RubyGems - ruby-saml - Versions diffs - 0.8.18 → 0.9 - Mend

ruby-saml 0.8.18 → 0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/.travis.yml +1 -6
data/Gemfile +2 -12
data/README.md +363 -35
data/Rakefile +14 -0
data/changelog.md +22 -9
data/lib/onelogin/ruby-saml/attribute_service.rb +34 -0
data/lib/onelogin/ruby-saml/attributes.rb +26 -64
data/lib/onelogin/ruby-saml/authrequest.rb +47 -93
data/lib/onelogin/ruby-saml/idp_metadata_parser.rb +87 -0
data/lib/onelogin/ruby-saml/logoutrequest.rb +36 -100
data/lib/onelogin/ruby-saml/logoutresponse.rb +25 -35
data/lib/onelogin/ruby-saml/metadata.rb +46 -16
data/lib/onelogin/ruby-saml/response.rb +63 -373
data/lib/onelogin/ruby-saml/saml_message.rb +78 -0
data/lib/onelogin/ruby-saml/settings.rb +54 -122
data/lib/onelogin/ruby-saml/slo_logoutrequest.rb +25 -71
data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +37 -102
data/lib/onelogin/ruby-saml/utils.rb +32 -199
data/lib/onelogin/ruby-saml/version.rb +1 -1
data/lib/ruby-saml.rb +5 -2
data/lib/schemas/{saml20assertion_schema.xsd → saml-schema-assertion-2.0.xsd} +283 -283
data/lib/schemas/saml-schema-authn-context-2.0.xsd +23 -0
data/lib/schemas/saml-schema-authn-context-types-2.0.xsd +821 -0
data/lib/schemas/saml-schema-metadata-2.0.xsd +339 -0
data/lib/schemas/{saml20protocol_schema.xsd → saml-schema-protocol-2.0.xsd} +302 -302
data/lib/schemas/sstc-metadata-attr.xsd +35 -0
data/lib/schemas/sstc-saml-attribute-ext.xsd +25 -0
data/lib/schemas/sstc-saml-metadata-algsupport-v1.0.xsd +41 -0
data/lib/schemas/sstc-saml-metadata-ui-v1.0.xsd +89 -0
data/lib/schemas/{xenc_schema.xsd → xenc-schema.xsd} +1 -11
data/lib/schemas/xml.xsd +287 -0
data/lib/schemas/{xmldsig_schema.xsd → xmldsig-core-schema.xsd} +0 -9
data/lib/xml_security.rb +83 -235
data/ruby-saml.gemspec +1 -0
data/test/idp_metadata_parser_test.rb +54 -0
data/test/logoutrequest_test.rb +68 -155
data/test/logoutresponse_test.rb +43 -32
data/test/metadata_test.rb +87 -0
data/test/request_test.rb +102 -99
data/test/response_test.rb +181 -495
data/test/responses/idp_descriptor.xml +3 -0
data/test/responses/logoutresponse_fixtures.rb +7 -8
data/test/responses/response_no_cert_and_encrypted_attrs.xml +29 -0
data/test/responses/response_with_multiple_attribute_values.xml +1 -1
data/test/responses/slo_request.xml +4 -0
data/test/settings_test.rb +25 -112
data/test/slo_logoutrequest_test.rb +40 -50
data/test/slo_logoutresponse_test.rb +86 -185
data/test/test_helper.rb +27 -102
data/test/xml_security_test.rb +114 -337
metadata +30 -81
data/lib/onelogin/ruby-saml/setting_error.rb +0 -6
data/test/certificates/certificate.der +0 -0
data/test/certificates/formatted_certificate +0 -14
data/test/certificates/formatted_chained_certificate +0 -42
data/test/certificates/formatted_private_key +0 -12
data/test/certificates/formatted_rsa_private_key +0 -12
data/test/certificates/invalid_certificate1 +0 -1
data/test/certificates/invalid_certificate2 +0 -1
data/test/certificates/invalid_certificate3 +0 -12
data/test/certificates/invalid_chained_certificate1 +0 -1
data/test/certificates/invalid_private_key1 +0 -1
data/test/certificates/invalid_private_key2 +0 -1
data/test/certificates/invalid_private_key3 +0 -10
data/test/certificates/invalid_rsa_private_key1 +0 -1
data/test/certificates/invalid_rsa_private_key2 +0 -1
data/test/certificates/invalid_rsa_private_key3 +0 -10
data/test/certificates/ruby-saml-2.crt +0 -15
data/test/requests/logoutrequest_fixtures.rb +0 -47
data/test/responses/encrypted_new_attack.xml.base64 +0 -1
data/test/responses/invalids/invalid_issuer_assertion.xml.base64 +0 -1
data/test/responses/invalids/invalid_issuer_message.xml.base64 +0 -1
data/test/responses/invalids/multiple_signed.xml.base64 +0 -1
data/test/responses/invalids/no_signature.xml.base64 +0 -1
data/test/responses/invalids/response_with_concealed_signed_assertion.xml +0 -51
data/test/responses/invalids/response_with_doubled_signed_assertion.xml +0 -49
data/test/responses/invalids/signature_wrapping_attack.xml.base64 +0 -1
data/test/responses/response_node_text_attack.xml.base64 +0 -1
data/test/responses/response_with_concealed_signed_assertion.xml +0 -51
data/test/responses/response_with_doubled_signed_assertion.xml +0 -49
data/test/responses/response_with_multiple_attribute_statements.xml +0 -72
data/test/responses/response_with_signed_assertion_3.xml +0 -30
data/test/responses/response_with_signed_message_and_assertion.xml +0 -34
data/test/responses/response_with_undefined_recipient.xml.base64 +0 -1
data/test/responses/response_wrapped.xml.base64 +0 -150
data/test/responses/valid_response.xml.base64 +0 -1
data/test/responses/valid_response_without_x509certificate.xml.base64 +0 -1
data/test/utils_test.rb +0 -231

data/lib/schemas/{saml20protocol_schema.xsd → saml-schema-protocol-2.0.xsd} RENAMED Viewed

@@ -1,302 +1,302 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<schema
-    targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
-    xmlns="http://www.w3.org/2001/XMLSchema"
-    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
-    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
-    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
-    elementFormDefault="unqualified"
-    attributeFormDefault="unqualified"
-    blockDefault="substitution"
-    version="2.0">
-    <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
-        schemaLocation="saml20assertion_schema.xsd"/>
-    <import namespace="http://www.w3.org/2000/09/xmldsig#"
-        schemaLocation="xmldsig_schema.xsd"/>
-    <annotation>
-        <documentation>
-            Document identifier: saml-schema-protocol-2.0
-            Location: http://docs.oasis-open.org/security/saml/v2.0/
-            Revision history:
-            V1.0 (November, 2002):
-              Initial Standard Schema.
-            V1.1 (September, 2003):
-              Updates within the same V1.0 namespace.
-            V2.0 (March, 2005):
-              New protocol schema based in a SAML V2.0 namespace.
-     </documentation>
-    </annotation>
-    <complexType name="RequestAbstractType" abstract="true">
-        <sequence>
-            <element ref="saml:Issuer" minOccurs="0"/>
-            <element ref="ds:Signature" minOccurs="0"/>
-            <element ref="samlp:Extensions" minOccurs="0"/>
-        </sequence>
-        <attribute name="ID" type="ID" use="required"/>
-        <attribute name="Version" type="string" use="required"/>
-        <attribute name="IssueInstant" type="dateTime" use="required"/>
-        <attribute name="Destination" type="anyURI" use="optional"/>
-    	<attribute name="Consent" type="anyURI" use="optional"/>
-    </complexType>
-    <element name="Extensions" type="samlp:ExtensionsType"/>
-    <complexType name="ExtensionsType">
-        <sequence>
-            <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
-        </sequence>
-    </complexType>
-    <complexType name="StatusResponseType">
-    	<sequence>
-            <element ref="saml:Issuer" minOccurs="0"/>
-            <element ref="ds:Signature" minOccurs="0"/>
-            <element ref="samlp:Extensions" minOccurs="0"/>
-            <element ref="samlp:Status"/>
-    	</sequence>
-    	<attribute name="ID" type="ID" use="required"/>
-    	<attribute name="InResponseTo" type="NCName" use="optional"/>
-    	<attribute name="Version" type="string" use="required"/>
-    	<attribute name="IssueInstant" type="dateTime" use="required"/>
-    	<attribute name="Destination" type="anyURI" use="optional"/>
-    	<attribute name="Consent" type="anyURI" use="optional"/>
-    </complexType>
-    <element name="Status" type="samlp:StatusType"/>
-    <complexType name="StatusType">
-        <sequence>
-            <element ref="samlp:StatusCode"/>
-            <element ref="samlp:StatusMessage" minOccurs="0"/>
-            <element ref="samlp:StatusDetail" minOccurs="0"/>
-        </sequence>
-    </complexType>
-    <element name="StatusCode" type="samlp:StatusCodeType"/>
-    <complexType name="StatusCodeType">
-        <sequence>
-            <element ref="samlp:StatusCode" minOccurs="0"/>
-        </sequence>
-        <attribute name="Value" type="anyURI" use="required"/>
-    </complexType>
-    <element name="StatusMessage" type="string"/>
-    <element name="StatusDetail" type="samlp:StatusDetailType"/>
-    <complexType name="StatusDetailType">
-        <sequence>
-            <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-        </sequence>
-    </complexType>
-    <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
-    <complexType name="AssertionIDRequestType">
-    	<complexContent>
-            <extension base="samlp:RequestAbstractType">
-                <sequence>
-                    <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
-                </sequence>
-            </extension>
-    	</complexContent>
-    </complexType>
-    <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
-    <complexType name="SubjectQueryAbstractType" abstract="true">
-    	<complexContent>
-            <extension base="samlp:RequestAbstractType">
-                <sequence>
-                    <element ref="saml:Subject"/>
-                </sequence>
-            </extension>
-    	</complexContent>
-    </complexType>
-    <element name="AuthnQuery" type="samlp:AuthnQueryType"/>
-    <complexType name="AuthnQueryType">
-        <complexContent>
-            <extension base="samlp:SubjectQueryAbstractType">
-                <sequence>
-                    <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
-                </sequence>
-                <attribute name="SessionIndex" type="string" use="optional"/>
-            </extension>
-        </complexContent>
-    </complexType>
-    <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
-    <complexType name="RequestedAuthnContextType">
-        <choice>
-            <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
-            <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
-        </choice>
-        <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
-    </complexType>
-    <simpleType name="AuthnContextComparisonType">
-        <restriction base="string">
-            <enumeration value="exact"/>
-            <enumeration value="minimum"/>
-            <enumeration value="maximum"/>
-            <enumeration value="better"/>
-        </restriction>
-    </simpleType>
-    <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
-    <complexType name="AttributeQueryType">
-        <complexContent>
-            <extension base="samlp:SubjectQueryAbstractType">
-                <sequence>
-                    <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
-                </sequence>
-            </extension>
-        </complexContent>
-    </complexType>
-    <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
-    <complexType name="AuthzDecisionQueryType">
-        <complexContent>
-            <extension base="samlp:SubjectQueryAbstractType">
-                <sequence>
-                    <element ref="saml:Action" maxOccurs="unbounded"/>
-                    <element ref="saml:Evidence" minOccurs="0"/>
-                </sequence>
-                <attribute name="Resource" type="anyURI" use="required"/>
-            </extension>
-        </complexContent>
-    </complexType>
-    <element name="AuthnRequest" type="samlp:AuthnRequestType"/>
-    <complexType name="AuthnRequestType">
-        <complexContent>
-            <extension base="samlp:RequestAbstractType">
-                <sequence>
-                    <element ref="saml:Subject" minOccurs="0"/>
-                    <element ref="samlp:NameIDPolicy" minOccurs="0"/>
-                    <element ref="saml:Conditions" minOccurs="0"/>
-                    <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
-                    <element ref="samlp:Scoping" minOccurs="0"/>
-                </sequence>
-                <attribute name="ForceAuthn" type="boolean" use="optional"/>
-                <attribute name="IsPassive" type="boolean" use="optional"/>
-                <attribute name="ProtocolBinding" type="anyURI" use="optional"/>
-                <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
-                <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
-                <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
-                <attribute name="ProviderName" type="string" use="optional"/>
-            </extension>
-        </complexContent>
-    </complexType>
-    <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
-    <complexType name="NameIDPolicyType">
-        <attribute name="Format" type="anyURI" use="optional"/>
-        <attribute name="SPNameQualifier" type="string" use="optional"/>
-        <attribute name="AllowCreate" type="boolean" use="optional"/>
-    </complexType>
-    <element name="Scoping" type="samlp:ScopingType"/>
-    <complexType name="ScopingType">
-        <sequence>
-            <element ref="samlp:IDPList" minOccurs="0"/>
-            <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
-        </sequence>
-        <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
-    </complexType>
-    <element name="RequesterID" type="anyURI"/>
-    <element name="IDPList" type="samlp:IDPListType"/>
-    <complexType name="IDPListType">
-        <sequence>
-            <element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
-            <element ref="samlp:GetComplete" minOccurs="0"/>
-        </sequence>
-    </complexType>
-    <element name="IDPEntry" type="samlp:IDPEntryType"/>
-    <complexType name="IDPEntryType">
-        <attribute name="ProviderID" type="anyURI" use="required"/>
-        <attribute name="Name" type="string" use="optional"/>
-        <attribute name="Loc" type="anyURI" use="optional"/>
-    </complexType>
-    <element name="GetComplete" type="anyURI"/>
-    <element name="Response" type="samlp:ResponseType"/>
-    <complexType name="ResponseType">
-    	<complexContent>
-            <extension base="samlp:StatusResponseType">
-                <choice minOccurs="0" maxOccurs="unbounded">
-                    <element ref="saml:Assertion"/>
-                    <element ref="saml:EncryptedAssertion"/>
-                </choice>
-            </extension>
-    	</complexContent>
-    </complexType>
-    <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
-    <complexType name="ArtifactResolveType">
-    	<complexContent>
-            <extension base="samlp:RequestAbstractType">
-                <sequence>
-                    <element ref="samlp:Artifact"/>
-                </sequence>
-            </extension>
-    	</complexContent>
-    </complexType>
-    <element name="Artifact" type="string"/>
-    <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
-    <complexType name="ArtifactResponseType">
-    	<complexContent>
-            <extension base="samlp:StatusResponseType">
-                <sequence>
-                    <any namespace="##any" processContents="lax" minOccurs="0"/>
-                </sequence>
-            </extension>
-    	</complexContent>
-    </complexType>
-    <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
-    <complexType name="ManageNameIDRequestType">
-    	<complexContent>
-            <extension base="samlp:RequestAbstractType">
-                <sequence>
-                    <choice>
-                        <element ref="saml:NameID"/>
-                        <element ref="saml:EncryptedID"/>
-                    </choice>
-                    <choice>
-                        <element ref="samlp:NewID"/>
-                        <element ref="samlp:NewEncryptedID"/>
-                        <element ref="samlp:Terminate"/>
-                    </choice>
-                </sequence>
-            </extension>
-    	</complexContent>
-    </complexType>
-    <element name="NewID" type="string"/>
-    <element name="NewEncryptedID" type="saml:EncryptedElementType"/>
-    <element name="Terminate" type="samlp:TerminateType"/>
-    <complexType name="TerminateType"/>
-    <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
-    <element name="LogoutRequest" type="samlp:LogoutRequestType"/>
-    <complexType name="LogoutRequestType">
-        <complexContent>
-            <extension base="samlp:RequestAbstractType">
-                <sequence>
-                    <choice>
-                        <element ref="saml:BaseID"/>
-                        <element ref="saml:NameID"/>
-                        <element ref="saml:EncryptedID"/>
-                    </choice>
-                    <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
-                </sequence>
-                <attribute name="Reason" type="string" use="optional"/>
-                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
-            </extension>
-        </complexContent>
-    </complexType>
-    <element name="SessionIndex" type="string"/>
-    <element name="LogoutResponse" type="samlp:StatusResponseType"/>
-    <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
-    <complexType name="NameIDMappingRequestType">
-        <complexContent>
-            <extension base="samlp:RequestAbstractType">
-                <sequence>
-                    <choice>
-                        <element ref="saml:BaseID"/>
-                        <element ref="saml:NameID"/>
-                        <element ref="saml:EncryptedID"/>
-                    </choice>
-                    <element ref="samlp:NameIDPolicy"/>
-                </sequence>
-            </extension>
-        </complexContent>
-    </complexType>
-    <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
-    <complexType name="NameIDMappingResponseType">
-        <complexContent>
-            <extension base="samlp:StatusResponseType">
-                <choice>
-                    <element ref="saml:NameID"/>
-                    <element ref="saml:EncryptedID"/>
-                </choice>
-            </extension>
-        </complexContent>
-    </complexType>
-</schema>
+<?xml version="1.0" encoding="UTF-8"?>
+<schema
+    targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
+    xmlns="http://www.w3.org/2001/XMLSchema"
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+    elementFormDefault="unqualified"
+    attributeFormDefault="unqualified"
+    blockDefault="substitution"
+    version="2.0">
+    <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
+        schemaLocation="saml-schema-assertion-2.0.xsd"/>
+    <import namespace="http://www.w3.org/2000/09/xmldsig#"
+        schemaLocation="xmldsig-core-schema.xsd"/>
+    <annotation>
+        <documentation>
+            Document identifier: saml-schema-protocol-2.0
+            Location: http://docs.oasis-open.org/security/saml/v2.0/
+            Revision history:
+            V1.0 (November, 2002):
+              Initial Standard Schema.
+            V1.1 (September, 2003):
+              Updates within the same V1.0 namespace.
+            V2.0 (March, 2005):
+              New protocol schema based in a SAML V2.0 namespace.
+     </documentation>
+    </annotation>
+    <complexType name="RequestAbstractType" abstract="true">
+        <sequence>
+            <element ref="saml:Issuer" minOccurs="0"/>
+            <element ref="ds:Signature" minOccurs="0"/>
+            <element ref="samlp:Extensions" minOccurs="0"/>
+        </sequence>
+        <attribute name="ID" type="ID" use="required"/>
+        <attribute name="Version" type="string" use="required"/>
+        <attribute name="IssueInstant" type="dateTime" use="required"/>
+        <attribute name="Destination" type="anyURI" use="optional"/>
+    	<attribute name="Consent" type="anyURI" use="optional"/>
+    </complexType>
+    <element name="Extensions" type="samlp:ExtensionsType"/>
+    <complexType name="ExtensionsType">
+        <sequence>
+            <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
+        </sequence>
+    </complexType>
+    <complexType name="StatusResponseType">
+    	<sequence>
+            <element ref="saml:Issuer" minOccurs="0"/>
+            <element ref="ds:Signature" minOccurs="0"/>
+            <element ref="samlp:Extensions" minOccurs="0"/>
+            <element ref="samlp:Status"/>
+    	</sequence>
+    	<attribute name="ID" type="ID" use="required"/>
+    	<attribute name="InResponseTo" type="NCName" use="optional"/>
+    	<attribute name="Version" type="string" use="required"/>
+    	<attribute name="IssueInstant" type="dateTime" use="required"/>
+    	<attribute name="Destination" type="anyURI" use="optional"/>
+    	<attribute name="Consent" type="anyURI" use="optional"/>
+    </complexType>
+    <element name="Status" type="samlp:StatusType"/>
+    <complexType name="StatusType">
+        <sequence>
+            <element ref="samlp:StatusCode"/>
+            <element ref="samlp:StatusMessage" minOccurs="0"/>
+            <element ref="samlp:StatusDetail" minOccurs="0"/>
+        </sequence>
+    </complexType>
+    <element name="StatusCode" type="samlp:StatusCodeType"/>
+    <complexType name="StatusCodeType">
+        <sequence>
+            <element ref="samlp:StatusCode" minOccurs="0"/>
+        </sequence>
+        <attribute name="Value" type="anyURI" use="required"/>
+    </complexType>
+    <element name="StatusMessage" type="string"/>
+    <element name="StatusDetail" type="samlp:StatusDetailType"/>
+    <complexType name="StatusDetailType">
+        <sequence>
+            <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+    </complexType>
+    <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
+    <complexType name="AssertionIDRequestType">
+    	<complexContent>
+            <extension base="samlp:RequestAbstractType">
+                <sequence>
+                    <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+    	</complexContent>
+    </complexType>
+    <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
+    <complexType name="SubjectQueryAbstractType" abstract="true">
+    	<complexContent>
+            <extension base="samlp:RequestAbstractType">
+                <sequence>
+                    <element ref="saml:Subject"/>
+                </sequence>
+            </extension>
+    	</complexContent>
+    </complexType>
+    <element name="AuthnQuery" type="samlp:AuthnQueryType"/>
+    <complexType name="AuthnQueryType">
+        <complexContent>
+            <extension base="samlp:SubjectQueryAbstractType">
+                <sequence>
+                    <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
+                </sequence>
+                <attribute name="SessionIndex" type="string" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
+    <complexType name="RequestedAuthnContextType">
+        <choice>
+            <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
+            <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
+        </choice>
+        <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
+    </complexType>
+    <simpleType name="AuthnContextComparisonType">
+        <restriction base="string">
+            <enumeration value="exact"/>
+            <enumeration value="minimum"/>
+            <enumeration value="maximum"/>
+            <enumeration value="better"/>
+        </restriction>
+    </simpleType>
+    <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
+    <complexType name="AttributeQueryType">
+        <complexContent>
+            <extension base="samlp:SubjectQueryAbstractType">
+                <sequence>
+                    <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
+    <complexType name="AuthzDecisionQueryType">
+        <complexContent>
+            <extension base="samlp:SubjectQueryAbstractType">
+                <sequence>
+                    <element ref="saml:Action" maxOccurs="unbounded"/>
+                    <element ref="saml:Evidence" minOccurs="0"/>
+                </sequence>
+                <attribute name="Resource" type="anyURI" use="required"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="AuthnRequest" type="samlp:AuthnRequestType"/>
+    <complexType name="AuthnRequestType">
+        <complexContent>
+            <extension base="samlp:RequestAbstractType">
+                <sequence>
+                    <element ref="saml:Subject" minOccurs="0"/>
+                    <element ref="samlp:NameIDPolicy" minOccurs="0"/>
+                    <element ref="saml:Conditions" minOccurs="0"/>
+                    <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
+                    <element ref="samlp:Scoping" minOccurs="0"/>
+                </sequence>
+                <attribute name="ForceAuthn" type="boolean" use="optional"/>
+                <attribute name="IsPassive" type="boolean" use="optional"/>
+                <attribute name="ProtocolBinding" type="anyURI" use="optional"/>
+                <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
+                <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
+                <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
+                <attribute name="ProviderName" type="string" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
+    <complexType name="NameIDPolicyType">
+        <attribute name="Format" type="anyURI" use="optional"/>
+        <attribute name="SPNameQualifier" type="string" use="optional"/>
+        <attribute name="AllowCreate" type="boolean" use="optional"/>
+    </complexType>
+    <element name="Scoping" type="samlp:ScopingType"/>
+    <complexType name="ScopingType">
+        <sequence>
+            <element ref="samlp:IDPList" minOccurs="0"/>
+            <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
+    </complexType>
+    <element name="RequesterID" type="anyURI"/>
+    <element name="IDPList" type="samlp:IDPListType"/>
+    <complexType name="IDPListType">
+        <sequence>
+            <element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
+            <element ref="samlp:GetComplete" minOccurs="0"/>
+        </sequence>
+    </complexType>
+    <element name="IDPEntry" type="samlp:IDPEntryType"/>
+    <complexType name="IDPEntryType">
+        <attribute name="ProviderID" type="anyURI" use="required"/>
+        <attribute name="Name" type="string" use="optional"/>
+        <attribute name="Loc" type="anyURI" use="optional"/>
+    </complexType>
+    <element name="GetComplete" type="anyURI"/>
+    <element name="Response" type="samlp:ResponseType"/>
+    <complexType name="ResponseType">
+    	<complexContent>
+            <extension base="samlp:StatusResponseType">
+                <choice minOccurs="0" maxOccurs="unbounded">
+                    <element ref="saml:Assertion"/>
+                    <element ref="saml:EncryptedAssertion"/>
+                </choice>
+            </extension>
+    	</complexContent>
+    </complexType>
+    <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
+    <complexType name="ArtifactResolveType">
+    	<complexContent>
+            <extension base="samlp:RequestAbstractType">
+                <sequence>
+                    <element ref="samlp:Artifact"/>
+                </sequence>
+            </extension>
+    	</complexContent>
+    </complexType>
+    <element name="Artifact" type="string"/>
+    <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
+    <complexType name="ArtifactResponseType">
+    	<complexContent>
+            <extension base="samlp:StatusResponseType">
+                <sequence>
+                    <any namespace="##any" processContents="lax" minOccurs="0"/>
+                </sequence>
+            </extension>
+    	</complexContent>
+    </complexType>
+    <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
+    <complexType name="ManageNameIDRequestType">
+    	<complexContent>
+            <extension base="samlp:RequestAbstractType">
+                <sequence>
+                    <choice>
+                        <element ref="saml:NameID"/>
+                        <element ref="saml:EncryptedID"/>
+                    </choice>
+                    <choice>
+                        <element ref="samlp:NewID"/>
+                        <element ref="samlp:NewEncryptedID"/>
+                        <element ref="samlp:Terminate"/>
+                    </choice>
+                </sequence>
+            </extension>
+    	</complexContent>
+    </complexType>
+    <element name="NewID" type="string"/>
+    <element name="NewEncryptedID" type="saml:EncryptedElementType"/>
+    <element name="Terminate" type="samlp:TerminateType"/>
+    <complexType name="TerminateType"/>
+    <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
+    <element name="LogoutRequest" type="samlp:LogoutRequestType"/>
+    <complexType name="LogoutRequestType">
+        <complexContent>
+            <extension base="samlp:RequestAbstractType">
+                <sequence>
+                    <choice>
+                        <element ref="saml:BaseID"/>
+                        <element ref="saml:NameID"/>
+                        <element ref="saml:EncryptedID"/>
+                    </choice>
+                    <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+                <attribute name="Reason" type="string" use="optional"/>
+                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="SessionIndex" type="string"/>
+    <element name="LogoutResponse" type="samlp:StatusResponseType"/>
+    <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
+    <complexType name="NameIDMappingRequestType">
+        <complexContent>
+            <extension base="samlp:RequestAbstractType">
+                <sequence>
+                    <choice>
+                        <element ref="saml:BaseID"/>
+                        <element ref="saml:NameID"/>
+                        <element ref="saml:EncryptedID"/>
+                    </choice>
+                    <element ref="samlp:NameIDPolicy"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
+    <complexType name="NameIDMappingResponseType">
+        <complexContent>
+            <extension base="samlp:StatusResponseType">
+                <choice>
+                    <element ref="saml:NameID"/>
+                    <element ref="saml:EncryptedID"/>
+                </choice>
+            </extension>
+        </complexContent>
+    </complexType>
+</schema>