ruby-saml 0.8.16 → 0.9
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/.travis.yml +1 -6
- data/Gemfile +2 -12
- data/README.md +363 -35
- data/Rakefile +14 -0
- data/changelog.md +22 -9
- data/lib/onelogin/ruby-saml/attribute_service.rb +34 -0
- data/lib/onelogin/ruby-saml/attributes.rb +26 -64
- data/lib/onelogin/ruby-saml/authrequest.rb +47 -89
- data/lib/onelogin/ruby-saml/idp_metadata_parser.rb +87 -0
- data/lib/onelogin/ruby-saml/logoutrequest.rb +34 -93
- data/lib/onelogin/ruby-saml/logoutresponse.rb +25 -24
- data/lib/onelogin/ruby-saml/metadata.rb +46 -16
- data/lib/onelogin/ruby-saml/response.rb +62 -322
- data/lib/onelogin/ruby-saml/saml_message.rb +78 -0
- data/lib/onelogin/ruby-saml/settings.rb +54 -121
- data/lib/onelogin/ruby-saml/slo_logoutrequest.rb +26 -61
- data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +27 -84
- data/lib/onelogin/ruby-saml/utils.rb +32 -199
- data/lib/onelogin/ruby-saml/version.rb +1 -1
- data/lib/ruby-saml.rb +5 -2
- data/lib/schemas/{saml20assertion_schema.xsd → saml-schema-assertion-2.0.xsd} +283 -283
- data/lib/schemas/saml-schema-authn-context-2.0.xsd +23 -0
- data/lib/schemas/saml-schema-authn-context-types-2.0.xsd +821 -0
- data/lib/schemas/saml-schema-metadata-2.0.xsd +339 -0
- data/lib/schemas/{saml20protocol_schema.xsd → saml-schema-protocol-2.0.xsd} +302 -302
- data/lib/schemas/sstc-metadata-attr.xsd +35 -0
- data/lib/schemas/sstc-saml-attribute-ext.xsd +25 -0
- data/lib/schemas/sstc-saml-metadata-algsupport-v1.0.xsd +41 -0
- data/lib/schemas/sstc-saml-metadata-ui-v1.0.xsd +89 -0
- data/lib/schemas/{xenc_schema.xsd → xenc-schema.xsd} +1 -11
- data/lib/schemas/xml.xsd +287 -0
- data/lib/schemas/{xmldsig_schema.xsd → xmldsig-core-schema.xsd} +0 -9
- data/lib/xml_security.rb +83 -235
- data/ruby-saml.gemspec +1 -0
- data/test/idp_metadata_parser_test.rb +54 -0
- data/test/logoutrequest_test.rb +68 -144
- data/test/logoutresponse_test.rb +43 -25
- data/test/metadata_test.rb +87 -0
- data/test/request_test.rb +103 -90
- data/test/response_test.rb +181 -471
- data/test/responses/idp_descriptor.xml +3 -0
- data/test/responses/logoutresponse_fixtures.rb +5 -5
- data/test/responses/response_no_cert_and_encrypted_attrs.xml +29 -0
- data/test/responses/response_with_multiple_attribute_values.xml +1 -1
- data/test/responses/slo_request.xml +4 -0
- data/test/settings_test.rb +25 -112
- data/test/slo_logoutrequest_test.rb +41 -44
- data/test/slo_logoutresponse_test.rb +87 -167
- data/test/test_helper.rb +27 -102
- data/test/xml_security_test.rb +114 -337
- metadata +34 -84
- data/lib/onelogin/ruby-saml/setting_error.rb +0 -6
- data/test/certificates/certificate.der +0 -0
- data/test/certificates/formatted_certificate +0 -14
- data/test/certificates/formatted_chained_certificate +0 -42
- data/test/certificates/formatted_private_key +0 -12
- data/test/certificates/formatted_rsa_private_key +0 -12
- data/test/certificates/invalid_certificate1 +0 -1
- data/test/certificates/invalid_certificate2 +0 -1
- data/test/certificates/invalid_certificate3 +0 -12
- data/test/certificates/invalid_chained_certificate1 +0 -1
- data/test/certificates/invalid_private_key1 +0 -1
- data/test/certificates/invalid_private_key2 +0 -1
- data/test/certificates/invalid_private_key3 +0 -10
- data/test/certificates/invalid_rsa_private_key1 +0 -1
- data/test/certificates/invalid_rsa_private_key2 +0 -1
- data/test/certificates/invalid_rsa_private_key3 +0 -10
- data/test/certificates/ruby-saml-2.crt +0 -15
- data/test/requests/logoutrequest_fixtures.rb +0 -47
- data/test/responses/encrypted_new_attack.xml.base64 +0 -1
- data/test/responses/invalids/invalid_issuer_assertion.xml.base64 +0 -1
- data/test/responses/invalids/invalid_issuer_message.xml.base64 +0 -1
- data/test/responses/invalids/multiple_signed.xml.base64 +0 -1
- data/test/responses/invalids/no_signature.xml.base64 +0 -1
- data/test/responses/invalids/response_with_concealed_signed_assertion.xml +0 -51
- data/test/responses/invalids/response_with_doubled_signed_assertion.xml +0 -49
- data/test/responses/invalids/signature_wrapping_attack.xml.base64 +0 -1
- data/test/responses/response_node_text_attack.xml.base64 +0 -1
- data/test/responses/response_with_concealed_signed_assertion.xml +0 -51
- data/test/responses/response_with_doubled_signed_assertion.xml +0 -49
- data/test/responses/response_with_multiple_attribute_statements.xml +0 -72
- data/test/responses/response_with_signed_assertion_3.xml +0 -30
- data/test/responses/response_with_signed_message_and_assertion.xml +0 -34
- data/test/responses/response_with_undefined_recipient.xml.base64 +0 -1
- data/test/responses/response_wrapped.xml.base64 +0 -150
- data/test/responses/valid_response.xml.base64 +0 -1
- data/test/responses/valid_response_without_x509certificate.xml.base64 +0 -1
- data/test/utils_test.rb +0 -231
@@ -0,0 +1,339 @@
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
+
<schema
|
3
|
+
targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata"
|
4
|
+
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
|
5
|
+
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
|
6
|
+
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
|
7
|
+
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
8
|
+
xmlns="http://www.w3.org/2001/XMLSchema"
|
9
|
+
elementFormDefault="unqualified"
|
10
|
+
attributeFormDefault="unqualified"
|
11
|
+
blockDefault="substitution"
|
12
|
+
version="2.0">
|
13
|
+
<import namespace="http://www.w3.org/2000/09/xmldsig#"
|
14
|
+
schemaLocation="xmldsig-core-schema.xsd"/>
|
15
|
+
<import namespace="http://www.w3.org/2001/04/xmlenc#"
|
16
|
+
schemaLocation="xenc-schema.xsd"/>
|
17
|
+
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
|
18
|
+
schemaLocation="saml-schema-assertion-2.0.xsd"/>
|
19
|
+
<import namespace="http://www.w3.org/XML/1998/namespace"
|
20
|
+
schemaLocation="xml.xsd"/>
|
21
|
+
<annotation>
|
22
|
+
<documentation>
|
23
|
+
Document identifier: saml-schema-metadata-2.0
|
24
|
+
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
25
|
+
Revision history:
|
26
|
+
V2.0 (March, 2005):
|
27
|
+
Schema for SAML metadata, first published in SAML 2.0.
|
28
|
+
</documentation>
|
29
|
+
</annotation>
|
30
|
+
|
31
|
+
<simpleType name="entityIDType">
|
32
|
+
<restriction base="anyURI">
|
33
|
+
<maxLength value="1024"/>
|
34
|
+
</restriction>
|
35
|
+
</simpleType>
|
36
|
+
<complexType name="localizedNameType">
|
37
|
+
<simpleContent>
|
38
|
+
<extension base="string">
|
39
|
+
<attribute ref="xml:lang" use="required"/>
|
40
|
+
</extension>
|
41
|
+
</simpleContent>
|
42
|
+
</complexType>
|
43
|
+
<complexType name="localizedURIType">
|
44
|
+
<simpleContent>
|
45
|
+
<extension base="anyURI">
|
46
|
+
<attribute ref="xml:lang" use="required"/>
|
47
|
+
</extension>
|
48
|
+
</simpleContent>
|
49
|
+
</complexType>
|
50
|
+
|
51
|
+
<element name="Extensions" type="md:ExtensionsType"/>
|
52
|
+
<complexType final="#all" name="ExtensionsType">
|
53
|
+
<sequence>
|
54
|
+
<any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
|
55
|
+
</sequence>
|
56
|
+
</complexType>
|
57
|
+
|
58
|
+
<complexType name="EndpointType">
|
59
|
+
<sequence>
|
60
|
+
<any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
|
61
|
+
</sequence>
|
62
|
+
<attribute name="Binding" type="anyURI" use="required"/>
|
63
|
+
<attribute name="Location" type="anyURI" use="required"/>
|
64
|
+
<attribute name="ResponseLocation" type="anyURI" use="optional"/>
|
65
|
+
<anyAttribute namespace="##other" processContents="lax"/>
|
66
|
+
</complexType>
|
67
|
+
|
68
|
+
<complexType name="IndexedEndpointType">
|
69
|
+
<complexContent>
|
70
|
+
<extension base="md:EndpointType">
|
71
|
+
<attribute name="index" type="unsignedShort" use="required"/>
|
72
|
+
<attribute name="isDefault" type="boolean" use="optional"/>
|
73
|
+
</extension>
|
74
|
+
</complexContent>
|
75
|
+
</complexType>
|
76
|
+
|
77
|
+
<element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/>
|
78
|
+
<complexType name="EntitiesDescriptorType">
|
79
|
+
<sequence>
|
80
|
+
<element ref="ds:Signature" minOccurs="0"/>
|
81
|
+
<element ref="md:Extensions" minOccurs="0"/>
|
82
|
+
<choice minOccurs="1" maxOccurs="unbounded">
|
83
|
+
<element ref="md:EntityDescriptor"/>
|
84
|
+
<element ref="md:EntitiesDescriptor"/>
|
85
|
+
</choice>
|
86
|
+
</sequence>
|
87
|
+
<attribute name="validUntil" type="dateTime" use="optional"/>
|
88
|
+
<attribute name="cacheDuration" type="duration" use="optional"/>
|
89
|
+
<attribute name="ID" type="ID" use="optional"/>
|
90
|
+
<attribute name="Name" type="string" use="optional"/>
|
91
|
+
</complexType>
|
92
|
+
|
93
|
+
<element name="EntityDescriptor" type="md:EntityDescriptorType"/>
|
94
|
+
<complexType name="EntityDescriptorType">
|
95
|
+
<sequence>
|
96
|
+
<element ref="ds:Signature" minOccurs="0"/>
|
97
|
+
<element ref="md:Extensions" minOccurs="0"/>
|
98
|
+
<choice>
|
99
|
+
<choice maxOccurs="unbounded">
|
100
|
+
<element ref="md:RoleDescriptor"/>
|
101
|
+
<element ref="md:IDPSSODescriptor"/>
|
102
|
+
<element ref="md:SPSSODescriptor"/>
|
103
|
+
<element ref="md:AuthnAuthorityDescriptor"/>
|
104
|
+
<element ref="md:AttributeAuthorityDescriptor"/>
|
105
|
+
<element ref="md:PDPDescriptor"/>
|
106
|
+
</choice>
|
107
|
+
<element ref="md:AffiliationDescriptor"/>
|
108
|
+
</choice>
|
109
|
+
<element ref="md:Organization" minOccurs="0"/>
|
110
|
+
<element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
|
111
|
+
<element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/>
|
112
|
+
</sequence>
|
113
|
+
<attribute name="entityID" type="md:entityIDType" use="required"/>
|
114
|
+
<attribute name="validUntil" type="dateTime" use="optional"/>
|
115
|
+
<attribute name="cacheDuration" type="duration" use="optional"/>
|
116
|
+
<attribute name="ID" type="ID" use="optional"/>
|
117
|
+
<anyAttribute namespace="##other" processContents="lax"/>
|
118
|
+
</complexType>
|
119
|
+
|
120
|
+
<element name="Organization" type="md:OrganizationType"/>
|
121
|
+
<complexType name="OrganizationType">
|
122
|
+
<sequence>
|
123
|
+
<element ref="md:Extensions" minOccurs="0"/>
|
124
|
+
<element ref="md:OrganizationName" maxOccurs="unbounded"/>
|
125
|
+
<element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/>
|
126
|
+
<element ref="md:OrganizationURL" maxOccurs="unbounded"/>
|
127
|
+
</sequence>
|
128
|
+
<anyAttribute namespace="##other" processContents="lax"/>
|
129
|
+
</complexType>
|
130
|
+
<element name="OrganizationName" type="md:localizedNameType"/>
|
131
|
+
<element name="OrganizationDisplayName" type="md:localizedNameType"/>
|
132
|
+
<element name="OrganizationURL" type="md:localizedURIType"/>
|
133
|
+
<element name="ContactPerson" type="md:ContactType"/>
|
134
|
+
<complexType name="ContactType">
|
135
|
+
<sequence>
|
136
|
+
<element ref="md:Extensions" minOccurs="0"/>
|
137
|
+
<element ref="md:Company" minOccurs="0"/>
|
138
|
+
<element ref="md:GivenName" minOccurs="0"/>
|
139
|
+
<element ref="md:SurName" minOccurs="0"/>
|
140
|
+
<element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/>
|
141
|
+
<element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/>
|
142
|
+
</sequence>
|
143
|
+
<attribute name="contactType" type="md:ContactTypeType" use="required"/>
|
144
|
+
<anyAttribute namespace="##other" processContents="lax"/>
|
145
|
+
</complexType>
|
146
|
+
<element name="Company" type="string"/>
|
147
|
+
<element name="GivenName" type="string"/>
|
148
|
+
<element name="SurName" type="string"/>
|
149
|
+
<element name="EmailAddress" type="anyURI"/>
|
150
|
+
<element name="TelephoneNumber" type="string"/>
|
151
|
+
<simpleType name="ContactTypeType">
|
152
|
+
<restriction base="string">
|
153
|
+
<enumeration value="technical"/>
|
154
|
+
<enumeration value="support"/>
|
155
|
+
<enumeration value="administrative"/>
|
156
|
+
<enumeration value="billing"/>
|
157
|
+
<enumeration value="other"/>
|
158
|
+
</restriction>
|
159
|
+
</simpleType>
|
160
|
+
|
161
|
+
<element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/>
|
162
|
+
<complexType name="AdditionalMetadataLocationType">
|
163
|
+
<simpleContent>
|
164
|
+
<extension base="anyURI">
|
165
|
+
<attribute name="namespace" type="anyURI" use="required"/>
|
166
|
+
</extension>
|
167
|
+
</simpleContent>
|
168
|
+
</complexType>
|
169
|
+
|
170
|
+
<element name="RoleDescriptor" type="md:RoleDescriptorType"/>
|
171
|
+
<complexType name="RoleDescriptorType" abstract="true">
|
172
|
+
<sequence>
|
173
|
+
<element ref="ds:Signature" minOccurs="0"/>
|
174
|
+
<element ref="md:Extensions" minOccurs="0"/>
|
175
|
+
<element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
|
176
|
+
<element ref="md:Organization" minOccurs="0"/>
|
177
|
+
<element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
|
178
|
+
</sequence>
|
179
|
+
<attribute name="ID" type="ID" use="optional"/>
|
180
|
+
<attribute name="validUntil" type="dateTime" use="optional"/>
|
181
|
+
<attribute name="cacheDuration" type="duration" use="optional"/>
|
182
|
+
<attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/>
|
183
|
+
<attribute name="errorURL" type="anyURI" use="optional"/>
|
184
|
+
<anyAttribute namespace="##other" processContents="lax"/>
|
185
|
+
</complexType>
|
186
|
+
<simpleType name="anyURIListType">
|
187
|
+
<list itemType="anyURI"/>
|
188
|
+
</simpleType>
|
189
|
+
|
190
|
+
<element name="KeyDescriptor" type="md:KeyDescriptorType"/>
|
191
|
+
<complexType name="KeyDescriptorType">
|
192
|
+
<sequence>
|
193
|
+
<element ref="ds:KeyInfo"/>
|
194
|
+
<element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>
|
195
|
+
</sequence>
|
196
|
+
<attribute name="use" type="md:KeyTypes" use="optional"/>
|
197
|
+
</complexType>
|
198
|
+
<simpleType name="KeyTypes">
|
199
|
+
<restriction base="string">
|
200
|
+
<enumeration value="encryption"/>
|
201
|
+
<enumeration value="signing"/>
|
202
|
+
</restriction>
|
203
|
+
</simpleType>
|
204
|
+
<element name="EncryptionMethod" type="xenc:EncryptionMethodType"/>
|
205
|
+
|
206
|
+
<complexType name="SSODescriptorType" abstract="true">
|
207
|
+
<complexContent>
|
208
|
+
<extension base="md:RoleDescriptorType">
|
209
|
+
<sequence>
|
210
|
+
<element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/>
|
211
|
+
<element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>
|
212
|
+
<element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/>
|
213
|
+
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
|
214
|
+
</sequence>
|
215
|
+
</extension>
|
216
|
+
</complexContent>
|
217
|
+
</complexType>
|
218
|
+
<element name="ArtifactResolutionService" type="md:IndexedEndpointType"/>
|
219
|
+
<element name="SingleLogoutService" type="md:EndpointType"/>
|
220
|
+
<element name="ManageNameIDService" type="md:EndpointType"/>
|
221
|
+
<element name="NameIDFormat" type="anyURI"/>
|
222
|
+
|
223
|
+
<element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/>
|
224
|
+
<complexType name="IDPSSODescriptorType">
|
225
|
+
<complexContent>
|
226
|
+
<extension base="md:SSODescriptorType">
|
227
|
+
<sequence>
|
228
|
+
<element ref="md:SingleSignOnService" maxOccurs="unbounded"/>
|
229
|
+
<element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>
|
230
|
+
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
|
231
|
+
<element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
|
232
|
+
<element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
|
233
|
+
</sequence>
|
234
|
+
<attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>
|
235
|
+
</extension>
|
236
|
+
</complexContent>
|
237
|
+
</complexType>
|
238
|
+
<element name="SingleSignOnService" type="md:EndpointType"/>
|
239
|
+
<element name="NameIDMappingService" type="md:EndpointType"/>
|
240
|
+
<element name="AssertionIDRequestService" type="md:EndpointType"/>
|
241
|
+
<element name="AttributeProfile" type="anyURI"/>
|
242
|
+
|
243
|
+
<element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>
|
244
|
+
<complexType name="SPSSODescriptorType">
|
245
|
+
<complexContent>
|
246
|
+
<extension base="md:SSODescriptorType">
|
247
|
+
<sequence>
|
248
|
+
<element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>
|
249
|
+
<element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
|
250
|
+
<element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>
|
251
|
+
<element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
|
252
|
+
</sequence>
|
253
|
+
<attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>
|
254
|
+
<attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
|
255
|
+
</extension>
|
256
|
+
</complexContent>
|
257
|
+
</complexType>
|
258
|
+
<element name="AssertionConsumerService" type="md:IndexedEndpointType"/>
|
259
|
+
<element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>
|
260
|
+
<complexType name="AttributeConsumingServiceType">
|
261
|
+
<sequence>
|
262
|
+
<element ref="md:ServiceName" maxOccurs="unbounded"/>
|
263
|
+
<element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>
|
264
|
+
<element ref="md:RequestedAttribute" maxOccurs="unbounded"/>
|
265
|
+
</sequence>
|
266
|
+
<attribute name="index" type="unsignedShort" use="required"/>
|
267
|
+
<attribute name="isDefault" type="boolean" use="optional"/>
|
268
|
+
</complexType>
|
269
|
+
<element name="ServiceName" type="md:localizedNameType"/>
|
270
|
+
<element name="ServiceDescription" type="md:localizedNameType"/>
|
271
|
+
<element name="RequestedAttribute" type="md:RequestedAttributeType"/>
|
272
|
+
<complexType name="RequestedAttributeType">
|
273
|
+
<complexContent>
|
274
|
+
<extension base="saml:AttributeType">
|
275
|
+
<attribute name="isRequired" type="boolean" use="optional"/>
|
276
|
+
</extension>
|
277
|
+
</complexContent>
|
278
|
+
</complexType>
|
279
|
+
|
280
|
+
<element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>
|
281
|
+
<complexType name="AuthnAuthorityDescriptorType">
|
282
|
+
<complexContent>
|
283
|
+
<extension base="md:RoleDescriptorType">
|
284
|
+
<sequence>
|
285
|
+
<element ref="md:AuthnQueryService" maxOccurs="unbounded"/>
|
286
|
+
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
|
287
|
+
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
|
288
|
+
</sequence>
|
289
|
+
</extension>
|
290
|
+
</complexContent>
|
291
|
+
</complexType>
|
292
|
+
<element name="AuthnQueryService" type="md:EndpointType"/>
|
293
|
+
|
294
|
+
<element name="PDPDescriptor" type="md:PDPDescriptorType"/>
|
295
|
+
<complexType name="PDPDescriptorType">
|
296
|
+
<complexContent>
|
297
|
+
<extension base="md:RoleDescriptorType">
|
298
|
+
<sequence>
|
299
|
+
<element ref="md:AuthzService" maxOccurs="unbounded"/>
|
300
|
+
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
|
301
|
+
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
|
302
|
+
</sequence>
|
303
|
+
</extension>
|
304
|
+
</complexContent>
|
305
|
+
</complexType>
|
306
|
+
<element name="AuthzService" type="md:EndpointType"/>
|
307
|
+
|
308
|
+
<element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/>
|
309
|
+
<complexType name="AttributeAuthorityDescriptorType">
|
310
|
+
<complexContent>
|
311
|
+
<extension base="md:RoleDescriptorType">
|
312
|
+
<sequence>
|
313
|
+
<element ref="md:AttributeService" maxOccurs="unbounded"/>
|
314
|
+
<element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
|
315
|
+
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
|
316
|
+
<element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
|
317
|
+
<element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
|
318
|
+
</sequence>
|
319
|
+
</extension>
|
320
|
+
</complexContent>
|
321
|
+
</complexType>
|
322
|
+
<element name="AttributeService" type="md:EndpointType"/>
|
323
|
+
|
324
|
+
<element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>
|
325
|
+
<complexType name="AffiliationDescriptorType">
|
326
|
+
<sequence>
|
327
|
+
<element ref="ds:Signature" minOccurs="0"/>
|
328
|
+
<element ref="md:Extensions" minOccurs="0"/>
|
329
|
+
<element ref="md:AffiliateMember" maxOccurs="unbounded"/>
|
330
|
+
<element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
|
331
|
+
</sequence>
|
332
|
+
<attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/>
|
333
|
+
<attribute name="validUntil" type="dateTime" use="optional"/>
|
334
|
+
<attribute name="cacheDuration" type="duration" use="optional"/>
|
335
|
+
<attribute name="ID" type="ID" use="optional"/>
|
336
|
+
<anyAttribute namespace="##other" processContents="lax"/>
|
337
|
+
</complexType>
|
338
|
+
<element name="AffiliateMember" type="md:entityIDType"/>
|
339
|
+
</schema>
|
@@ -1,302 +1,302 @@
|
|
1
|
-
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
-
<schema
|
3
|
-
targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
|
4
|
-
xmlns="http://www.w3.org/2001/XMLSchema"
|
5
|
-
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
6
|
-
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
7
|
-
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
|
8
|
-
elementFormDefault="unqualified"
|
9
|
-
attributeFormDefault="unqualified"
|
10
|
-
blockDefault="substitution"
|
11
|
-
version="2.0">
|
12
|
-
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
|
13
|
-
schemaLocation="
|
14
|
-
<import namespace="http://www.w3.org/2000/09/xmldsig#"
|
15
|
-
schemaLocation="
|
16
|
-
<annotation>
|
17
|
-
<documentation>
|
18
|
-
Document identifier: saml-schema-protocol-2.0
|
19
|
-
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
20
|
-
Revision history:
|
21
|
-
V1.0 (November, 2002):
|
22
|
-
Initial Standard Schema.
|
23
|
-
V1.1 (September, 2003):
|
24
|
-
Updates within the same V1.0 namespace.
|
25
|
-
V2.0 (March, 2005):
|
26
|
-
New protocol schema based in a SAML V2.0 namespace.
|
27
|
-
</documentation>
|
28
|
-
</annotation>
|
29
|
-
<complexType name="RequestAbstractType" abstract="true">
|
30
|
-
<sequence>
|
31
|
-
<element ref="saml:Issuer" minOccurs="0"/>
|
32
|
-
<element ref="ds:Signature" minOccurs="0"/>
|
33
|
-
<element ref="samlp:Extensions" minOccurs="0"/>
|
34
|
-
</sequence>
|
35
|
-
<attribute name="ID" type="ID" use="required"/>
|
36
|
-
<attribute name="Version" type="string" use="required"/>
|
37
|
-
<attribute name="IssueInstant" type="dateTime" use="required"/>
|
38
|
-
<attribute name="Destination" type="anyURI" use="optional"/>
|
39
|
-
<attribute name="Consent" type="anyURI" use="optional"/>
|
40
|
-
</complexType>
|
41
|
-
<element name="Extensions" type="samlp:ExtensionsType"/>
|
42
|
-
<complexType name="ExtensionsType">
|
43
|
-
<sequence>
|
44
|
-
<any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
|
45
|
-
</sequence>
|
46
|
-
</complexType>
|
47
|
-
<complexType name="StatusResponseType">
|
48
|
-
<sequence>
|
49
|
-
<element ref="saml:Issuer" minOccurs="0"/>
|
50
|
-
<element ref="ds:Signature" minOccurs="0"/>
|
51
|
-
<element ref="samlp:Extensions" minOccurs="0"/>
|
52
|
-
<element ref="samlp:Status"/>
|
53
|
-
</sequence>
|
54
|
-
<attribute name="ID" type="ID" use="required"/>
|
55
|
-
<attribute name="InResponseTo" type="NCName" use="optional"/>
|
56
|
-
<attribute name="Version" type="string" use="required"/>
|
57
|
-
<attribute name="IssueInstant" type="dateTime" use="required"/>
|
58
|
-
<attribute name="Destination" type="anyURI" use="optional"/>
|
59
|
-
<attribute name="Consent" type="anyURI" use="optional"/>
|
60
|
-
</complexType>
|
61
|
-
<element name="Status" type="samlp:StatusType"/>
|
62
|
-
<complexType name="StatusType">
|
63
|
-
<sequence>
|
64
|
-
<element ref="samlp:StatusCode"/>
|
65
|
-
<element ref="samlp:StatusMessage" minOccurs="0"/>
|
66
|
-
<element ref="samlp:StatusDetail" minOccurs="0"/>
|
67
|
-
</sequence>
|
68
|
-
</complexType>
|
69
|
-
<element name="StatusCode" type="samlp:StatusCodeType"/>
|
70
|
-
<complexType name="StatusCodeType">
|
71
|
-
<sequence>
|
72
|
-
<element ref="samlp:StatusCode" minOccurs="0"/>
|
73
|
-
</sequence>
|
74
|
-
<attribute name="Value" type="anyURI" use="required"/>
|
75
|
-
</complexType>
|
76
|
-
<element name="StatusMessage" type="string"/>
|
77
|
-
<element name="StatusDetail" type="samlp:StatusDetailType"/>
|
78
|
-
<complexType name="StatusDetailType">
|
79
|
-
<sequence>
|
80
|
-
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
|
81
|
-
</sequence>
|
82
|
-
</complexType>
|
83
|
-
<element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
|
84
|
-
<complexType name="AssertionIDRequestType">
|
85
|
-
<complexContent>
|
86
|
-
<extension base="samlp:RequestAbstractType">
|
87
|
-
<sequence>
|
88
|
-
<element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
|
89
|
-
</sequence>
|
90
|
-
</extension>
|
91
|
-
</complexContent>
|
92
|
-
</complexType>
|
93
|
-
<element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
|
94
|
-
<complexType name="SubjectQueryAbstractType" abstract="true">
|
95
|
-
<complexContent>
|
96
|
-
<extension base="samlp:RequestAbstractType">
|
97
|
-
<sequence>
|
98
|
-
<element ref="saml:Subject"/>
|
99
|
-
</sequence>
|
100
|
-
</extension>
|
101
|
-
</complexContent>
|
102
|
-
</complexType>
|
103
|
-
<element name="AuthnQuery" type="samlp:AuthnQueryType"/>
|
104
|
-
<complexType name="AuthnQueryType">
|
105
|
-
<complexContent>
|
106
|
-
<extension base="samlp:SubjectQueryAbstractType">
|
107
|
-
<sequence>
|
108
|
-
<element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
|
109
|
-
</sequence>
|
110
|
-
<attribute name="SessionIndex" type="string" use="optional"/>
|
111
|
-
</extension>
|
112
|
-
</complexContent>
|
113
|
-
</complexType>
|
114
|
-
<element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
|
115
|
-
<complexType name="RequestedAuthnContextType">
|
116
|
-
<choice>
|
117
|
-
<element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
|
118
|
-
<element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
|
119
|
-
</choice>
|
120
|
-
<attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
|
121
|
-
</complexType>
|
122
|
-
<simpleType name="AuthnContextComparisonType">
|
123
|
-
<restriction base="string">
|
124
|
-
<enumeration value="exact"/>
|
125
|
-
<enumeration value="minimum"/>
|
126
|
-
<enumeration value="maximum"/>
|
127
|
-
<enumeration value="better"/>
|
128
|
-
</restriction>
|
129
|
-
</simpleType>
|
130
|
-
<element name="AttributeQuery" type="samlp:AttributeQueryType"/>
|
131
|
-
<complexType name="AttributeQueryType">
|
132
|
-
<complexContent>
|
133
|
-
<extension base="samlp:SubjectQueryAbstractType">
|
134
|
-
<sequence>
|
135
|
-
<element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
|
136
|
-
</sequence>
|
137
|
-
</extension>
|
138
|
-
</complexContent>
|
139
|
-
</complexType>
|
140
|
-
<element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
|
141
|
-
<complexType name="AuthzDecisionQueryType">
|
142
|
-
<complexContent>
|
143
|
-
<extension base="samlp:SubjectQueryAbstractType">
|
144
|
-
<sequence>
|
145
|
-
<element ref="saml:Action" maxOccurs="unbounded"/>
|
146
|
-
<element ref="saml:Evidence" minOccurs="0"/>
|
147
|
-
</sequence>
|
148
|
-
<attribute name="Resource" type="anyURI" use="required"/>
|
149
|
-
</extension>
|
150
|
-
</complexContent>
|
151
|
-
</complexType>
|
152
|
-
<element name="AuthnRequest" type="samlp:AuthnRequestType"/>
|
153
|
-
<complexType name="AuthnRequestType">
|
154
|
-
<complexContent>
|
155
|
-
<extension base="samlp:RequestAbstractType">
|
156
|
-
<sequence>
|
157
|
-
<element ref="saml:Subject" minOccurs="0"/>
|
158
|
-
<element ref="samlp:NameIDPolicy" minOccurs="0"/>
|
159
|
-
<element ref="saml:Conditions" minOccurs="0"/>
|
160
|
-
<element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
|
161
|
-
<element ref="samlp:Scoping" minOccurs="0"/>
|
162
|
-
</sequence>
|
163
|
-
<attribute name="ForceAuthn" type="boolean" use="optional"/>
|
164
|
-
<attribute name="IsPassive" type="boolean" use="optional"/>
|
165
|
-
<attribute name="ProtocolBinding" type="anyURI" use="optional"/>
|
166
|
-
<attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
|
167
|
-
<attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
|
168
|
-
<attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
|
169
|
-
<attribute name="ProviderName" type="string" use="optional"/>
|
170
|
-
</extension>
|
171
|
-
</complexContent>
|
172
|
-
</complexType>
|
173
|
-
<element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
|
174
|
-
<complexType name="NameIDPolicyType">
|
175
|
-
<attribute name="Format" type="anyURI" use="optional"/>
|
176
|
-
<attribute name="SPNameQualifier" type="string" use="optional"/>
|
177
|
-
<attribute name="AllowCreate" type="boolean" use="optional"/>
|
178
|
-
</complexType>
|
179
|
-
<element name="Scoping" type="samlp:ScopingType"/>
|
180
|
-
<complexType name="ScopingType">
|
181
|
-
<sequence>
|
182
|
-
<element ref="samlp:IDPList" minOccurs="0"/>
|
183
|
-
<element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
|
184
|
-
</sequence>
|
185
|
-
<attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
|
186
|
-
</complexType>
|
187
|
-
<element name="RequesterID" type="anyURI"/>
|
188
|
-
<element name="IDPList" type="samlp:IDPListType"/>
|
189
|
-
<complexType name="IDPListType">
|
190
|
-
<sequence>
|
191
|
-
<element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
|
192
|
-
<element ref="samlp:GetComplete" minOccurs="0"/>
|
193
|
-
</sequence>
|
194
|
-
</complexType>
|
195
|
-
<element name="IDPEntry" type="samlp:IDPEntryType"/>
|
196
|
-
<complexType name="IDPEntryType">
|
197
|
-
<attribute name="ProviderID" type="anyURI" use="required"/>
|
198
|
-
<attribute name="Name" type="string" use="optional"/>
|
199
|
-
<attribute name="Loc" type="anyURI" use="optional"/>
|
200
|
-
</complexType>
|
201
|
-
<element name="GetComplete" type="anyURI"/>
|
202
|
-
<element name="Response" type="samlp:ResponseType"/>
|
203
|
-
<complexType name="ResponseType">
|
204
|
-
<complexContent>
|
205
|
-
<extension base="samlp:StatusResponseType">
|
206
|
-
<choice minOccurs="0" maxOccurs="unbounded">
|
207
|
-
<element ref="saml:Assertion"/>
|
208
|
-
<element ref="saml:EncryptedAssertion"/>
|
209
|
-
</choice>
|
210
|
-
</extension>
|
211
|
-
</complexContent>
|
212
|
-
</complexType>
|
213
|
-
<element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
|
214
|
-
<complexType name="ArtifactResolveType">
|
215
|
-
<complexContent>
|
216
|
-
<extension base="samlp:RequestAbstractType">
|
217
|
-
<sequence>
|
218
|
-
<element ref="samlp:Artifact"/>
|
219
|
-
</sequence>
|
220
|
-
</extension>
|
221
|
-
</complexContent>
|
222
|
-
</complexType>
|
223
|
-
<element name="Artifact" type="string"/>
|
224
|
-
<element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
|
225
|
-
<complexType name="ArtifactResponseType">
|
226
|
-
<complexContent>
|
227
|
-
<extension base="samlp:StatusResponseType">
|
228
|
-
<sequence>
|
229
|
-
<any namespace="##any" processContents="lax" minOccurs="0"/>
|
230
|
-
</sequence>
|
231
|
-
</extension>
|
232
|
-
</complexContent>
|
233
|
-
</complexType>
|
234
|
-
<element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
|
235
|
-
<complexType name="ManageNameIDRequestType">
|
236
|
-
<complexContent>
|
237
|
-
<extension base="samlp:RequestAbstractType">
|
238
|
-
<sequence>
|
239
|
-
<choice>
|
240
|
-
<element ref="saml:NameID"/>
|
241
|
-
<element ref="saml:EncryptedID"/>
|
242
|
-
</choice>
|
243
|
-
<choice>
|
244
|
-
<element ref="samlp:NewID"/>
|
245
|
-
<element ref="samlp:NewEncryptedID"/>
|
246
|
-
<element ref="samlp:Terminate"/>
|
247
|
-
</choice>
|
248
|
-
</sequence>
|
249
|
-
</extension>
|
250
|
-
</complexContent>
|
251
|
-
</complexType>
|
252
|
-
<element name="NewID" type="string"/>
|
253
|
-
<element name="NewEncryptedID" type="saml:EncryptedElementType"/>
|
254
|
-
<element name="Terminate" type="samlp:TerminateType"/>
|
255
|
-
<complexType name="TerminateType"/>
|
256
|
-
<element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
|
257
|
-
<element name="LogoutRequest" type="samlp:LogoutRequestType"/>
|
258
|
-
<complexType name="LogoutRequestType">
|
259
|
-
<complexContent>
|
260
|
-
<extension base="samlp:RequestAbstractType">
|
261
|
-
<sequence>
|
262
|
-
<choice>
|
263
|
-
<element ref="saml:BaseID"/>
|
264
|
-
<element ref="saml:NameID"/>
|
265
|
-
<element ref="saml:EncryptedID"/>
|
266
|
-
</choice>
|
267
|
-
<element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
|
268
|
-
</sequence>
|
269
|
-
<attribute name="Reason" type="string" use="optional"/>
|
270
|
-
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
|
271
|
-
</extension>
|
272
|
-
</complexContent>
|
273
|
-
</complexType>
|
274
|
-
<element name="SessionIndex" type="string"/>
|
275
|
-
<element name="LogoutResponse" type="samlp:StatusResponseType"/>
|
276
|
-
<element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
|
277
|
-
<complexType name="NameIDMappingRequestType">
|
278
|
-
<complexContent>
|
279
|
-
<extension base="samlp:RequestAbstractType">
|
280
|
-
<sequence>
|
281
|
-
<choice>
|
282
|
-
<element ref="saml:BaseID"/>
|
283
|
-
<element ref="saml:NameID"/>
|
284
|
-
<element ref="saml:EncryptedID"/>
|
285
|
-
</choice>
|
286
|
-
<element ref="samlp:NameIDPolicy"/>
|
287
|
-
</sequence>
|
288
|
-
</extension>
|
289
|
-
</complexContent>
|
290
|
-
</complexType>
|
291
|
-
<element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
|
292
|
-
<complexType name="NameIDMappingResponseType">
|
293
|
-
<complexContent>
|
294
|
-
<extension base="samlp:StatusResponseType">
|
295
|
-
<choice>
|
296
|
-
<element ref="saml:NameID"/>
|
297
|
-
<element ref="saml:EncryptedID"/>
|
298
|
-
</choice>
|
299
|
-
</extension>
|
300
|
-
</complexContent>
|
301
|
-
</complexType>
|
302
|
-
</schema>
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
+
<schema
|
3
|
+
targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
|
4
|
+
xmlns="http://www.w3.org/2001/XMLSchema"
|
5
|
+
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
6
|
+
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
7
|
+
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
|
8
|
+
elementFormDefault="unqualified"
|
9
|
+
attributeFormDefault="unqualified"
|
10
|
+
blockDefault="substitution"
|
11
|
+
version="2.0">
|
12
|
+
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
|
13
|
+
schemaLocation="saml-schema-assertion-2.0.xsd"/>
|
14
|
+
<import namespace="http://www.w3.org/2000/09/xmldsig#"
|
15
|
+
schemaLocation="xmldsig-core-schema.xsd"/>
|
16
|
+
<annotation>
|
17
|
+
<documentation>
|
18
|
+
Document identifier: saml-schema-protocol-2.0
|
19
|
+
Location: http://docs.oasis-open.org/security/saml/v2.0/
|
20
|
+
Revision history:
|
21
|
+
V1.0 (November, 2002):
|
22
|
+
Initial Standard Schema.
|
23
|
+
V1.1 (September, 2003):
|
24
|
+
Updates within the same V1.0 namespace.
|
25
|
+
V2.0 (March, 2005):
|
26
|
+
New protocol schema based in a SAML V2.0 namespace.
|
27
|
+
</documentation>
|
28
|
+
</annotation>
|
29
|
+
<complexType name="RequestAbstractType" abstract="true">
|
30
|
+
<sequence>
|
31
|
+
<element ref="saml:Issuer" minOccurs="0"/>
|
32
|
+
<element ref="ds:Signature" minOccurs="0"/>
|
33
|
+
<element ref="samlp:Extensions" minOccurs="0"/>
|
34
|
+
</sequence>
|
35
|
+
<attribute name="ID" type="ID" use="required"/>
|
36
|
+
<attribute name="Version" type="string" use="required"/>
|
37
|
+
<attribute name="IssueInstant" type="dateTime" use="required"/>
|
38
|
+
<attribute name="Destination" type="anyURI" use="optional"/>
|
39
|
+
<attribute name="Consent" type="anyURI" use="optional"/>
|
40
|
+
</complexType>
|
41
|
+
<element name="Extensions" type="samlp:ExtensionsType"/>
|
42
|
+
<complexType name="ExtensionsType">
|
43
|
+
<sequence>
|
44
|
+
<any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
|
45
|
+
</sequence>
|
46
|
+
</complexType>
|
47
|
+
<complexType name="StatusResponseType">
|
48
|
+
<sequence>
|
49
|
+
<element ref="saml:Issuer" minOccurs="0"/>
|
50
|
+
<element ref="ds:Signature" minOccurs="0"/>
|
51
|
+
<element ref="samlp:Extensions" minOccurs="0"/>
|
52
|
+
<element ref="samlp:Status"/>
|
53
|
+
</sequence>
|
54
|
+
<attribute name="ID" type="ID" use="required"/>
|
55
|
+
<attribute name="InResponseTo" type="NCName" use="optional"/>
|
56
|
+
<attribute name="Version" type="string" use="required"/>
|
57
|
+
<attribute name="IssueInstant" type="dateTime" use="required"/>
|
58
|
+
<attribute name="Destination" type="anyURI" use="optional"/>
|
59
|
+
<attribute name="Consent" type="anyURI" use="optional"/>
|
60
|
+
</complexType>
|
61
|
+
<element name="Status" type="samlp:StatusType"/>
|
62
|
+
<complexType name="StatusType">
|
63
|
+
<sequence>
|
64
|
+
<element ref="samlp:StatusCode"/>
|
65
|
+
<element ref="samlp:StatusMessage" minOccurs="0"/>
|
66
|
+
<element ref="samlp:StatusDetail" minOccurs="0"/>
|
67
|
+
</sequence>
|
68
|
+
</complexType>
|
69
|
+
<element name="StatusCode" type="samlp:StatusCodeType"/>
|
70
|
+
<complexType name="StatusCodeType">
|
71
|
+
<sequence>
|
72
|
+
<element ref="samlp:StatusCode" minOccurs="0"/>
|
73
|
+
</sequence>
|
74
|
+
<attribute name="Value" type="anyURI" use="required"/>
|
75
|
+
</complexType>
|
76
|
+
<element name="StatusMessage" type="string"/>
|
77
|
+
<element name="StatusDetail" type="samlp:StatusDetailType"/>
|
78
|
+
<complexType name="StatusDetailType">
|
79
|
+
<sequence>
|
80
|
+
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
|
81
|
+
</sequence>
|
82
|
+
</complexType>
|
83
|
+
<element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
|
84
|
+
<complexType name="AssertionIDRequestType">
|
85
|
+
<complexContent>
|
86
|
+
<extension base="samlp:RequestAbstractType">
|
87
|
+
<sequence>
|
88
|
+
<element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
|
89
|
+
</sequence>
|
90
|
+
</extension>
|
91
|
+
</complexContent>
|
92
|
+
</complexType>
|
93
|
+
<element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
|
94
|
+
<complexType name="SubjectQueryAbstractType" abstract="true">
|
95
|
+
<complexContent>
|
96
|
+
<extension base="samlp:RequestAbstractType">
|
97
|
+
<sequence>
|
98
|
+
<element ref="saml:Subject"/>
|
99
|
+
</sequence>
|
100
|
+
</extension>
|
101
|
+
</complexContent>
|
102
|
+
</complexType>
|
103
|
+
<element name="AuthnQuery" type="samlp:AuthnQueryType"/>
|
104
|
+
<complexType name="AuthnQueryType">
|
105
|
+
<complexContent>
|
106
|
+
<extension base="samlp:SubjectQueryAbstractType">
|
107
|
+
<sequence>
|
108
|
+
<element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
|
109
|
+
</sequence>
|
110
|
+
<attribute name="SessionIndex" type="string" use="optional"/>
|
111
|
+
</extension>
|
112
|
+
</complexContent>
|
113
|
+
</complexType>
|
114
|
+
<element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
|
115
|
+
<complexType name="RequestedAuthnContextType">
|
116
|
+
<choice>
|
117
|
+
<element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
|
118
|
+
<element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
|
119
|
+
</choice>
|
120
|
+
<attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
|
121
|
+
</complexType>
|
122
|
+
<simpleType name="AuthnContextComparisonType">
|
123
|
+
<restriction base="string">
|
124
|
+
<enumeration value="exact"/>
|
125
|
+
<enumeration value="minimum"/>
|
126
|
+
<enumeration value="maximum"/>
|
127
|
+
<enumeration value="better"/>
|
128
|
+
</restriction>
|
129
|
+
</simpleType>
|
130
|
+
<element name="AttributeQuery" type="samlp:AttributeQueryType"/>
|
131
|
+
<complexType name="AttributeQueryType">
|
132
|
+
<complexContent>
|
133
|
+
<extension base="samlp:SubjectQueryAbstractType">
|
134
|
+
<sequence>
|
135
|
+
<element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
|
136
|
+
</sequence>
|
137
|
+
</extension>
|
138
|
+
</complexContent>
|
139
|
+
</complexType>
|
140
|
+
<element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
|
141
|
+
<complexType name="AuthzDecisionQueryType">
|
142
|
+
<complexContent>
|
143
|
+
<extension base="samlp:SubjectQueryAbstractType">
|
144
|
+
<sequence>
|
145
|
+
<element ref="saml:Action" maxOccurs="unbounded"/>
|
146
|
+
<element ref="saml:Evidence" minOccurs="0"/>
|
147
|
+
</sequence>
|
148
|
+
<attribute name="Resource" type="anyURI" use="required"/>
|
149
|
+
</extension>
|
150
|
+
</complexContent>
|
151
|
+
</complexType>
|
152
|
+
<element name="AuthnRequest" type="samlp:AuthnRequestType"/>
|
153
|
+
<complexType name="AuthnRequestType">
|
154
|
+
<complexContent>
|
155
|
+
<extension base="samlp:RequestAbstractType">
|
156
|
+
<sequence>
|
157
|
+
<element ref="saml:Subject" minOccurs="0"/>
|
158
|
+
<element ref="samlp:NameIDPolicy" minOccurs="0"/>
|
159
|
+
<element ref="saml:Conditions" minOccurs="0"/>
|
160
|
+
<element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
|
161
|
+
<element ref="samlp:Scoping" minOccurs="0"/>
|
162
|
+
</sequence>
|
163
|
+
<attribute name="ForceAuthn" type="boolean" use="optional"/>
|
164
|
+
<attribute name="IsPassive" type="boolean" use="optional"/>
|
165
|
+
<attribute name="ProtocolBinding" type="anyURI" use="optional"/>
|
166
|
+
<attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
|
167
|
+
<attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
|
168
|
+
<attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
|
169
|
+
<attribute name="ProviderName" type="string" use="optional"/>
|
170
|
+
</extension>
|
171
|
+
</complexContent>
|
172
|
+
</complexType>
|
173
|
+
<element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
|
174
|
+
<complexType name="NameIDPolicyType">
|
175
|
+
<attribute name="Format" type="anyURI" use="optional"/>
|
176
|
+
<attribute name="SPNameQualifier" type="string" use="optional"/>
|
177
|
+
<attribute name="AllowCreate" type="boolean" use="optional"/>
|
178
|
+
</complexType>
|
179
|
+
<element name="Scoping" type="samlp:ScopingType"/>
|
180
|
+
<complexType name="ScopingType">
|
181
|
+
<sequence>
|
182
|
+
<element ref="samlp:IDPList" minOccurs="0"/>
|
183
|
+
<element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
|
184
|
+
</sequence>
|
185
|
+
<attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
|
186
|
+
</complexType>
|
187
|
+
<element name="RequesterID" type="anyURI"/>
|
188
|
+
<element name="IDPList" type="samlp:IDPListType"/>
|
189
|
+
<complexType name="IDPListType">
|
190
|
+
<sequence>
|
191
|
+
<element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
|
192
|
+
<element ref="samlp:GetComplete" minOccurs="0"/>
|
193
|
+
</sequence>
|
194
|
+
</complexType>
|
195
|
+
<element name="IDPEntry" type="samlp:IDPEntryType"/>
|
196
|
+
<complexType name="IDPEntryType">
|
197
|
+
<attribute name="ProviderID" type="anyURI" use="required"/>
|
198
|
+
<attribute name="Name" type="string" use="optional"/>
|
199
|
+
<attribute name="Loc" type="anyURI" use="optional"/>
|
200
|
+
</complexType>
|
201
|
+
<element name="GetComplete" type="anyURI"/>
|
202
|
+
<element name="Response" type="samlp:ResponseType"/>
|
203
|
+
<complexType name="ResponseType">
|
204
|
+
<complexContent>
|
205
|
+
<extension base="samlp:StatusResponseType">
|
206
|
+
<choice minOccurs="0" maxOccurs="unbounded">
|
207
|
+
<element ref="saml:Assertion"/>
|
208
|
+
<element ref="saml:EncryptedAssertion"/>
|
209
|
+
</choice>
|
210
|
+
</extension>
|
211
|
+
</complexContent>
|
212
|
+
</complexType>
|
213
|
+
<element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
|
214
|
+
<complexType name="ArtifactResolveType">
|
215
|
+
<complexContent>
|
216
|
+
<extension base="samlp:RequestAbstractType">
|
217
|
+
<sequence>
|
218
|
+
<element ref="samlp:Artifact"/>
|
219
|
+
</sequence>
|
220
|
+
</extension>
|
221
|
+
</complexContent>
|
222
|
+
</complexType>
|
223
|
+
<element name="Artifact" type="string"/>
|
224
|
+
<element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
|
225
|
+
<complexType name="ArtifactResponseType">
|
226
|
+
<complexContent>
|
227
|
+
<extension base="samlp:StatusResponseType">
|
228
|
+
<sequence>
|
229
|
+
<any namespace="##any" processContents="lax" minOccurs="0"/>
|
230
|
+
</sequence>
|
231
|
+
</extension>
|
232
|
+
</complexContent>
|
233
|
+
</complexType>
|
234
|
+
<element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
|
235
|
+
<complexType name="ManageNameIDRequestType">
|
236
|
+
<complexContent>
|
237
|
+
<extension base="samlp:RequestAbstractType">
|
238
|
+
<sequence>
|
239
|
+
<choice>
|
240
|
+
<element ref="saml:NameID"/>
|
241
|
+
<element ref="saml:EncryptedID"/>
|
242
|
+
</choice>
|
243
|
+
<choice>
|
244
|
+
<element ref="samlp:NewID"/>
|
245
|
+
<element ref="samlp:NewEncryptedID"/>
|
246
|
+
<element ref="samlp:Terminate"/>
|
247
|
+
</choice>
|
248
|
+
</sequence>
|
249
|
+
</extension>
|
250
|
+
</complexContent>
|
251
|
+
</complexType>
|
252
|
+
<element name="NewID" type="string"/>
|
253
|
+
<element name="NewEncryptedID" type="saml:EncryptedElementType"/>
|
254
|
+
<element name="Terminate" type="samlp:TerminateType"/>
|
255
|
+
<complexType name="TerminateType"/>
|
256
|
+
<element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
|
257
|
+
<element name="LogoutRequest" type="samlp:LogoutRequestType"/>
|
258
|
+
<complexType name="LogoutRequestType">
|
259
|
+
<complexContent>
|
260
|
+
<extension base="samlp:RequestAbstractType">
|
261
|
+
<sequence>
|
262
|
+
<choice>
|
263
|
+
<element ref="saml:BaseID"/>
|
264
|
+
<element ref="saml:NameID"/>
|
265
|
+
<element ref="saml:EncryptedID"/>
|
266
|
+
</choice>
|
267
|
+
<element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
|
268
|
+
</sequence>
|
269
|
+
<attribute name="Reason" type="string" use="optional"/>
|
270
|
+
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
|
271
|
+
</extension>
|
272
|
+
</complexContent>
|
273
|
+
</complexType>
|
274
|
+
<element name="SessionIndex" type="string"/>
|
275
|
+
<element name="LogoutResponse" type="samlp:StatusResponseType"/>
|
276
|
+
<element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
|
277
|
+
<complexType name="NameIDMappingRequestType">
|
278
|
+
<complexContent>
|
279
|
+
<extension base="samlp:RequestAbstractType">
|
280
|
+
<sequence>
|
281
|
+
<choice>
|
282
|
+
<element ref="saml:BaseID"/>
|
283
|
+
<element ref="saml:NameID"/>
|
284
|
+
<element ref="saml:EncryptedID"/>
|
285
|
+
</choice>
|
286
|
+
<element ref="samlp:NameIDPolicy"/>
|
287
|
+
</sequence>
|
288
|
+
</extension>
|
289
|
+
</complexContent>
|
290
|
+
</complexType>
|
291
|
+
<element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
|
292
|
+
<complexType name="NameIDMappingResponseType">
|
293
|
+
<complexContent>
|
294
|
+
<extension base="samlp:StatusResponseType">
|
295
|
+
<choice>
|
296
|
+
<element ref="saml:NameID"/>
|
297
|
+
<element ref="saml:EncryptedID"/>
|
298
|
+
</choice>
|
299
|
+
</extension>
|
300
|
+
</complexContent>
|
301
|
+
</complexType>
|
302
|
+
</schema>
|