixes="shibb10">
-
- <!--
- Version information for this file. Remember to peel off the dollar signs
- before dropping the text into another versioned file.
- -->
- <xsl:param name="cvsId">$Id$</xsl:param>
-
- <!--
- Add a comment to the start of the output file.
- -->
- <xsl:template match="/">
- <xsl:comment>
- <xsl:text> 	***DO NOT EDIT THIS FILE*** </xsl:text>
- <xsl:text>	Converted by: 	</xsl:text>
- <xsl:value-of select="substring-before(substring-after($cvsId, ': '), '$')"/>
- <xsl:text> </xsl:text>
- </xsl:comment>
- <xsl:apply-templates/>
- </xsl:template>
-
- <!--Force UTF-8 encoding for the output.-->
- <xsl:output omit-xml-declaration="no" method="xml" encoding="UTF-8" indent="yes"/>
-
- <!--
- shibb10:SiteGroup is the root element for the sites file. Process it by copying across everything except DestinationSite elements.
- -->
- <xsl:template match="shibb10:SiteGroup">
- <xsl:copy>
- <xsl:attribute name="xsi:schemaLocation">
- <xsl:text>urn:mace:shibboleth:1.0 shibboleth.xsd</xsl:text>
- </xsl:attribute>
- <xsl:apply-templates select="@Name|text()|comment()|shibb10:OriginSite"/>
- </xsl:copy>
- </xsl:template>
-
- <!--By default, copy text blocks, comments and attributes unchanged.-->
- <xsl:template match="text()|comment()|@*">
- <xsl:copy/>
- </xsl:template>
-
- <!--By default, copy all elements from the input to the output, along with their attributes and contents.-->
- <xsl:template match="*">
- <xsl:copy>
- <xsl:apply-templates select="node()|@*"/>
- </xsl:copy>
- </xsl:template>
-
-</xsl:stylesheet>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-
- v12_to_v13.xsl
-
- XSL stylesheet converting a Shibboleth 1.2 sites file into the equivalent for
- Shibboleth 1.3, which is based on the SAML 1.1 profile of the SAML 2.0
- metadata format. No attempt is made to incorporate the separate trust
- data used by Shibboleth 1.2.
-
- Author: Ian A. Young <ian@iay.org.uk>
-
- $Id$
--->
-<xsl:stylesheet version="1.0"
- xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- xmlns:shib="urn:mace:shibboleth:1.0"
- xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
- exclude-result-prefixes="shib">
-
- <!--
- Version information for this file. Remember to peel off the dollar signs
- before dropping the text into another versioned file.
- -->
- <xsl:param name="cvsId">$Id$</xsl:param>
-
- <!--
- Add a comment to the start of the output file.
- -->
- <xsl:template match="/">
- <xsl:comment>
- <xsl:text> 	***DO NOT EDIT THIS FILE*** </xsl:text>
- <xsl:text>	Converted by: 	</xsl:text>
- <xsl:value-of select="substring-before(substring-after($cvsId, ': '), '$')"/>
- <xsl:text> </xsl:text>
- </xsl:comment>
- <xsl:apply-templates/>
- </xsl:template>
-
- <!--Force UTF-8 encoding for the output.-->
- <xsl:output omit-xml-declaration="no" method="xml" encoding="UTF-8" indent="yes"/>
-
- <!--
- SiteGroup is the root element for the sites file. The corresponding element in the new format file
- is an EntitiesDescriptor.
- -->
- <xsl:template match="shib:SiteGroup">
- <EntitiesDescriptor Name="{@Name}">
- <xsl:attribute name="xsi:schemaLocation">
- <xsl:text>urn:oasis:names:tc:SAML:2.0:metadata sstc-saml-schema-metadata-2.0.xsd </xsl:text>
- <xsl:text>urn:mace:shibboleth:metadata:1.0 shibboleth-metadata-1.0.xsd </xsl:text>
- <xsl:text>http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd</xsl:text>
- </xsl:attribute>
- <!--
- Pass through text blocks and comments, and any shib elements.
- These may be: OriginSite, DestinationSite or nested SiteGroup.
- -->
- <xsl:apply-templates select="text()|comment()|shib:*"/>
- </EntitiesDescriptor>
- </xsl:template>
-
- <!--
- Map OriginSite to an EntityDescriptor with a particular format.
- -->
- <xsl:template match="shib:OriginSite">
- <EntityDescriptor entityID="{@Name}">
- <!--
- Copy through comments and text blocks at the start of the output element.
- This means we don't lose comments, but there is no way to guarantee they will
- come out "in the right place".
- -->
- <xsl:apply-templates select="text()|comment()"/>
- <!--
- Map HandleService and AttributeAuthority. We need to pass in the (possibly empty)
- set of Domain elements as a parameter.
- -->
- <xsl:apply-templates select="shib:HandleService|shib:AttributeAuthority">
- <xsl:with-param name="Domain" select="shib:Domain"/>
- </xsl:apply-templates>
- <xsl:call-template name="Alias"/>
- <xsl:apply-templates select="shib:Contact"/>
- </EntityDescriptor>
- </xsl:template>
-
- <!--
- Map HandleService to IDPSSODescriptor.
- -->
- <xsl:template match="shib:HandleService">
- <xsl:param name="Domain"/>
- <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
- <!--
- Map @ErrorURL (if present) to @errorURL
- -->
- <xsl:apply-templates select="../@ErrorURL"/>
- <!--
- Extensions appears iff there is something to put in it.
- -->
- <xsl:if test="boolean($Domain)">
- <Extensions>
- <xsl:apply-templates select="$Domain"/>
- </Extensions>
- </xsl:if>
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:KeyName>
- <xsl:value-of select="@Name"/>
- </ds:KeyName>
- </ds:KeyInfo>
- </KeyDescriptor>
- <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
- Location="{@Location}"/>
- </IDPSSODescriptor>
- </xsl:template>
-
- <!--
- Map AttributeAuthority to AttributeAuthorityDescriptor.
- -->
- <xsl:template match="shib:AttributeAuthority">
- <xsl:param name="Domain"/>
- <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
- <!--
- Map @ErrorURL (if present) to @errorURL
- -->
- <xsl:apply-templates select="../@ErrorURL"/>
- <!--
- Extensions appears iff there is something to put in it.
- -->
- <xsl:if test="boolean($Domain)">
- <Extensions>
- <xsl:apply-templates select="$Domain"/>
- </Extensions>
- </xsl:if>
- <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
- Location="{@Location}"/>
- </AttributeAuthorityDescriptor>
- </xsl:template>
-
- <!--
- Map Domain to a Scope extension.
- -->
- <xsl:template match="shib:Domain">
- <shibmeta:Scope>
- <xsl:apply-templates select="@regexp"/>
- <xsl:value-of select="."/>
- </shibmeta:Scope>
- </xsl:template>
-
- <!--
- Map DestinationSite to an EntityDescriptor with a particular format.
- -->
- <xsl:template match="shib:DestinationSite">
- <EntityDescriptor entityID="{@Name}">
- <!--
- Copy through comments and text blocks at the start of the output element.
- This means we don't lose comments, but there is no way to guarantee they will
- come out "in the right place".
- -->
- <xsl:apply-templates select="text()|comment()"/>
- <!--
- Generate IDPSSODescriptor.
- -->
- <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
- <!--
- Map @ErrorURL (if present) to @errorURL
- -->
- <xsl:apply-templates select="@ErrorURL"/>
- <!--
- Map AttributeRequester elements to KeyDescriptor elements.
- -->
- <xsl:apply-templates select="shib:AttributeRequester"/>
- <!--
- Map the AssertionConsumerServiceURL elements to
- AssertionConsumerService elements. The latter require unique
- integer indices, so do this by looping over them and using
- position in the loop to generate each index.
- -->
- <xsl:for-each select="shib:AssertionConsumerServiceURL">
- <xsl:apply-templates select=".">
- <xsl:with-param name="index" select="position()-1"/>
- </xsl:apply-templates>
- </xsl:for-each>
- </SPSSODescriptor>
- <xsl:call-template name="Alias"/>
- <xsl:apply-templates select="shib:Contact"/>
- </EntityDescriptor>
- </xsl:template>
-
- <!--
- Map @ErrorURL to @errorURL
- -->
- <xsl:template match="@ErrorURL">
- <xsl:attribute name="errorURL"><xsl:value-of select="."/></xsl:attribute>
- </xsl:template>
-
- <!--
- Map AttributeRequester to KeyDescriptor.
- -->
- <xsl:template match="shib:AttributeRequester">
- <KeyDescriptor>
- <ds:KeyInfo>
- <ds:KeyName>
- <xsl:value-of select="@Name"/>
- </ds:KeyName>
- </ds:KeyInfo>
- </KeyDescriptor>
- </xsl:template>
-
- <!--
- Map AssertionConsumerServiceURL to AssertionConsumerService.
- -->
- <xsl:template match="shib:AssertionConsumerServiceURL">
- <xsl:param name="index"/>
- <AssertionConsumerService index="{$index}"
- Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="{@Location}"
- />
- </xsl:template>
-
- <!--
- Named template to map a set of Alias elements to a corresponding Organization.
- -->
- <xsl:template name="Alias">
- <xsl:if test="boolean(shib:Alias)">
- <Organization>
- <xsl:apply-templates select="shib:Alias" mode="OrganizationName"/>
- <xsl:apply-templates select="shib:Alias" mode="OrganizationDisplayName"/>
- <xsl:apply-templates select="shib:Alias" mode="OrganizationURL"/>
- </Organization>
- </xsl:if>
- </xsl:template>
-
- <!--
- Map Alias to OrganizationName
- -->
- <xsl:template match="shib:Alias" mode="OrganizationName">
- <OrganizationName>
- <xsl:call-template name="copyXmlLang"/>
- <xsl:value-of select="."/>
- </OrganizationName>
- </xsl:template>
-
- <!--
- Map Alias to OrganizationDisplayName
- -->
- <xsl:template match="shib:Alias" mode="OrganizationDisplayName">
- <OrganizationDisplayName>
- <xsl:call-template name="copyXmlLang"/>
- <xsl:value-of select="."/>
- </OrganizationDisplayName>
- </xsl:template>
-
- <!--
- Map Alias to OrganizationURL
- -->
- <xsl:template match="shib:Alias" mode="OrganizationURL">
- <OrganizationURL>
- <xsl:call-template name="copyXmlLang"/>
- <!-- there is nothing to map, but the URL is mandatory -->
- <xsl:text>http://www.example.com/</xsl:text>
- </OrganizationURL>
- </xsl:template>
-
- <!--
- Copy an xml:lang attribute, or default to "en" if none present.
- -->
- <xsl:template name="copyXmlLang">
- <xsl:if test="boolean(@xml:lang)">
- <xsl:attribute name="xml:lang"><xsl:value-of select="@xml:lang"/></xsl:attribute>
- </xsl:if>
- <xsl:if test="not(boolean(@xml:lang))">
- <xsl:attribute name="xml:lang">en</xsl:attribute>
- </xsl:if>
- </xsl:template>
-
- <!--
- Map Contact to ContactPerson
- -->
- <xsl:template match="shib:Contact">
- <ContactPerson contactType="{@Type}">
- <!--
- There is no real mapping for the Name attribute, so we rather arbitrarily
- dump that into GivenName rather than trying to split it into a GivenName and
- a SurName or something complicated like that.
- -->
- <GivenName>
- <xsl:value-of select="@Name"/>
- </GivenName>
- <!--
- E-mail address, but only if it was present in the original.
- -->
- <xsl:apply-templates select="@Email" mode="Contact"/>
- </ContactPerson>
- </xsl:template>
-
- <!--
- E-mail address for Contact
- -->
- <xsl:template match="@Email" mode="Contact">
- <EmailAddress>
- <xsl:value-of select="."/>
- </EmailAddress>
- </xsl:template>
-
- <!--
- By default, copy referenced attributes through unchanged.
- -->
- <xsl:template match="@*">
- <xsl:attribute name="{name()}"><xsl:value-of select="."/></xsl:attribute>
- </xsl:template>
-
- <!--
- By default, copy comments through to the output unchanged, but strip extra text.
- -->
- <xsl:template match="comment()">
- <xsl:copy/>
- </xsl:template>
- <xsl:template match="text()"/>
-
-</xsl:stylesheet>
-
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-
- v13_to_v12_sites.xsl
-
- XSL stylesheet converting a SAML 2 metadata file describing a Shibboleth
- 1.3 federation into the equivalent Shibboleth 1.2 sites file.
-
- Author: Ian A. Young <ian@iay.org.uk>
-
- $Id$
--->
-<xsl:stylesheet version="1.0"
- xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0"
- xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns="urn:mace:shibboleth:1.0"
- exclude-result-prefixes="shibmeta md ds">
-
- <!--
- Version information for this file. Remember to peel off the dollar signs
- before dropping the text into another versioned file.
- -->
- <xsl:param name="cvsId">$Id$</xsl:param>
-
- <!--
- Add a comment to the start of the output file.
- -->
- <xsl:template match="/">
- <xsl:comment>
- <xsl:text> 	***DO NOT EDIT THIS FILE*** </xsl:text>
- <xsl:text>	Converted by: 	</xsl:text>
- <xsl:value-of select="substring-before(substring-after($cvsId, ': '), '$')"/>
- <xsl:text> </xsl:text>
- </xsl:comment>
- <xsl:apply-templates/>
- </xsl:template>
-
- <!--Force UTF-8 encoding for the output.-->
- <xsl:output omit-xml-declaration="no" method="xml" encoding="UTF-8" indent="yes"/>
-
- <!--
- Selectively strip empty text nodes from the input.
- -->
- <xsl:strip-space elements="md:EntityDescriptor"/>
-
- <!--
- Map EntitiesDescriptor to SiteGroup
- -->
- <xsl:template match="md:EntitiesDescriptor">
- <SiteGroup Name="{@Name}">
- <xsl:attribute name="xsi:schemaLocation">
- <xsl:text>urn:mace:shibboleth:1.0 shibboleth.xsd</xsl:text>
- </xsl:attribute>
- <!--
- Pass through text blocks and comments, and interesting elements.
- These may be: EntityDescriptor or nested EntitiesDescriptor.
- -->
- <xsl:apply-templates select="text()|comment()|md:EntityDescriptor|md:EntitiesDescriptor"/>
- </SiteGroup>
- </xsl:template>
-
- <!--
- Map EntityDescriptor to whichever of OriginSite and/or DestinationSite apply.
- -->
- <xsl:template match="md:EntityDescriptor">
- <xsl:if test="md:IDPSSODescriptor">
- <xsl:call-template name="OriginSite"/>
- </xsl:if>
- <xsl:if test="md:SPSSODescriptor">
- <xsl:call-template name="DestinationSite"/>
- </xsl:if>
- </xsl:template>
-
- <!--
- Map appropriate EntityDescriptor to OriginSite
- -->
- <xsl:template name="OriginSite">
- <OriginSite Name="{@entityID}">
- <!-- ErrorURL attribute -->
- <xsl:apply-templates select="md:IDPSSODescriptor/@errorURL"/>
-
- <!--
- Copy through all comments at the start of the output element.
- This means we don't lose comments, but there is no way to guarantee they will
- come out "in the right place".
- -->
- <xsl:apply-templates select="descendant::comment()"/>
-
- <!-- Alias elements -->
- <xsl:apply-templates select="md:Organization"/>
-
- <!-- Contact elements -->
- <xsl:apply-templates select="md:ContactPerson"/>
-
- <!-- HandleService elements -->
- <xsl:apply-templates select="md:IDPSSODescriptor"/>
-
- <!-- AttributeAuthority elements -->
- <xsl:apply-templates select="md:AttributeAuthorityDescriptor/md:AttributeService"/>
-
- <!--
- Domain elements
-
- These may come from Scope elements under either of two md elements. We pass
- through only the ones from the AttributeAuthorityDescriptor as we know that 1.2
- sites don't have scopes associated with the SSO.
- -->
- <xsl:apply-templates select="md:AttributeAuthorityDescriptor/md:Extensions/shibmeta:Scope"/>
-
- </OriginSite>
- </xsl:template>
-
- <!--
- Map IDPSSODescriptor to HandleService
- -->
- <xsl:template match="md:IDPSSODescriptor">
- <HandleService Name="{md:KeyDescriptor/ds:KeyInfo/ds:KeyName}"
- Location="{md:SingleSignOnService/@Location}"
- />
- </xsl:template>
-
- <!--
- Map AttributeService to AttributeAuthority
- -->
- <xsl:template match="md:AttributeService">
- <!-- pull out the host component of the location, after the // and before the next / -->
- <xsl:param name="host" select="substring-before(substring-after(@Location, '//'), '/')"/>
- <AttributeAuthority Location="{@Location}">
- <xsl:attribute name="Name">
- <xsl:choose>
- <!-- take off a trailing :port from the host, if present -->
- <xsl:when test="substring-before($host, ':') != ''">
- <xsl:value-of select="substring-before($host, ':')"/>
- </xsl:when>
- <!-- otherwise if the port is absent we just use the host unchanged -->
- <xsl:otherwise>
- <xsl:value-of select="$host"/>
- </xsl:otherwise>
- </xsl:choose>
- </xsl:attribute>
- </AttributeAuthority>
- </xsl:template>
-
- <!--
- Map Scope to Domain
- -->
- <xsl:template match="shibmeta:Scope">
- <Domain>
- <xsl:apply-templates select="@regexp"/>
- <xsl:value-of select="."/>
- </Domain>
- </xsl:template>
-
- <!--
- Map appropriate EntityDescriptor to DestinationSite
- -->
- <xsl:template name="DestinationSite">
- <DestinationSite Name="{@entityID}">
- <!-- ErrorURL attribute -->
- <xsl:apply-templates select="md:SPSSODescriptor/@errorURL"/>
-
- <!--
- Copy through all comments at the start of the output element.
- This means we don't lose comments, but there is no way to guarantee they will
- come out "in the right place".
- -->
- <xsl:apply-templates select="descendant::comment()"/>
-
- <!-- Alias elements -->
- <xsl:apply-templates select="md:Organization"/>
-
- <!-- Contact elements -->
- <xsl:apply-templates select="md:ContactPerson"/>
-
- <!-- AssertionConsumerServiceURL elements -->
- <xsl:apply-templates
- select="md:SPSSODescriptor/md:AssertionConsumerService[@Binding='urn:oasis:names:tc:SAML:1.0:profiles:browser-post']"/>
-
- <!-- AttributeRequester elements -->
- <xsl:apply-templates select="md:SPSSODescriptor/md:KeyDescriptor/ds:KeyInfo/ds:KeyName"/>
- </DestinationSite>
- </xsl:template>
-
- <!--
- Map AssertionConsumerService to AssertionConsumerServiceURL
- -->
- <xsl:template match="md:AssertionConsumerService">
- <AssertionConsumerServiceURL Location="{@Location}"/>
- </xsl:template>
-
- <!--
- Map ds:KeyName to AttributeRequester
- -->
- <xsl:template match="ds:KeyName">
- <AttributeRequester Name="{.}"/>
- </xsl:template>
-
- <!--
- Map Organization to a sequence of Alias elements.
-
- The common case is that there are exactly one of each of OrganizationName and
- OrganizationDisplayName, and that they are equal. In that case, just convert the
- OrganizationDisplayName into an Alias. Otherwise, convert them all.
- -->
- <xsl:template match="md:Organization">
- <xsl:param name="nName" select="count(md:OrganizationName)"/>
- <xsl:param name="nDisp" select="count(md:OrganizationDisplayName)"/>
- <xsl:choose>
- <xsl:when test="$nName=1 and $nDisp=1 and md:OrganizationName = md:OrganizationDisplayName">
- <xsl:apply-templates select="md:OrganizationDisplayName"/>
- </xsl:when>
- <xsl:otherwise>
- <xsl:apply-templates select="md:OrganizationName"/>
- <xsl:apply-templates select="md:OrganizationDisplayName"/>
- </xsl:otherwise>
- </xsl:choose>
- </xsl:template>
-
- <!--
- Map OrganizationName or OrganizationDisplayName to Alias
- -->
- <xsl:template match="md:OrganizationName|md:OrganizationDisplayName">
- <Alias>
- <xsl:if test="@xml:lang != 'en'">
- <xsl:apply-templates select="@xml:lang"/>
- </xsl:if>
- <xsl:value-of select="."/>
- </Alias>
- </xsl:template>
-
- <!--
- Map Contact to ContactPerson
-
- Cope with:
- * absence of optional EmailAddress
- * malformed EmailAddress (no mailto:)
- * mixtures of GivenName and SurName
- -->
- <xsl:template match="md:ContactPerson">
- <Contact Type="{@contactType}">
- <!-- Email attribute -->
- <xsl:choose>
- <xsl:when test="starts-with(md:EmailAddress, 'mailto:')">
- <xsl:attribute name="Email">
- <xsl:value-of select="substring-after(md:EmailAddress, 'mailto:')"/>
- </xsl:attribute>
- </xsl:when>
- <xsl:when test="md:EmailAddress">
- <xsl:attribute name="Email">
- <xsl:value-of select="md:EmailAddress"/>
- </xsl:attribute>
- </xsl:when>
- <xsl:otherwise>
- <!-- omit Email attribute if in doubt -->
- </xsl:otherwise>
- </xsl:choose>
- <!-- Name attribute -->
- <xsl:choose>
- <xsl:when test="md:GivenName and md:SurName">
- <xsl:attribute name="Name"><xsl:value-of select="concat(md:GivenName, ' ', md:SurName)"/></xsl:attribute>
- </xsl:when>
- <xsl:when test="md:GivenName">
- <xsl:attribute name="Name"><xsl:value-of select="md:GivenName"/></xsl:attribute>
- </xsl:when>
- <xsl:otherwise>
- <xsl:attribute name="Name">Nobody</xsl:attribute>
- </xsl:otherwise>
- </xsl:choose>
- </Contact>
- </xsl:template>
-
- <!--
- Map @errorURL to @ErrorURL
- -->
- <xsl:template match="@errorURL">
- <xsl:attribute name="ErrorURL"><xsl:value-of select="."/></xsl:attribute>
- </xsl:template>
-
- <!--
- By default, copy referenced attributes through unchanged.
- -->
- <xsl:template match="@*">
- <xsl:attribute name="{name()}"><xsl:value-of select="."/></xsl:attribute>
- </xsl:template>
-
- <!--
- By default, copy comments through to the output unchanged, but strip extra text.
- -->
- <xsl:template match="comment()">
- <xsl:copy/>
- </xsl:template>
- <xsl:template match="text()"/>
-
-</xsl:stylesheet>
-
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema targetNamespace="urn:mace:shibboleth:namemapper:1.0" xmlns:namemapper="urn:mace:shibboleth:namemapper:1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" elementFormDefault="qualified" attributeFormDefault="unqualified">
- <xs:element name="NameMapping" type="namemapper:NameMappingType"/>
- <xs:complexType name="NameMappingType">
- <xs:sequence minOccurs="0" maxOccurs="unbounded">
- <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="format" type="xs:anyURI" use="required"/>
- <xs:attribute name="id" type="xs:string" use="optional"/>
- <xs:attribute name="class" type="xs:string" use="optional"/>
- <xs:attribute name="type" type="xs:string" use="optional"/>
- <xs:anyAttribute namespace="##any" processContents="lax"/>
- </xs:complexType>
-</xs:schema>
+++ /dev/null
-<?xml version="1.0" encoding="US-ASCII"?>
-<schema
- targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
- xmlns="http://www.w3.org/2001/XMLSchema"
- xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
- elementFormDefault="unqualified"
- attributeFormDefault="unqualified"
- blockDefault="substitution"
- version="2.0">
- <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
- <import namespace="http://www.w3.org/2001/04/xmlenc#" schemaLocation="xenc-schema.xsd"/>
- <annotation>
- <documentation>
- Document identifier: saml-schema-assertion-2.0
- Location: http://docs.oasis-open.org/security/saml/v2.0/
- Revision history:
- V1.0 (November, 2002):
- Initial Standard Schema.
- V1.1 (September, 2003):
- Updates within the same V1.0 namespace.
- V2.0 (March, 2005):
- New assertion schema for SAML V2.0 namespace.
- </documentation>
- </annotation>
- <attributeGroup name="IDNameQualifiers">
- <attribute name="NameQualifier" type="string" use="optional"/>
- <attribute name="SPNameQualifier" type="string" use="optional"/>
- </attributeGroup>
- <element name="BaseID" type="saml:BaseIDAbstractType"/>
- <complexType name="BaseIDAbstractType" abstract="true">
- <attributeGroup ref="saml:IDNameQualifiers"/>
- </complexType>
- <element name="NameID" type="saml:NameIDType"/>
- <complexType name="NameIDType">
- <simpleContent>
- <extension base="string">
- <attributeGroup ref="saml:IDNameQualifiers"/>
- <attribute name="Format" type="anyURI" use="optional"/>
- <attribute name="SPProvidedID" type="string" use="optional"/>
- </extension>
- </simpleContent>
- </complexType>
- <complexType name="EncryptedElementType">
- <sequence>
- <element ref="xenc:EncryptedData"/>
- <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- </complexType>
- <element name="EncryptedID" type="saml:EncryptedElementType"/>
- <element name="Issuer" type="saml:NameIDType"/>
- <element name="AssertionIDRef" type="NCName"/>
- <element name="AssertionURIRef" type="anyURI"/>
- <element name="Assertion" type="saml:AssertionType"/>
- <complexType name="AssertionType">
- <sequence>
- <element ref="saml:Issuer"/>
- <element ref="ds:Signature" minOccurs="0"/>
- <element ref="saml:Subject" minOccurs="0"/>
- <element ref="saml:Conditions" minOccurs="0"/>
- <element ref="saml:Advice" minOccurs="0"/>
- <choice minOccurs="0" maxOccurs="unbounded">
- <element ref="saml:Statement"/>
- <element ref="saml:AuthnStatement"/>
- <element ref="saml:AuthzDecisionStatement"/>
- <element ref="saml:AttributeStatement"/>
- </choice>
- </sequence>
- <attribute name="Version" type="string" use="required"/>
- <attribute name="ID" type="ID" use="required"/>
- <attribute name="IssueInstant" type="dateTime" use="required"/>
- </complexType>
- <element name="Subject" type="saml:SubjectType"/>
- <complexType name="SubjectType">
- <choice>
- <sequence>
- <choice>
- <element ref="saml:BaseID"/>
- <element ref="saml:NameID"/>
- <element ref="saml:EncryptedID"/>
- </choice>
- <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
- </choice>
- </complexType>
- <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
- <complexType name="SubjectConfirmationType">
- <sequence>
- <choice minOccurs="0">
- <element ref="saml:BaseID"/>
- <element ref="saml:NameID"/>
- <element ref="saml:EncryptedID"/>
- </choice>
- <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
- </sequence>
- <attribute name="Method" type="anyURI" use="required"/>
- </complexType>
- <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
- <complexType name="SubjectConfirmationDataType" mixed="true">
- <complexContent>
- <restriction base="anyType">
- <sequence>
- <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="NotBefore" type="dateTime" use="optional"/>
- <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
- <attribute name="Recipient" type="anyURI" use="optional"/>
- <attribute name="InResponseTo" type="NCName" use="optional"/>
- <attribute name="Address" type="string" use="optional"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </restriction>
- </complexContent>
- </complexType>
- <complexType name="KeyInfoConfirmationDataType" mixed="false">
- <complexContent>
- <restriction base="saml:SubjectConfirmationDataType">
- <sequence>
- <element ref="ds:KeyInfo" maxOccurs="unbounded"/>
- </sequence>
- </restriction>
- </complexContent>
- </complexType>
- <element name="Conditions" type="saml:ConditionsType"/>
- <complexType name="ConditionsType">
- <choice minOccurs="0" maxOccurs="unbounded">
- <element ref="saml:Condition"/>
- <element ref="saml:AudienceRestriction"/>
- <element ref="saml:OneTimeUse"/>
- <element ref="saml:ProxyRestriction"/>
- </choice>
- <attribute name="NotBefore" type="dateTime" use="optional"/>
- <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
- </complexType>
- <element name="Condition" type="saml:ConditionAbstractType"/>
- <complexType name="ConditionAbstractType" abstract="true"/>
- <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
- <complexType name="AudienceRestrictionType">
- <complexContent>
- <extension base="saml:ConditionAbstractType">
- <sequence>
- <element ref="saml:Audience" maxOccurs="unbounded"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
- <element name="Audience" type="anyURI"/>
- <element name="OneTimeUse" type="saml:OneTimeUseType" />
- <complexType name="OneTimeUseType">
- <complexContent>
- <extension base="saml:ConditionAbstractType"/>
- </complexContent>
- </complexType>
- <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
- <complexType name="ProxyRestrictionType">
- <complexContent>
- <extension base="saml:ConditionAbstractType">
- <sequence>
- <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Count" type="nonNegativeInteger" use="optional"/>
- </extension>
- </complexContent>
- </complexType>
- <element name="Advice" type="saml:AdviceType"/>
- <complexType name="AdviceType">
- <choice minOccurs="0" maxOccurs="unbounded">
- <element ref="saml:AssertionIDRef"/>
- <element ref="saml:AssertionURIRef"/>
- <element ref="saml:Assertion"/>
- <element ref="saml:EncryptedAssertion"/>
- <any namespace="##other" processContents="lax"/>
- </choice>
- </complexType>
- <element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
- <element name="Statement" type="saml:StatementAbstractType"/>
- <complexType name="StatementAbstractType" abstract="true"/>
- <element name="AuthnStatement" type="saml:AuthnStatementType"/>
- <complexType name="AuthnStatementType">
- <complexContent>
- <extension base="saml:StatementAbstractType">
- <sequence>
- <element ref="saml:SubjectLocality" minOccurs="0"/>
- <element ref="saml:AuthnContext"/>
- </sequence>
- <attribute name="AuthnInstant" type="dateTime" use="required"/>
- <attribute name="SessionIndex" type="string" use="optional"/>
- <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
- </extension>
- </complexContent>
- </complexType>
- <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
- <complexType name="SubjectLocalityType">
- <attribute name="Address" type="string" use="optional"/>
- <attribute name="DNSName" type="string" use="optional"/>
- </complexType>
- <element name="AuthnContext" type="saml:AuthnContextType"/>
- <complexType name="AuthnContextType">
- <sequence>
- <choice>
- <sequence>
- <element ref="saml:AuthnContextClassRef"/>
- <choice minOccurs="0">
- <element ref="saml:AuthnContextDecl"/>
- <element ref="saml:AuthnContextDeclRef"/>
- </choice>
- </sequence>
- <choice>
- <element ref="saml:AuthnContextDecl"/>
- <element ref="saml:AuthnContextDeclRef"/>
- </choice>
- </choice>
- <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- </complexType>
- <element name="AuthnContextClassRef" type="anyURI"/>
- <element name="AuthnContextDeclRef" type="anyURI"/>
- <element name="AuthnContextDecl" type="anyType"/>
- <element name="AuthenticatingAuthority" type="anyURI"/>
- <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
- <complexType name="AuthzDecisionStatementType">
- <complexContent>
- <extension base="saml:StatementAbstractType">
- <sequence>
- <element ref="saml:Action" maxOccurs="unbounded"/>
- <element ref="saml:Evidence" minOccurs="0"/>
- </sequence>
- <attribute name="Resource" type="anyURI" use="required"/>
- <attribute name="Decision" type="saml:DecisionType" use="required"/>
- </extension>
- </complexContent>
- </complexType>
- <simpleType name="DecisionType">
- <restriction base="string">
- <enumeration value="Permit"/>
- <enumeration value="Deny"/>
- <enumeration value="Indeterminate"/>
- </restriction>
- </simpleType>
- <element name="Action" type="saml:ActionType"/>
- <complexType name="ActionType">
- <simpleContent>
- <extension base="string">
- <attribute name="Namespace" type="anyURI" use="required"/>
- </extension>
- </simpleContent>
- </complexType>
- <element name="Evidence" type="saml:EvidenceType"/>
- <complexType name="EvidenceType">
- <choice maxOccurs="unbounded">
- <element ref="saml:AssertionIDRef"/>
- <element ref="saml:AssertionURIRef"/>
- <element ref="saml:Assertion"/>
- <element ref="saml:EncryptedAssertion"/>
- </choice>
- </complexType>
- <element name="AttributeStatement" type="saml:AttributeStatementType"/>
- <complexType name="AttributeStatementType">
- <complexContent>
- <extension base="saml:StatementAbstractType">
- <choice maxOccurs="unbounded">
- <element ref="saml:Attribute"/>
- <element ref="saml:EncryptedAttribute"/>
- </choice>
- </extension>
- </complexContent>
- </complexType>
- <element name="Attribute" type="saml:AttributeType"/>
- <complexType name="AttributeType">
- <sequence>
- <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Name" type="string" use="required"/>
- <attribute name="NameFormat" type="anyURI" use="optional"/>
- <attribute name="FriendlyName" type="string" use="optional"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </complexType>
- <element name="AttributeValue" type="anyType" nillable="true"/>
- <element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
-</schema>
+++ /dev/null
-<?xml version="1.0" encoding="US-ASCII"?>
-<schema
- targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata"
- xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
- xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
- xmlns="http://www.w3.org/2001/XMLSchema"
- elementFormDefault="unqualified"
- attributeFormDefault="unqualified"
- blockDefault="substitution"
- version="2.0">
- <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
- <import namespace="http://www.w3.org/2001/04/xmlenc#" schemaLocation="xenc-schema.xsd"/>
- <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
- <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
- <annotation>
- <documentation>
- Document identifier: saml-schema-metadata-2.0
- Location: http://docs.oasis-open.org/security/saml/v2.0/
- Revision history:
- V2.0 (March, 2005):
- Schema for SAML metadata, first published in SAML 2.0.
- </documentation>
- </annotation>
-
- <simpleType name="entityIDType">
- <restriction base="anyURI">
- <maxLength value="1024"/>
- </restriction>
- </simpleType>
- <complexType name="localizedNameType">
- <simpleContent>
- <extension base="string">
- <attribute ref="xml:lang" use="required"/>
- </extension>
- </simpleContent>
- </complexType>
- <complexType name="localizedURIType">
- <simpleContent>
- <extension base="anyURI">
- <attribute ref="xml:lang" use="required"/>
- </extension>
- </simpleContent>
- </complexType>
-
- <element name="Extensions" type="md:ExtensionsType"/>
- <complexType final="#all" name="ExtensionsType">
- <sequence>
- <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
- </sequence>
- </complexType>
-
- <complexType name="EndpointType">
- <sequence>
- <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Binding" type="anyURI" use="required"/>
- <attribute name="Location" type="anyURI" use="required"/>
- <attribute name="ResponseLocation" type="anyURI" use="optional"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </complexType>
-
- <complexType name="IndexedEndpointType">
- <complexContent>
- <extension base="md:EndpointType">
- <attribute name="index" type="unsignedShort" use="required"/>
- <attribute name="isDefault" type="boolean" use="optional"/>
- </extension>
- </complexContent>
- </complexType>
-
- <element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/>
- <complexType name="EntitiesDescriptorType">
- <sequence>
- <element ref="ds:Signature" minOccurs="0"/>
- <element ref="md:Extensions" minOccurs="0"/>
- <choice minOccurs="1" maxOccurs="unbounded">
- <element ref="md:EntityDescriptor"/>
- <element ref="md:EntitiesDescriptor"/>
- </choice>
- </sequence>
- <attribute name="validUntil" type="dateTime" use="optional"/>
- <attribute name="cacheDuration" type="duration" use="optional"/>
- <attribute name="ID" type="ID" use="optional"/>
- <attribute name="Name" type="string" use="optional"/>
- </complexType>
-
- <element name="EntityDescriptor" type="md:EntityDescriptorType"/>
- <complexType name="EntityDescriptorType">
- <sequence>
- <element ref="ds:Signature" minOccurs="0"/>
- <element ref="md:Extensions" minOccurs="0"/>
- <choice>
- <choice maxOccurs="unbounded">
- <element ref="md:RoleDescriptor"/>
- <element ref="md:IDPSSODescriptor"/>
- <element ref="md:SPSSODescriptor"/>
- <element ref="md:AuthnAuthorityDescriptor"/>
- <element ref="md:AttributeAuthorityDescriptor"/>
- <element ref="md:PDPDescriptor"/>
- </choice>
- <element ref="md:AffiliationDescriptor"/>
- </choice>
- <element ref="md:Organization" minOccurs="0"/>
- <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="entityID" type="md:entityIDType" use="required"/>
- <attribute name="validUntil" type="dateTime" use="optional"/>
- <attribute name="cacheDuration" type="duration" use="optional"/>
- <attribute name="ID" type="ID" use="optional"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </complexType>
-
- <element name="Organization" type="md:OrganizationType"/>
- <complexType name="OrganizationType">
- <sequence>
- <element ref="md:Extensions" minOccurs="0"/>
- <element ref="md:OrganizationName" maxOccurs="unbounded"/>
- <element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/>
- <element ref="md:OrganizationURL" maxOccurs="unbounded"/>
- </sequence>
- <anyAttribute namespace="##other" processContents="lax"/>
- </complexType>
- <element name="OrganizationName" type="md:localizedNameType"/>
- <element name="OrganizationDisplayName" type="md:localizedNameType"/>
- <element name="OrganizationURL" type="md:localizedURIType"/>
- <element name="ContactPerson" type="md:ContactType"/>
- <complexType name="ContactType">
- <sequence>
- <element ref="md:Extensions" minOccurs="0"/>
- <element ref="md:Company" minOccurs="0"/>
- <element ref="md:GivenName" minOccurs="0"/>
- <element ref="md:SurName" minOccurs="0"/>
- <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="contactType" type="md:ContactTypeType" use="required"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </complexType>
- <element name="Company" type="string"/>
- <element name="GivenName" type="string"/>
- <element name="SurName" type="string"/>
- <element name="EmailAddress" type="anyURI"/>
- <element name="TelephoneNumber" type="string"/>
- <simpleType name="ContactTypeType">
- <restriction base="string">
- <enumeration value="technical"/>
- <enumeration value="support"/>
- <enumeration value="administrative"/>
- <enumeration value="billing"/>
- <enumeration value="other"/>
- </restriction>
- </simpleType>
-
- <element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/>
- <complexType name="AdditionalMetadataLocationType">
- <simpleContent>
- <extension base="anyURI">
- <attribute name="namespace" type="anyURI" use="required"/>
- </extension>
- </simpleContent>
- </complexType>
-
- <element name="RoleDescriptor" type="md:RoleDescriptorType"/>
- <complexType name="RoleDescriptorType" abstract="true">
- <sequence>
- <element ref="ds:Signature" minOccurs="0"/>
- <element ref="md:Extensions" minOccurs="0"/>
- <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="md:Organization" minOccurs="0"/>
- <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="ID" type="ID" use="optional"/>
- <attribute name="validUntil" type="dateTime" use="optional"/>
- <attribute name="cacheDuration" type="duration" use="optional"/>
- <attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/>
- <attribute name="errorURL" type="anyURI" use="optional"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </complexType>
- <simpleType name="anyURIListType">
- <list itemType="anyURI"/>
- </simpleType>
-
- <element name="KeyDescriptor" type="md:KeyDescriptorType"/>
- <complexType name="KeyDescriptorType">
- <sequence>
- <element ref="ds:KeyInfo"/>
- <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="use" type="md:KeyTypes" use="optional"/>
- </complexType>
- <simpleType name="KeyTypes">
- <restriction base="string">
- <enumeration value="encryption"/>
- <enumeration value="signing"/>
- </restriction>
- </simpleType>
- <element name="EncryptionMethod" type="xenc:EncryptionMethodType"/>
-
- <complexType name="SSODescriptorType" abstract="true">
- <complexContent>
- <extension base="md:RoleDescriptorType">
- <sequence>
- <element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
- <element name="ArtifactResolutionService" type="md:IndexedEndpointType"/>
- <element name="SingleLogoutService" type="md:EndpointType"/>
- <element name="ManageNameIDService" type="md:EndpointType"/>
- <element name="NameIDFormat" type="anyURI"/>
-
- <element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/>
- <complexType name="IDPSSODescriptorType">
- <complexContent>
- <extension base="md:SSODescriptorType">
- <sequence>
- <element ref="md:SingleSignOnService" maxOccurs="unbounded"/>
- <element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>
- </extension>
- </complexContent>
- </complexType>
- <element name="SingleSignOnService" type="md:EndpointType"/>
- <element name="NameIDMappingService" type="md:EndpointType"/>
- <element name="AssertionIDRequestService" type="md:EndpointType"/>
- <element name="AttributeProfile" type="anyURI"/>
-
- <element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>
- <complexType name="SPSSODescriptorType">
- <complexContent>
- <extension base="md:SSODescriptorType">
- <sequence>
- <element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>
- <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>
- <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
- </extension>
- </complexContent>
- </complexType>
- <element name="AssertionConsumerService" type="md:IndexedEndpointType"/>
- <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>
- <complexType name="AttributeConsumingServiceType">
- <sequence>
- <element ref="md:ServiceName" maxOccurs="unbounded"/>
- <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="md:RequestedAttribute" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="index" type="unsignedShort" use="required"/>
- <attribute name="isDefault" type="boolean" use="optional"/>
- </complexType>
- <element name="ServiceName" type="md:localizedNameType"/>
- <element name="ServiceDescription" type="md:localizedNameType"/>
- <element name="RequestedAttribute" type="md:RequestedAttributeType"/>
- <complexType name="RequestedAttributeType">
- <complexContent>
- <extension base="saml:AttributeType">
- <attribute name="isRequired" type="boolean" use="optional"/>
- </extension>
- </complexContent>
- </complexType>
-
- <element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>
- <complexType name="AuthnAuthorityDescriptorType">
- <complexContent>
- <extension base="md:RoleDescriptorType">
- <sequence>
- <element ref="md:AuthnQueryService" maxOccurs="unbounded"/>
- <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
- <element name="AuthnQueryService" type="md:EndpointType"/>
-
- <element name="PDPDescriptor" type="md:PDPDescriptorType"/>
- <complexType name="PDPDescriptorType">
- <complexContent>
- <extension base="md:RoleDescriptorType">
- <sequence>
- <element ref="md:AuthzService" maxOccurs="unbounded"/>
- <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
- <element name="AuthzService" type="md:EndpointType"/>
-
- <element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/>
- <complexType name="AttributeAuthorityDescriptorType">
- <complexContent>
- <extension base="md:RoleDescriptorType">
- <sequence>
- <element ref="md:AttributeService" maxOccurs="unbounded"/>
- <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
- <element name="AttributeService" type="md:EndpointType"/>
-
- <element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>
- <complexType name="AffiliationDescriptorType">
- <sequence>
- <element ref="ds:Signature" minOccurs="0"/>
- <element ref="md:Extensions" minOccurs="0"/>
- <element ref="md:AffiliateMember" maxOccurs="unbounded"/>
- <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/>
- <attribute name="validUntil" type="dateTime" use="optional"/>
- <attribute name="cacheDuration" type="duration" use="optional"/>
- <attribute name="ID" type="ID" use="optional"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </complexType>
- <element name="AffiliateMember" type="md:entityIDType"/>
-</schema>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<schema
- targetNamespace="urn:oasis:names:tc:SAML:metadata:extension"
- xmlns="http://www.w3.org/2001/XMLSchema"
- xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
- xmlns:mdext="urn:oasis:names:tc:SAML:metadata:extension"
- elementFormDefault="unqualified"
- attributeFormDefault="unqualified"
- blockDefault="substitution"
- version="1.0">
-
- <annotation>
- <documentation>
- Document title: SAML Metadata Extension Schema for Standalone Attribute Requester
- Document identifier: saml-schema-metadata-ext.xsd
- Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
- Revision history: CD
- </documentation>
- </annotation>
-
- <import namespace="urn:oasis:names:tc:SAML:2.0:metadata"
- schemaLocation="saml-schema-metadata-2.0.xsd"/>
-
- <complexType name="AttributeRequesterDescriptorType">
- <complexContent>
- <extension base="md:RoleDescriptorType">
- <sequence>
- <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
- </extension>
- </complexContent>
- </complexType>
-
-</schema>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema targetNamespace="urn:mace:shibboleth:arp:1.0" xmlns:arp="urn:mace:shibboleth:arp:1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
- <xs:simpleType name="RequireType">
- <xs:restriction base="xs:string">
- <xs:enumeration value="deny"/>
- <xs:enumeration value="permit"/>
- </xs:restriction>
- </xs:simpleType>
- <xs:simpleType name="MatchesType">
- <xs:restriction base="xs:string">
- <xs:enumeration value="any"/>
- <xs:enumeration value="all"/>
- <xs:enumeration value="none"/>
- </xs:restriction>
- </xs:simpleType>
- <xs:complexType name="AttributeType">
- <xs:sequence>
- <xs:element name="AnyValue" minOccurs="0">
- <xs:complexType>
- <xs:attribute name="release" type="arp:RequireType" use="required"/>
- </xs:complexType>
- </xs:element>
- <xs:element name="Value" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType mixed="true">
- <xs:sequence minOccurs="0">
- <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="matchFunction" type="xs:anyURI" default="urn:mace:shibboleth:arp:matchFunction:stringMatch"/>
- <xs:attribute name="release" type="arp:RequireType" use="required"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="name" type="xs:anyURI" use="required"/>
- <xs:attribute name="identifier" type="xs:anyURI" use="optional"/>
- </xs:complexType>
- <xs:element name="AttributeReleasePolicy">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Description" type="xs:string" minOccurs="0"/>
- <xs:sequence>
- <xs:element name="Rule" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Description" type="xs:string" minOccurs="0"/>
- <xs:element name="Constraint" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType mixed="true">
- <xs:sequence minOccurs="0">
- <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="attributeName" type="xs:string" use="required"/>
- <xs:attribute name="matchFunction" type="xs:anyURI" default="urn:mace:shibboleth:arp:matchFunction:stringMatch"/>
- <xs:attribute name="matches" type="arp:MatchesType" default="any"/>
- </xs:complexType>
- </xs:element>
- <xs:element name="Target">
- <xs:complexType>
- <xs:choice>
- <xs:element name="AnyTarget">
- <xs:complexType/>
- </xs:element>
- <xs:sequence minOccurs="1" maxOccurs="unbounded">
- <xs:element name="Requester">
- <xs:complexType>
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="matchFunction" type="xs:anyURI" default="urn:mace:shibboleth:arp:matchFunction:stringMatch"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:choice>
- </xs:complexType>
- </xs:element>
- <xs:sequence>
- <xs:element name="Attribute" type="arp:AttributeType" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element name="AttributeReference" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:attribute name="identifier" type="xs:anyURI" use="required"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:sequence>
- <xs:attribute name="identifier" type="xs:anyURI" use="optional"/>
- </xs:complexType>
- </xs:element>
- <xs:element name="RuleReference" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:attribute name="identifier" type="xs:anyURI" use="required"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- <xs:element name="Attribute" type="arp:AttributeType" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-</xs:schema>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema
- targetNamespace="urn:mace:shibboleth:idp:config:1.0"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:credentials="urn:mace:shibboleth:credentials:1.0"
- xmlns:namemapper="urn:mace:shibboleth:namemapper:1.0"
- xmlns:idp="urn:mace:shibboleth:idp:config:1.0"
- elementFormDefault="qualified"
- attributeFormDefault="unqualified">
-
- <xs:import namespace="urn:mace:shibboleth:credentials:1.0" schemaLocation="credentials.xsd"/>
- <xs:import namespace="urn:mace:shibboleth:namemapper:1.0" schemaLocation="namemapper.xsd"/>
-
- <xs:simpleType name="LevelType">
- <xs:restriction base="xs:string">
- <xs:enumeration value="OFF"/>
- <xs:enumeration value="FATAL"/>
- <xs:enumeration value="ERROR"/>
- <xs:enumeration value="WARN"/>
- <xs:enumeration value="INFO"/>
- <xs:enumeration value="DEBUG"/>
- </xs:restriction>
- </xs:simpleType>
-
- <xs:complexType name="LogWithLevels">
- <xs:attribute name="location" type="xs:anyURI" use="required" />
- <xs:attribute name="level" type="idp:LevelType" use="optional" />
- </xs:complexType>
-
- <xs:simpleType name="Log4JConfigType">
- <xs:restriction base="xs:string">
- <xs:enumeration value="properties"/>
- <xs:enumeration value="xml"/>
- </xs:restriction>
- </xs:simpleType>
-
- <xs:complexType name="RelyingPartyType">
- <xs:attribute name="providerId" type="xs:anyURI" use="optional"/>
- <xs:attribute name="signingCredential" type="xs:string" use="optional"/>
- <xs:attribute name="passThruErrors" type="xs:boolean" use="optional"/>
- <xs:attribute name="forceAttributePush" type="xs:boolean" use="optional"/>
- <xs:attribute name="signAssertions" type="xs:boolean" use="optional"/>
- <xs:attribute name="forceAttributeNoPush" type="xs:boolean" use="optional"/>
- <xs:attribute name="singleAssertion" type="xs:boolean" use="optional"/>
- <xs:attribute name="defaultToPOSTProfile" type="xs:boolean" use="optional"/>
- <xs:attribute name="preferredArtifactType" type="xs:integer" use="optional"/>
- <xs:attribute name="defaultTarget" type="xs:string" use="optional"/>
- <xs:attribute name="defaultNameID" type="xs:string" use="optional"/>
- </xs:complexType>
-
- <xs:element name="IdPConfig">
- <xs:complexType>
- <xs:sequence>
- <xs:sequence>
- <xs:element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="idp:RelyingPartyType">
- <xs:attribute name="name" type="xs:string" use="required"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- <xs:element name="AnonymousRelyingParty" type="idp:RelyingPartyType" minOccurs="0" maxOccurs="1" />
- <xs:element name="DefaultRelyingParty" type="idp:RelyingPartyType" minOccurs="0" maxOccurs="1" />
- <xs:element name="ReleasePolicyEngine" minOccurs="0">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="ArpRepository">
- <xs:complexType>
- <xs:sequence>
- <xs:any namespace="##any" processContents="lax" minOccurs="0"
- maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="implementation" type="xs:string" use="required"/>
- <xs:anyAttribute namespace="##any" processContents="lax"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="Logging" minOccurs="0" maxOccurs="1">
- <xs:complexType>
- <xs:choice>
- <xs:sequence>
- <xs:element name="ErrorLog" type="idp:LogWithLevels" minOccurs="0" maxOccurs="1" />
- <xs:element name="TransactionLog" type="idp:LogWithLevels" minOccurs="0"
- maxOccurs="1" />
- </xs:sequence>
- <xs:element name="Log4JConfig">
- <xs:complexType>
- <xs:attribute name="type" type="idp:Log4JConfigType" use="optional"
- default="properties" />
- <xs:attribute name="location" type="xs:anyURI" use="required" />
- </xs:complexType>
- </xs:element>
- </xs:choice>
- </xs:complexType>
- </xs:element>
- <xs:element name="ArtifactMapper" minOccurs="0" maxOccurs="1">
- <xs:complexType>
- <xs:sequence>
- <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="implementation" type="xs:string" use="required"/>
- <xs:anyAttribute namespace="##any" processContents="lax"/>
- </xs:complexType>
- </xs:element>
- <xs:element ref="credentials:Credentials"/>
- <xs:element name="ProtocolHandler" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Location" type="xs:string" minOccurs="1" maxOccurs="unbounded" />
- <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="implementation" type="xs:string" use="optional" />
- <xs:attribute name="type" type="xs:string" use="optional" />
- <xs:anyAttribute namespace="##any" processContents="lax"/>
- </xs:complexType>
- </xs:element>
- <xs:element name="MetadataProvider" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="type" type="xs:string" use="required" />
- <xs:anyAttribute namespace="##any" processContents="lax"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
-</xs:schema>
+++ /dev/null
-<?xml version="1.0" encoding="US-ASCII"?>
-<schema targetNamespace="urn:mace:shibboleth:metadata:1.0"
- xmlns="http://www.w3.org/2001/XMLSchema"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- elementFormDefault="unqualified"
- attributeFormDefault="unqualified"
- version="1.0">
-
- <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
-
- <element name="Scope">
- <annotation>
- <documentation>
- SAML metadata extension used to regulate allowable attribute scopes.
- </documentation>
- </annotation>
- <complexType>
- <simpleContent>
- <extension base="string">
- <attribute name="regexp" type="boolean" use="optional" default="false"/>
- </extension>
- </simpleContent>
- </complexType>
- </element>
-
- <element name="KeyAuthority">
- <complexType>
- <annotation>
- <documentation>
- Binds keying authorities to the system entity/entities to which the enclosing
- metadata element applies.
- </documentation>
- </annotation>
- <sequence>
- <element ref="ds:KeyInfo" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="VerifyDepth" type="unsignedByte" use="optional" default="1"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </complexType>
- </element>
-
-</schema>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema targetNamespace="urn:mace:shibboleth:resolver:1.0"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:resolver="urn:mace:shibboleth:resolver:1.0"
- xmlns:credentials="urn:mace:shibboleth:credentials:1.0"
- elementFormDefault="qualified" attributeFormDefault="unqualified">
- <xs:import namespace="urn:mace:shibboleth:credentials:1.0"
- schemaLocation="credentials.xsd"/>
- <xs:element name="AttributeResolver">
- <xs:complexType>
- <xs:choice minOccurs="1" maxOccurs="unbounded">
- <xs:element name="SimpleAttributeDefinition" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="resolver:BaseAttributeDefinition">
- <xs:attribute name="sourceName" type="xs:string" use="optional"/>
- <xs:attribute name="smartScope" type="xs:string" use="optional"/>
- <xs:attribute name="valueHandler" type="xs:string" use="optional"/>
- <xs:attribute name="allowEmpty" type="xs:boolean" use="optional"/>
- <xs:attribute name="downCase" type="xs:boolean" use="optional"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:element name="SAML2PersistentID" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="resolver:BaseAttributeDefinition">
- <xs:sequence>
- <xs:element name="Salt">
- <xs:complexType>
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="keyStorePath" type="xs:string" use="optional"/>
- <xs:attribute name="keyStoreKeyAlias" type="xs:string"
- use="optional"/>
- <xs:attribute name="keyStorePassword" type="xs:string"
- use="optional"/>
- <xs:attribute name="keyStoreKeyPassword" type="xs:string"
- use="optional"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="sourceName" type="xs:string" use="optional"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:element name="PersistentIDAttributeDefinition" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="resolver:BaseAttributeDefinition">
- <xs:sequence>
- <xs:element name="Salt">
- <xs:complexType>
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="keyStorePath" type="xs:string" use="optional"/>
- <xs:attribute name="keyStoreKeyAlias" type="xs:string"
- use="optional"/>
- <xs:attribute name="keyStorePassword" type="xs:string"
- use="optional"/>
- <xs:attribute name="keyStoreKeyPassword" type="xs:string"
- use="optional"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="sourceName" type="xs:string" use="optional"/>
- <xs:attribute name="scope" type="xs:string" use="required"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:element name="RegExAttributeDefinition">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="resolver:BaseAttributeDefinition">
- <xs:attribute name="sourceName" type="xs:string" use="optional"/>
- <xs:attribute name="regex" type="xs:string" use="required"/>
- <xs:attribute name="replacement" type="xs:string" use="required"/>
- <xs:attribute name="ignoreCase" type="xs:boolean" use="optional" default="false"/>
- <xs:attribute name="partialMatch" type="xs:boolean" use="optional" default="false"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:element name="FormattedAttributeDefinition">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="resolver:BaseAttributeDefinition">
- <xs:sequence>
- <xs:element name="Source" type="resolver:FormatType"/>
- <xs:element name="Target" type="resolver:FormatType"/>
- </xs:sequence>
- <xs:attribute name="sourceName" type="xs:string" use="optional"/>
- <xs:attribute name="skipIfSameFormat" type="xs:boolean" use="optional" default="false"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:element name="CompositeAttributeDefinition">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="resolver:BaseAttributeDefinition">
- <xs:attribute name="format" type="xs:string" use="optional"/>
- <xs:attribute name="orderedSourceNames" type="xs:string" use="required"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:element name="MappedAttributeDefinition">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="resolver:BaseAttributeDefinition">
- <xs:sequence>
- <xs:element name="ValueMap" maxOccurs="unbounded">
- <xs:complexType>
- <xs:attribute name="value" type="xs:string" use="required"/>
- <xs:attribute name="keyset" type="xs:string" use="required"/>
- <xs:attribute name="separator" type="xs:string" use="optional" default=","/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="sourceName" type="xs:string" use="optional"/>
- <xs:attribute name="ignoreCase" type="xs:boolean" use="optional" default="false"/>
- <xs:attribute name="defaultValue" type="xs:string" use="optional"/>
- <xs:attribute name="regex" type="xs:boolean" use="optional" default="false"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:element name="ScriptletAttributeDefinition" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="resolver:BaseAttributeDefinition">
- <xs:sequence>
- <xs:element name="Scriptlet" type="xs:string" minOccurs="1" maxOccurs="1"/>
- </xs:sequence>
- <xs:attribute name="sourceName" type="xs:string" use="optional"/>
- <xs:attribute name="valueHandler" type="xs:string" use="optional"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:element name="CustomAttributeDefinition" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="resolver:BaseAttributeDefinition">
- <xs:sequence minOccurs="0" maxOccurs="unbounded">
- <xs:any namespace="##other" processContents="lax" minOccurs="0"
- maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="class" type="xs:string" use="required"/>
- <xs:anyAttribute namespace="##any" processContents="lax"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:element name="CustomDataConnector" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="resolver:BaseDataConnector">
- <xs:sequence>
- <xs:any namespace="##other" processContents="lax" minOccurs="0"
- maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="class" type="xs:string" use="required"/>
- <xs:anyAttribute namespace="##any" processContents="lax"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:element name="StaticDataConnector" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="resolver:BaseDataConnector">
- <xs:sequence minOccurs="1" maxOccurs="unbounded">
- <xs:element name="Attribute">
- <xs:complexType>
- <xs:sequence minOccurs="1" maxOccurs="unbounded">
- <xs:element name="Value" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="name" type="xs:string" use="required"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:element name="JNDIDirectoryDataConnector" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="resolver:BaseDataConnector">
- <xs:sequence>
- <xs:element ref="credentials:Credential" minOccurs="0" maxOccurs="1"/>
- <xs:element name="Search">
- <xs:complexType>
- <xs:sequence minOccurs="0">
- <xs:element name="Controls">
- <xs:complexType>
- <xs:sequence minOccurs="0" maxOccurs="unbounded">
- <xs:element name="ReturnAttribute" minOccurs="1" maxOccurs="1"/>
- </xs:sequence>
- <xs:attribute name="searchScope" type="xs:string"
- use="optional"/>
- <xs:attribute name="timeLimit" type="xs:int" use="optional"/>
- <xs:attribute name="returningObjects" type="xs:boolean"
- use="optional"/>
- <xs:attribute name="linkDereferencing" type="xs:boolean"
- use="optional"/>
- <xs:attribute name="countLimit" type="xs:long" use="optional"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="filter" type="xs:string" use="required"/>
- </xs:complexType>
- </xs:element>
- <xs:element name="Property" maxOccurs="unbounded">
- <xs:complexType>
- <xs:attribute name="name" type="xs:string" use="required"/>
- <xs:attribute name="value" type="xs:string" use="required"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="useStartTls" type="xs:boolean" use="optional" default="false"/>
- <xs:attribute name="mergeMultipleResults" type="xs:boolean" use="optional"
- default="false"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:element name="JDBCDataConnector" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="resolver:BaseDataConnector">
- <xs:sequence>
- <xs:element name="Query" type="xs:string"/>
- <xs:element name="AttributeExtractor" minOccurs="0">
- <xs:complexType>
- <xs:attribute name="class" type="xs:string" use="required"/>
- </xs:complexType>
- </xs:element>
- <xs:element name="StatementCreator"
- minOccurs="0">
- <xs:complexType>
- <xs:sequence minOccurs="0" maxOccurs="unbounded">
- <xs:element name="Parameter" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:attribute name="type" type="xs:string" use="optional"/>
- <xs:attribute name="attributeName" type="xs:string" use="required"/>
- <xs:attribute name="connectorId" type="xs:string" use="optional"/>
- <xs:attribute name="nullMissing" type="xs:boolean" use="optional"/>
- </xs:complexType>
- </xs:element>
- <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="class" type="xs:string" use="optional"/>
- <xs:anyAttribute namespace="##any" processContents="lax"/>
- </xs:complexType>
- </xs:element>
- <xs:element name="Property" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:attribute name="name" type="xs:string" use="required"/>
- <xs:attribute name="value" type="xs:string" use="required"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="dbURL" type="xs:string" use="required"/>
- <xs:attribute name="dbDriver" type="xs:string" use="optional"/>
- <xs:attribute name="validationQuery" type="xs:string" use="optional"
- default="select 1"/>
- <xs:attribute name="maxActive" type="xs:integer" use="optional"/>
- <xs:attribute name="maxIdle" type="xs:integer" use="optional"/>
- <xs:attribute name="maxWait" type="xs:integer" use="optional"/>
- <xs:attribute name="minResultSet" type="xs:integer" use="optional"/>
- <xs:attribute name="maxResultSet" type="xs:integer" use="optional"/>
- <xs:attribute name="retryInterval" type="xs:integer" use="optional"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- </xs:choice>
- </xs:complexType>
- </xs:element>
- <xs:complexType name="BaseAttributeDefinition">
- <xs:complexContent>
- <xs:extension base="resolver:BaseResolutionPlugIn">
- <xs:attribute name="lifeTime" type="xs:long" use="optional"/>
- <xs:attribute name="namespace" type="xs:string" use="optional"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- <xs:complexType name="BaseDataConnector">
- <xs:complexContent>
- <xs:extension base="resolver:BaseResolutionPlugIn">
- <xs:sequence>
- <xs:element name="FailoverDependency" minOccurs="0">
- <xs:complexType>
- <xs:attribute name="requires" type="xs:string"
- use="required"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- <xs:complexType name="BaseResolutionPlugIn">
- <xs:choice minOccurs="0" maxOccurs="unbounded">
- <xs:element name="DataConnectorDependency">
- <xs:complexType>
- <xs:attribute name="requires" type="xs:string"
- use="required"/>
- </xs:complexType>
- </xs:element>
- <xs:element name="AttributeDependency">
- <xs:complexType>
- <xs:attribute name="requires" type="xs:string"
- use="required"/>
- </xs:complexType>
- </xs:element>
- </xs:choice>
- <xs:attribute name="id" type="xs:string" use="required"/>
- <xs:attribute name="cacheTime" type="xs:string" use="optional"/>
- <xs:attribute name="propagateErrors" type="xs:boolean" use="optional"
- default="true"/>
- </xs:complexType>
- <xs:complexType name="FormatType">
- <xs:attribute name="format" type="xs:string" use="required"/>
- <xs:attribute name="pattern" type="xs:string" use="required"/>
-</xs:complexType>
-</xs:schema>
+++ /dev/null
-<?xml version="1.0" encoding="US-ASCII"?>
-<schema targetNamespace="urn:mace:shibboleth:1.0"
- xmlns="http://www.w3.org/2001/XMLSchema"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- xmlns:xml="http://www.w3.org/XML/1998/namespace"
- xmlns:shib="urn:mace:shibboleth:1.0"
- elementFormDefault="qualified"
- attributeFormDefault="unqualified"
- version="1.3">
-
- <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
- <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
-
- <!-- Status-Related Information -->
-
- <!--
- The following SAML sub-status codes are defined in this namespace:
-
- "InvalidHandle"
- Used with samlp:Requester, signals AA did not recognize handle as valid
- -->
-
- <!--
- Relaxes SAML AttributeValue type definition. Xerces-C has a bug that prevents
- anyAttribute content appearing on anyType. It works in 2.2 but not in later versions.
- -->
-
- <complexType name="AttributeValueType" mixed="true">
- <annotation>
- <documentation xml:lang="en">
- By convention, all Shibboleth 1.1 origin attribute values carry this unconstrained xsi:type.
- </documentation>
- </annotation>
- <complexContent>
- <extension base="anyType"/>
- </complexContent>
- </complexType>
-
- <!-- Attribute Acceptance Policies -->
-
- <simpleType name="AttributeRuleValueType">
- <restriction base="string">
- <enumeration value="literal"/>
- <enumeration value="regexp"/>
- <enumeration value="xpath"/>
- </restriction>
- </simpleType>
-
- <complexType name="SiteRuleType">
- <sequence>
- <element name="Scope" minOccurs="0" maxOccurs="unbounded">
- <complexType>
- <simpleContent>
- <extension base="string">
- <attribute name="Accept" type="boolean" use="optional" default="true"/>
- <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </extension>
- </simpleContent>
- </complexType>
- </element>
- <choice minOccurs="0">
- <element name="AnyValue">
- <complexType>
- <sequence/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </complexType>
- </element>
- <element name="Value" maxOccurs="unbounded">
- <complexType>
- <simpleContent>
- <extension base="string">
- <attribute name="Accept" type="boolean" use="optional" default="true"/>
- <attribute name="Type" type="shib:AttributeRuleValueType" use="optional" default="literal"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </extension>
- </simpleContent>
- </complexType>
- </element>
- </choice>
- </sequence>
- </complexType>
-
- <element name="AnySite" type="shib:SiteRuleType"/>
- <element name="SiteRule">
- <complexType>
- <complexContent>
- <extension base="shib:SiteRuleType">
- <attribute name="Name" type="string" use="required"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </extension>
- </complexContent>
- </complexType>
- </element>
-
- <complexType name="AttributeRuleType">
- <sequence>
- <element ref="shib:AnySite" minOccurs="0"/>
- <element ref="shib:SiteRule" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Name" type="string" use="required"/>
- <attribute name="Namespace" type="string" use="optional"/>
- <attribute name="Alias" type="string" use="optional"/>
- <attribute name="Header" type="string" use="optional"/>
- <attribute name="Scoped" type="boolean" use="optional" default="false"/>
- <attribute name="CaseSensitive" type="boolean" use="optional" default="true"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </complexType>
-
- <element name="AttributeRule" type="shib:AttributeRuleType">
- <key name="SiteRuleKey">
- <selector xpath="./shib:SiteRule"/>
- <field xpath="@Name"/>
- </key>
- </element>
-
- <element name="AttributeAcceptancePolicy">
- <complexType>
- <sequence>
- <element name="AnyAttribute" minOccurs="0">
- <complexType>
- <sequence/>
- </complexType>
- </element>
- <element ref="shib:AttributeRule" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <anyAttribute namespace="##other" processContents="lax"/>
- </complexType>
- </element>
-
-
- <!-- Shibboleth Metadata -->
-
- <complexType name="SiteType">
- <annotation>
- <documentation xml:lang="en">All sites have a Name attribute, plus optional i18n-ized aliases.</documentation>
- </annotation>
- <sequence>
- <element name="Alias" minOccurs="0" maxOccurs="unbounded">
- <complexType>
- <simpleContent>
- <extension base="string">
- <attribute ref="xml:lang"/>
- </extension>
- </simpleContent>
- </complexType>
- </element>
- <element name="Contact" type="shib:ContactType" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Name" type="string" use="required"/>
- <attribute name="ErrorURL" type="anyURI" use="optional"/>
- <anyAttribute namespace="##any" processContents="lax"/>
- </complexType>
-
- <simpleType name="ContactTypeType">
- <restriction base="string">
- <enumeration value="technical"/>
- <enumeration value="support"/>
- <enumeration value="administrative"/>
- <enumeration value="billing"/>
- <enumeration value="other"/>
- </restriction>
- </simpleType>
-
- <complexType name="ContactType">
- <annotation><documentation xml:lang="en">A human contact for a site.</documentation></annotation>
- <sequence/>
- <attribute name="Type" type="shib:ContactTypeType" use="required"/>
- <attribute name="Name" type="string" use="required"/>
- <attribute name="Email" type="string" use="optional"/>
- </complexType>
-
- <complexType name="regexp_string">
- <annotation>
- <documentation xml:lang="en">A string element with an optional attribute signaling regexp content.</documentation>
- </annotation>
- <simpleContent>
- <extension base="string">
- <attribute name="regexp" type="boolean" use="optional" default="false"/>
- </extension>
- </simpleContent>
- </complexType>
-
- <complexType name="AuthorityType">
- <annotation>
- <documentation xml:lang="en">Metadata about a SAML authority.</documentation>
- </annotation>
- <sequence/>
- <attribute name="Name" type="string" use="required"/>
- <attribute name="Location" type="anyURI" use="required"/>
- <anyAttribute namespace="##any" processContents="lax"/>
- </complexType>
-
- <complexType name="OriginSiteType">
- <annotation>
- <documentation xml:lang="en">
- Origin sites add at least one handle service (with a name), plus optional domains trusted for attribute scoping.
- </documentation>
- </annotation>
- <complexContent>
- <extension base="shib:SiteType">
- <sequence>
- <element name="HandleService" type="shib:AuthorityType" maxOccurs="unbounded"/>
- <element name="AttributeAuthority" type="shib:AuthorityType" minOccurs="0" maxOccurs="unbounded"/>
- <element ref="shib:Domain" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
-
- <element name="Domain" type="shib:regexp_string">
- <annotation>
- <documentation xml:lang="en">A metadata extension used to regulate allowable attribute scopes.</documentation>
- </annotation>
- </element>
-
- <complexType name="DestinationSiteType">
- <annotation>
- <documentation xml:lang="en">
- Destination sites add at least one attribute requester (with a name).
- </documentation>
- </annotation>
- <complexContent>
- <extension base="shib:SiteType">
- <sequence>
- <element name="AssertionConsumerServiceURL" maxOccurs="unbounded">
- <complexType>
- <attribute name="Location" type="string" use="required"/>
- <attribute name="Id" type="string" use="optional"/>
- <anyAttribute namespace="##any" processContents="lax"/>
- </complexType>
- </element>
- <element name="AttributeRequester" maxOccurs="unbounded">
- <complexType>
- <attribute name="Name" type="string" use="required"/>
- <anyAttribute namespace="##any" processContents="lax"/>
- </complexType>
- </element>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
-
- <complexType name="SiteGroupType">
- <annotation>
- <documentation xml:lang="en">Used to logically group sites together, optionally signed.</documentation>
- </annotation>
- <sequence>
- <choice maxOccurs="unbounded">
- <element ref="shib:OriginSite"/>
- <element ref="shib:DestinationSite"/>
- <element ref="shib:SiteGroup"/>
- </choice>
- <element ref="ds:Signature" minOccurs="0"/>
- </sequence>
- <attribute name="Name" type="string" use="required"/>
- <attribute name="lastChanged" type="dateTime" use="optional"/>
- <attribute name="validUntil" type="dateTime" use="optional"/>
- <attribute name="cacheDuration" type="duration" use="optional"/>
- <anyAttribute namespace="##any" processContents="lax"/>
- </complexType>
-
- <element name="OriginSite" type="shib:OriginSiteType"/>
- <element name="DestinationSite" type="shib:DestinationSiteType"/>
- <element name="SiteGroup" type="shib:SiteGroupType"/>
-
-
- <!-- Old (pre 1.2) Trust Metadata -->
-
- <complexType name="KeyAuthorityType">
- <annotation>
- <documentation xml:lang="en">
- Binds a set of keying material to one or more named system entities.
- </documentation>
- </annotation>
- <sequence>
- <element ref="ds:KeyInfo"/>
- <element name="Subject" type="shib:regexp_string" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <anyAttribute namespace="##any" processContents="lax"/>
- </complexType>
- <element name="KeyAuthority" type="shib:KeyAuthorityType"/>
-
- <element name="Trust">
- <annotation>
- <documentation xml:lang="en">An optionally signed collection of KeyAuthority data.</documentation>
- </annotation>
- <complexType>
- <sequence>
- <element ref="shib:KeyAuthority" maxOccurs="unbounded"/>
- <element ref="ds:Signature" minOccurs="0"/>
- </sequence>
- <attribute name="lastChanged" type="dateTime" use="optional"/>
- <attribute name="validUntil" type="dateTime" use="optional"/>
- <attribute name="cacheDuration" type="duration" use="optional"/>
- <anyAttribute namespace="##any" processContents="lax"/>
- </complexType>
- </element>
-
-</schema>
+++ /dev/null
-<?xml version='1.0' encoding='UTF-8' ?>
-
-<!-- Schema for the SOAP/1.1 envelope
-
- This schema has been produced using W3C's SOAP Version 1.2 schema
- found at:
-
- http://www.w3.org/2001/06/soap-envelope
-
- Copyright 2001 Martin Gudgin, Developmentor.
-
- Changes made are the following:
- - reverted namespace to http://schemas.xmlsoap.org/soap/envelope/
- - reverted mustUnderstand to only allow 0 and 1 as lexical values
- - made encodingStyle a global attribute 20020825
-
- Further changes:
-
- - removed default value from mustUnderstand attribute declaration - 20030314
-
- Original copyright:
-
- Copyright 2001 W3C (Massachusetts Institute of Technology,
- Institut National de Recherche en Informatique et en Automatique,
- Keio University). All Rights Reserved.
- http://www.w3.org/Consortium/Legal/
-
- This document is governed by the W3C Software License [1] as
- described in the FAQ [2].
-
- [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
- [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
--->
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:tns="http://schemas.xmlsoap.org/soap/envelope/"
- targetNamespace="http://schemas.xmlsoap.org/soap/envelope/" >
-
-
- <!-- Envelope, header and body -->
- <xs:element name="Envelope" type="tns:Envelope" />
- <xs:complexType name="Envelope" >
- <xs:sequence>
- <xs:element ref="tns:Header" minOccurs="0" />
- <xs:element ref="tns:Body" minOccurs="1" />
- <xs:any namespace="##other" minOccurs="0" maxOccurs="unbounded" processContents="lax" />
- </xs:sequence>
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="Header" type="tns:Header" />
- <xs:complexType name="Header" >
- <xs:sequence>
- <xs:any namespace="##other" minOccurs="0" maxOccurs="unbounded" processContents="lax" />
- </xs:sequence>
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
- <xs:element name="Body" type="tns:Body" />
- <xs:complexType name="Body" >
- <xs:sequence>
- <xs:any namespace="##any" minOccurs="0" maxOccurs="unbounded" processContents="lax" />
- </xs:sequence>
- <xs:anyAttribute namespace="##any" processContents="lax" >
- <xs:annotation>
- <xs:documentation>
- Prose in the spec does not specify that attributes are allowed on the Body element
- </xs:documentation>
- </xs:annotation>
- </xs:anyAttribute>
- </xs:complexType>
-
-
- <!-- Global Attributes. The following attributes are intended to be usable via qualified attribute names on any complex type referencing them. -->
- <xs:attribute name="mustUnderstand" >
- <xs:simpleType>
- <xs:restriction base='xs:boolean'>
- <xs:pattern value='0|1' />
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- <xs:attribute name="actor" type="xs:anyURI" />
-
- <xs:simpleType name="encodingStyle" >
- <xs:annotation>
- <xs:documentation>
- 'encodingStyle' indicates any canonicalization conventions followed in the contents of the containing element. For example, the value 'http://schemas.xmlsoap.org/soap/encoding/' indicates the pattern described in SOAP specification
- </xs:documentation>
- </xs:annotation>
- <xs:list itemType="xs:anyURI" />
- </xs:simpleType>
-
- <xs:attribute name="encodingStyle" type="tns:encodingStyle" />
- <xs:attributeGroup name="encodingStyle" >
- <xs:attribute ref="tns:encodingStyle" />
- </xs:attributeGroup>
-
- <xs:element name="Fault" type="tns:Fault" />
- <xs:complexType name="Fault" final="extension" >
- <xs:annotation>
- <xs:documentation>
- Fault reporting structure
- </xs:documentation>
- </xs:annotation>
- <xs:sequence>
- <xs:element name="faultcode" type="xs:QName" />
- <xs:element name="faultstring" type="xs:string" />
- <xs:element name="faultactor" type="xs:anyURI" minOccurs="0" />
- <xs:element name="detail" type="tns:detail" minOccurs="0" />
- </xs:sequence>
- </xs:complexType>
-
- <xs:complexType name="detail">
- <xs:sequence>
- <xs:any namespace="##any" minOccurs="0" maxOccurs="unbounded" processContents="lax" />
- </xs:sequence>
- <xs:anyAttribute namespace="##any" processContents="lax" />
- </xs:complexType>
-
-</xs:schema>
-
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- v12_to_v11_trust.xsl
-
- XSL stylesheet converting a Shibboleth 1.2 trust metadata file into the equivalent for
- Shibboleth 1.1.
-
- Author: Ian A. Young <ian@iay.org.uk>
-
- $Id$
--->
-<xsl:stylesheet version="1.0"
- xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
- xmlns:shibb10="urn:mace:shibboleth:1.0"
- xmlns:trust10="urn:mace:shibboleth:trust:1.0"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- xmlns="urn:mace:shibboleth:1.0"
- exclude-result-prefixes="shibb10 trust10">
-
- <!--
- Version information for this file. Remember to peel off the dollar signs
- before dropping the text into another versioned file.
- -->
- <xsl:param name="cvsId">$Id$</xsl:param>
-
- <!--
- Add a comment to the start of the output file.
- -->
- <xsl:template match="/">
- <xsl:comment>
- <xsl:text> 	***DO NOT EDIT THIS FILE*** </xsl:text>
- <xsl:text>	Converted by: 	</xsl:text>
- <xsl:value-of select="substring-before(substring-after($cvsId, ': '), '$')"/>
- <xsl:text> </xsl:text>
- </xsl:comment>
- <xsl:apply-templates/>
- </xsl:template>
-
- <!--Force UTF-8 encoding for the output.-->
- <xsl:output omit-xml-declaration="no" method="xml" encoding="UTF-8" indent="yes"/>
-
- <!--trust10:Trust is the root element for the trust file. Process it by changing the default namespace used and recursing.-->
- <xsl:template match="trust10:Trust">
- <Trust>
- <!-- <xsl:apply-templates select="@*"/> -->
- <xsl:apply-templates/>
- </Trust>
- </xsl:template>
-
- <!--trust10:KeyAuthority appears in the trust file, and needs its namespace changing. After that, we need to reorder its nested elements a little.-->
- <xsl:template match="trust10:KeyAuthority">
- <KeyAuthority>
- <xsl:apply-templates select="ds:KeyInfo"/>
- <Subject>
- <xsl:value-of select="ds:KeyName"/>
- </Subject>
- </KeyAuthority>
- </xsl:template>
-
- <!--
- Generic recursive copy for ds:* elements.
-
- This works better than an xsl:copy-of because it does not copy across spurious
- namespace nodes.
- -->
- <xsl:template match="ds:*">
- <xsl:element name="{name()}">
- <xsl:apply-templates select="ds:* | text() | comment() | @*"/>
- </xsl:element>
- </xsl:template>
-
- <!--By default, copy text blocks, comments and attributes unchanged.-->
- <xsl:template match="text()|comment()|@*">
- <xsl:copy/>
- </xsl:template>
-
- <!--By default, copy all elements from the input to the output, along with their attributes and contents.-->
- <xsl:template match="*">
- <xsl:copy>
- <xsl:apply-templates select="node()|@*"/>
- </xsl:copy>
- </xsl:template>
-
-</xsl:stylesheet>
-
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-
- v13_to_v12_trust.xsl
-
- XSL stylesheet converting a SAML 2 metadata file describing a Shibboleth
- 1.3 federation into the equivalent Shibboleth 1.2 trust file.
-
- Author: Ian A. Young <ian@iay.org.uk>
-
- $Id$
--->
-<xsl:stylesheet version="1.0"
- xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0"
- xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns="urn:mace:shibboleth:trust:1.0"
- exclude-result-prefixes="shibmeta md">
-
- <!--
- Version information for this file. Remember to peel off the dollar signs
- before dropping the text into another versioned file.
- -->
- <xsl:param name="cvsId">$Id$</xsl:param>
-
- <!--
- Add a comment to the start of the output file.
- -->
- <xsl:template match="/">
- <xsl:comment>
- <xsl:text> 	***DO NOT EDIT THIS FILE*** </xsl:text>
- <xsl:text>	Converted by: 	</xsl:text>
- <xsl:value-of select="substring-before(substring-after($cvsId, ': '), '$')"/>
- <xsl:text> </xsl:text>
- </xsl:comment>
- <Trust>
- <xsl:attribute name="xsi:schemaLocation">
- <xsl:text>urn:mace:shibboleth:trust:1.0 shibboleth-trust-1.0.xsd </xsl:text>
- <xsl:text>http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd</xsl:text>
- </xsl:attribute>
- <xsl:apply-templates/>
- </Trust>
- </xsl:template>
-
- <!--Force UTF-8 encoding for the output.-->
- <xsl:output omit-xml-declaration="no" method="xml" encoding="UTF-8" indent="yes"/>
-
- <!--
- Extract a KeyAuthority extension from an EntitiesDescriptor.
- -->
- <xsl:template match="md:EntitiesDescriptor">
-
- <!-- extract KeyAuthority metadata, if any -->
- <xsl:if test="md:Extensions/shibmeta:KeyAuthority/ds:KeyInfo">
- <xsl:apply-templates select="md:Extensions/shibmeta:KeyAuthority">
- <xsl:with-param name="name" select="@Name"/>
- </xsl:apply-templates>
- </xsl:if>
-
- <!-- proceed to nested EntitiesDescriptor and EntityDescriptor elements -->
- <xsl:apply-templates select="md:EntitiesDescriptor | md:EntityDescriptor"/>
- </xsl:template>
-
- <!--
- Extract a KeyAuthority extension from an EntityDescriptor.
- -->
- <xsl:template match="md:EntityDescriptor">
- <!-- extract KeyAuthority metadata, if any -->
- <xsl:if test="md:Extensions/shibmeta:KeyAuthority/ds:KeyInfo">
- <xsl:apply-templates select="md:Extensions/shibmeta:KeyAuthority">
- <xsl:with-param name="name" select="@entityID"/>
- </xsl:apply-templates>
- </xsl:if>
- </xsl:template>
-
- <!--
- Map shibmeta:KeyAuthority to trust:KeyAuthority
- -->
- <xsl:template match="shibmeta:KeyAuthority">
- <xsl:param name="name"/>
- <KeyAuthority>
- <!-- copy across VerifyDepth attribute if present -->
- <xsl:apply-templates select="@VerifyDepth"/>
-
- <!-- generate KeyName -->
- <ds:KeyName>
- <xsl:value-of select="$name"/>
- </ds:KeyName>
-
- <!-- generate single output KeyInfo element -->
- <ds:KeyInfo>
- <!-- extract the insides of all KeyInfo elements in the input -->
- <xsl:apply-templates select="text() | comment() | ds:KeyInfo/* | ds:KeyInfo/comment() | ds:KeyInfo/text()"/>
- </ds:KeyInfo>
- </KeyAuthority>
- </xsl:template>
-
- <!--
- Generic recursive copy for ds:* elements.
-
- This works better than an xsl:copy-of because it does not copy across spurious
- namespace nodes.
- -->
- <xsl:template match="ds:*">
- <xsl:element name="{name()}">
- <xsl:apply-templates select="ds:* | text() | comment() | @*"/>
- </xsl:element>
- </xsl:template>
-
- <!--
- By default, copy referenced attributes through unchanged.
- -->
- <xsl:template match="@*">
- <xsl:attribute name="{name()}"><xsl:value-of select="."/></xsl:attribute>
- </xsl:template>
-
- <!--
- By default, copy comments and text nodes through to the output unchanged.
- -->
- <xsl:template match="text()|comment()">
- <xsl:copy/>
- </xsl:template>
-
-</xsl:stylesheet>
-
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Schema for the Shibboleth WAYF Service configuration file - Walter Hoehn - 06/14/2002 -->
-<xs:schema
- targetNamespace="urn:mace:shibboleth:wayf:config:1.0"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:wc="urn:mace:shibboleth:wayf:config:1.0"
- elementFormDefault="qualified">
-
- <xs:simpleType name="handleCookieType">
- <xs:restriction base="xs:string">
- <xs:enumeration value="AlwaysFollow"/>
- <xs:enumeration value="FollowSingle"/>
- <xs:enumeration value="NeverFollow"/>
- <xs:enumeration value="ClearCookie"/>
- </xs:restriction>
- </xs:simpleType>
-
- <xs:complexType name="configValues">
- <xs:sequence>
- <xs:element name="SearchIgnore" minOccurs="0" maxOccurs="1">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="IgnoreText" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="Federation" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:attribute name="identifier" use="required"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="location" type="xs:string" use="optional" />
- <xs:attribute name="default" type="xs:boolean" use="optional" />
- <xs:attribute name="jspFile" type="xs:string" use="optional" />
- <xs:attribute name="errorJspFile" type="xs:string" use="optional" />
- <xs:attribute name="provideListOfList" type="xs:boolean" use="optional" />
- <xs:attribute name="provideList" type="xs:boolean" use="optional" />
- <xs:attribute name="handleCookie" type="wc:handleCookieType" use="optional" />
- <xs:attribute name="showUnusableIdPs" type="xs:boolean" use="optional" />
- <xs:attribute name="cacheDomain" type="xs:string" use="optional"/>
- <xs:attribute name="cacheExpiration" type="xs:string" use="optional" />
- </xs:complexType>
-
- <xs:element name="WayfConfig" >
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Default" type="wc:configValues" minOccurs="0" maxOccurs="1" />
-
- <xs:element name="MetadataProvider" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
- <xs:attribute name="type" type="xs:string" use="required" />
- <xs:attribute name="displayName" type="xs:string" use="required" />
- <xs:attribute name="identifier" type="xs:string" use="required" />
- <xs:attribute name="uri" type="xs:string" use="required" />
- <xs:anyAttribute namespace="##other" processContents="lax" />
- </xs:complexType>
- </xs:element>
-
- <xs:element name="DiscoveryServiceHandler" type="wc:configValues" minOccurs="1" maxOccurs="unbounded" />
-
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-</xs:schema>
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>
-
-
-<schema xmlns='http://www.w3.org/2001/XMLSchema' version='1.0'
- xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
- xmlns:ds='http://www.w3.org/2000/09/xmldsig#'
- targetNamespace='http://www.w3.org/2001/04/xmlenc#'
- elementFormDefault='qualified'>
-
- <import namespace='http://www.w3.org/2000/09/xmldsig#' schemaLocation='xmldsig-core-schema.xsd'/>
-
- <complexType name='EncryptedType' abstract='true'>
- <sequence>
- <element name='EncryptionMethod' type='xenc:EncryptionMethodType'
- minOccurs='0'/>
- <element ref='ds:KeyInfo' minOccurs='0'/>
- <element ref='xenc:CipherData'/>
- <element ref='xenc:EncryptionProperties' minOccurs='0'/>
- </sequence>
- <attribute name='Id' type='ID' use='optional'/>
- <attribute name='Type' type='anyURI' use='optional'/>
- <attribute name='MimeType' type='string' use='optional'/>
- <attribute name='Encoding' type='anyURI' use='optional'/>
- </complexType>
-
- <complexType name='EncryptionMethodType' mixed='true'>
- <sequence>
- <element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/>
- <element name='OAEPparams' minOccurs='0' type='base64Binary'/>
- <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
- </sequence>
- <attribute name='Algorithm' type='anyURI' use='required'/>
- </complexType>
-
- <simpleType name='KeySizeType'>
- <restriction base="integer"/>
- </simpleType>
-
- <element name='CipherData' type='xenc:CipherDataType'/>
- <complexType name='CipherDataType'>
- <choice>
- <element name='CipherValue' type='base64Binary'/>
- <element ref='xenc:CipherReference'/>
- </choice>
- </complexType>
-
- <element name='CipherReference' type='xenc:CipherReferenceType'/>
- <complexType name='CipherReferenceType'>
- <choice>
- <element name='Transforms' type='xenc:TransformsType' minOccurs='0'/>
- </choice>
- <attribute name='URI' type='anyURI' use='required'/>
- </complexType>
-
- <complexType name='TransformsType'>
- <sequence>
- <element ref='ds:Transform' maxOccurs='unbounded'/>
- </sequence>
- </complexType>
-
-
- <element name='EncryptedData' type='xenc:EncryptedDataType'/>
- <complexType name='EncryptedDataType'>
- <complexContent>
- <extension base='xenc:EncryptedType'>
- </extension>
- </complexContent>
- </complexType>
-
- <!-- Children of ds:KeyInfo -->
-
- <element name='EncryptedKey' type='xenc:EncryptedKeyType'/>
- <complexType name='EncryptedKeyType'>
- <complexContent>
- <extension base='xenc:EncryptedType'>
- <sequence>
- <element ref='xenc:ReferenceList' minOccurs='0'/>
- <element name='CarriedKeyName' type='string' minOccurs='0'/>
- </sequence>
- <attribute name='Recipient' type='string'
- use='optional'/>
- </extension>
- </complexContent>
- </complexType>
-
- <element name="AgreementMethod" type="xenc:AgreementMethodType"/>
- <complexType name="AgreementMethodType" mixed="true">
- <sequence>
- <element name="KA-Nonce" minOccurs="0" type="base64Binary"/>
- <!-- <element ref="ds:DigestMethod" minOccurs="0"/> -->
- <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
- <element name="OriginatorKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
- <element name="RecipientKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
- <!-- End Children of ds:KeyInfo -->
-
- <element name='ReferenceList'>
- <complexType>
- <choice minOccurs='1' maxOccurs='unbounded'>
- <element name='DataReference' type='xenc:ReferenceType'/>
- <element name='KeyReference' type='xenc:ReferenceType'/>
- </choice>
- </complexType>
- </element>
-
- <complexType name='ReferenceType'>
- <sequence>
- <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
- </sequence>
- <attribute name='URI' type='anyURI' use='required'/>
- </complexType>
-
-
- <element name='EncryptionProperties' type='xenc:EncryptionPropertiesType'/>
- <complexType name='EncryptionPropertiesType'>
- <sequence>
- <element ref='xenc:EncryptionProperty' maxOccurs='unbounded'/>
- </sequence>
- <attribute name='Id' type='ID' use='optional'/>
- </complexType>
-
- <element name='EncryptionProperty' type='xenc:EncryptionPropertyType'/>
- <complexType name='EncryptionPropertyType' mixed='true'>
- <choice maxOccurs='unbounded'>
- <any namespace='##other' processContents='lax'/>
- </choice>
- <attribute name='Target' type='anyURI' use='optional'/>
- <attribute name='Id' type='ID' use='optional'/>
- <anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
- </complexType>
-
-</schema>
-
+++ /dev/null
-<?xml version='1.0'?>
-<xs:schema targetNamespace="http://www.w3.org/XML/1998/namespace" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:lang="en">
-
- <xs:annotation>
- <xs:documentation>
- See http://www.w3.org/XML/1998/namespace.html and
- http://www.w3.org/TR/REC-xml for information about this namespace.
- </xs:documentation>
- </xs:annotation>
-
- <xs:annotation>
- <xs:documentation>This schema defines attributes and an attribute group
- suitable for use by
- schemas wishing to allow xml:base, xml:lang or xml:space attributes
- on elements they define.
-
- To enable this, such a schema must import this schema
- for the XML namespace, e.g. as follows:
- <schema . . .>
- . . .
- <import namespace="http://www.w3.org/XML/1998/namespace"
- schemaLocation="http://www.w3.org/2001/03/xml.xsd"/>
-
- Subsequently, qualified reference to any of the attributes
- or the group defined below will have the desired effect, e.g.
-
- <type . . .>
- . . .
- <attributeGroup ref="xml:specialAttrs"/>
-
- will define a type which will schema-validate an instance
- element with any of those attributes</xs:documentation>
- </xs:annotation>
-
- <xs:annotation>
- <xs:documentation>In keeping with the XML Schema WG's standard versioning
- policy, this schema document will persist at
- http://www.w3.org/2001/03/xml.xsd.
- At the date of issue it can also be found at
- http://www.w3.org/2001/xml.xsd.
- The schema document at that URI may however change in the future,
- in order to remain compatible with the latest version of XML Schema
- itself. In other words, if the XML Schema namespace changes, the version
- of this document at
- http://www.w3.org/2001/xml.xsd will change
- accordingly; the version at
- http://www.w3.org/2001/03/xml.xsd will not change.
- </xs:documentation>
- </xs:annotation>
-
- <xs:attribute name="lang" type="xs:language">
- <xs:annotation>
- <xs:documentation>In due course, we should install the relevant ISO 2- and 3-letter
- codes as the enumerated possible values . . .</xs:documentation>
- </xs:annotation>
- </xs:attribute>
-
- <xs:attribute name="space" default="preserve">
- <xs:simpleType>
- <xs:restriction base="xs:NCName">
- <xs:enumeration value="default"/>
- <xs:enumeration value="preserve"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
-
- <xs:attribute name="base" type="xs:anyURI">
- <xs:annotation>
- <xs:documentation>See http://www.w3.org/TR/xmlbase/ for
- information about this attribute.</xs:documentation>
- </xs:annotation>
- </xs:attribute>
-
- <xs:attributeGroup name="specialAttrs">
- <xs:attribute ref="xml:base"/>
- <xs:attribute ref="xml:lang"/>
- <xs:attribute ref="xml:space"/>
- </xs:attributeGroup>
-
-</xs:schema>
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>
-
-<!-- Schema for XML Signatures
- http://www.w3.org/2000/09/xmldsig#
- $Revision$ on $Date$ by $Author$
-
- Copyright 2001 The Internet Society and W3C (Massachusetts Institute
- of Technology, Institut National de Recherche en Informatique et en
- Automatique, Keio University). All Rights Reserved.
- http://www.w3.org/Consortium/Legal/
-
- This document is governed by the W3C Software License [1] as described
- in the FAQ [2].
-
- [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
- [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
--->
-
-
-<schema xmlns="http://www.w3.org/2001/XMLSchema"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- targetNamespace="http://www.w3.org/2000/09/xmldsig#"
- version="0.1" elementFormDefault="qualified">
-
-<!-- Basic Types Defined for Signatures -->
-
-<simpleType name="CryptoBinary">
- <restriction base="base64Binary">
- </restriction>
-</simpleType>
-
-<!-- Start Signature -->
-
-<element name="Signature" type="ds:SignatureType"/>
-<complexType name="SignatureType">
- <sequence>
- <element ref="ds:SignedInfo"/>
- <element ref="ds:SignatureValue"/>
- <element ref="ds:KeyInfo" minOccurs="0"/>
- <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="SignatureValue" type="ds:SignatureValueType"/>
- <complexType name="SignatureValueType">
- <simpleContent>
- <extension base="base64Binary">
- <attribute name="Id" type="ID" use="optional"/>
- </extension>
- </simpleContent>
- </complexType>
-
-<!-- Start SignedInfo -->
-
-<element name="SignedInfo" type="ds:SignedInfoType"/>
-<complexType name="SignedInfoType">
- <sequence>
- <element ref="ds:CanonicalizationMethod"/>
- <element ref="ds:SignatureMethod"/>
- <element ref="ds:Reference" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
- <complexType name="CanonicalizationMethodType" mixed="true">
- <sequence>
- <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
- <!-- (0,unbounded) elements from (1,1) namespace -->
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
- <element name="SignatureMethod" type="ds:SignatureMethodType"/>
- <complexType name="SignatureMethodType" mixed="true">
- <sequence>
- <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
- <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
- <!-- (0,unbounded) elements from (1,1) external namespace -->
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
-<!-- Start Reference -->
-
-<element name="Reference" type="ds:ReferenceType"/>
-<complexType name="ReferenceType">
- <sequence>
- <element ref="ds:Transforms" minOccurs="0"/>
- <element ref="ds:DigestMethod"/>
- <element ref="ds:DigestValue"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
- <attribute name="URI" type="anyURI" use="optional"/>
- <attribute name="Type" type="anyURI" use="optional"/>
-</complexType>
-
- <element name="Transforms" type="ds:TransformsType"/>
- <complexType name="TransformsType">
- <sequence>
- <element ref="ds:Transform" maxOccurs="unbounded"/>
- </sequence>
- </complexType>
-
- <element name="Transform" type="ds:TransformType"/>
- <complexType name="TransformType" mixed="true">
- <choice minOccurs="0" maxOccurs="unbounded">
- <any namespace="##other" processContents="lax"/>
- <!-- (1,1) elements from (0,unbounded) namespaces -->
- <element name="XPath" type="string"/>
- </choice>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
-<!-- End Reference -->
-
-<element name="DigestMethod" type="ds:DigestMethodType"/>
-<complexType name="DigestMethodType" mixed="true">
- <sequence>
- <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
-</complexType>
-
-<element name="DigestValue" type="ds:DigestValueType"/>
-<simpleType name="DigestValueType">
- <restriction base="base64Binary"/>
-</simpleType>
-
-<!-- End SignedInfo -->
-
-<!-- Start KeyInfo -->
-
-<element name="KeyInfo" type="ds:KeyInfoType"/>
-<complexType name="KeyInfoType" mixed="true">
- <choice maxOccurs="unbounded">
- <element ref="ds:KeyName"/>
- <element ref="ds:KeyValue"/>
- <element ref="ds:RetrievalMethod"/>
- <element ref="ds:X509Data"/>
- <element ref="ds:PGPData"/>
- <element ref="ds:SPKIData"/>
- <element ref="ds:MgmtData"/>
- <any processContents="lax" namespace="##other"/>
- <!-- (1,1) elements from (0,unbounded) namespaces -->
- </choice>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="KeyName" type="string"/>
- <element name="MgmtData" type="string"/>
-
- <element name="KeyValue" type="ds:KeyValueType"/>
- <complexType name="KeyValueType" mixed="true">
- <choice>
- <element ref="ds:DSAKeyValue"/>
- <element ref="ds:RSAKeyValue"/>
- <any namespace="##other" processContents="lax"/>
- </choice>
- </complexType>
-
- <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
- <complexType name="RetrievalMethodType">
- <sequence>
- <element ref="ds:Transforms" minOccurs="0"/>
- </sequence>
- <attribute name="URI" type="anyURI"/>
- <attribute name="Type" type="anyURI" use="optional"/>
- </complexType>
-
-<!-- Start X509Data -->
-
-<element name="X509Data" type="ds:X509DataType"/>
-<complexType name="X509DataType">
- <sequence maxOccurs="unbounded">
- <choice>
- <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
- <element name="X509SKI" type="base64Binary"/>
- <element name="X509SubjectName" type="string"/>
- <element name="X509Certificate" type="base64Binary"/>
- <element name="X509CRL" type="base64Binary"/>
- <any namespace="##other" processContents="lax"/>
- </choice>
- </sequence>
-</complexType>
-
-<complexType name="X509IssuerSerialType">
- <sequence>
- <element name="X509IssuerName" type="string"/>
- <element name="X509SerialNumber" type="integer"/>
- </sequence>
-</complexType>
-
-<!-- End X509Data -->
-
-<!-- Begin PGPData -->
-
-<element name="PGPData" type="ds:PGPDataType"/>
-<complexType name="PGPDataType">
- <choice>
- <sequence>
- <element name="PGPKeyID" type="base64Binary"/>
- <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/>
- <any namespace="##other" processContents="lax" minOccurs="0"
- maxOccurs="unbounded"/>
- </sequence>
- <sequence>
- <element name="PGPKeyPacket" type="base64Binary"/>
- <any namespace="##other" processContents="lax" minOccurs="0"
- maxOccurs="unbounded"/>
- </sequence>
- </choice>
-</complexType>
-
-<!-- End PGPData -->
-
-<!-- Begin SPKIData -->
-
-<element name="SPKIData" type="ds:SPKIDataType"/>
-<complexType name="SPKIDataType">
- <sequence maxOccurs="unbounded">
- <element name="SPKISexp" type="base64Binary"/>
- <any namespace="##other" processContents="lax" minOccurs="0"/>
- </sequence>
-</complexType>
-
-<!-- End SPKIData -->
-
-<!-- End KeyInfo -->
-
-<!-- Start Object (Manifest, SignatureProperty) -->
-
-<element name="Object" type="ds:ObjectType"/>
-<complexType name="ObjectType" mixed="true">
- <sequence minOccurs="0" maxOccurs="unbounded">
- <any namespace="##any" processContents="lax"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
- <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
- <attribute name="Encoding" type="anyURI" use="optional"/>
-</complexType>
-
-<element name="Manifest" type="ds:ManifestType"/>
-<complexType name="ManifestType">
- <sequence>
- <element ref="ds:Reference" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
-<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
-<complexType name="SignaturePropertiesType">
- <sequence>
- <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
- <complexType name="SignaturePropertyType" mixed="true">
- <choice maxOccurs="unbounded">
- <any namespace="##other" processContents="lax"/>
- <!-- (1,1) elements from (1,unbounded) namespaces -->
- </choice>
- <attribute name="Target" type="anyURI" use="required"/>
- <attribute name="Id" type="ID" use="optional"/>
- </complexType>
-
-<!-- End Object (Manifest, SignatureProperty) -->
-
-<!-- Start Algorithm Parameters -->
-
-<simpleType name="HMACOutputLengthType">
- <restriction base="integer"/>
-</simpleType>
-
-<!-- Start KeyValue Element-types -->
-
-<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
-<complexType name="DSAKeyValueType">
- <sequence>
- <sequence minOccurs="0">
- <element name="P" type="ds:CryptoBinary"/>
- <element name="Q" type="ds:CryptoBinary"/>
- </sequence>
- <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
- <element name="Y" type="ds:CryptoBinary"/>
- <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
- <sequence minOccurs="0">
- <element name="Seed" type="ds:CryptoBinary"/>
- <element name="PgenCounter" type="ds:CryptoBinary"/>
- </sequence>
- </sequence>
-</complexType>
-
-<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
-<complexType name="RSAKeyValueType">
- <sequence>
- <element name="Modulus" type="ds:CryptoBinary"/>
- <element name="Exponent" type="ds:CryptoBinary"/>
- </sequence>
-</complexType>
-
-<!-- End KeyValue Element-types -->
-
-<!-- End Signature -->
-
-</schema>