RubyGems - ruby-saml - Versions diffs - 0.8.18 → 0.9 - Mend

ruby-saml 0.8.18 → 0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/.travis.yml +1 -6
data/Gemfile +2 -12
data/README.md +363 -35
data/Rakefile +14 -0
data/changelog.md +22 -9
data/lib/onelogin/ruby-saml/attribute_service.rb +34 -0
data/lib/onelogin/ruby-saml/attributes.rb +26 -64
data/lib/onelogin/ruby-saml/authrequest.rb +47 -93
data/lib/onelogin/ruby-saml/idp_metadata_parser.rb +87 -0
data/lib/onelogin/ruby-saml/logoutrequest.rb +36 -100
data/lib/onelogin/ruby-saml/logoutresponse.rb +25 -35
data/lib/onelogin/ruby-saml/metadata.rb +46 -16
data/lib/onelogin/ruby-saml/response.rb +63 -373
data/lib/onelogin/ruby-saml/saml_message.rb +78 -0
data/lib/onelogin/ruby-saml/settings.rb +54 -122
data/lib/onelogin/ruby-saml/slo_logoutrequest.rb +25 -71
data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +37 -102
data/lib/onelogin/ruby-saml/utils.rb +32 -199
data/lib/onelogin/ruby-saml/version.rb +1 -1
data/lib/ruby-saml.rb +5 -2
data/lib/schemas/{saml20assertion_schema.xsd → saml-schema-assertion-2.0.xsd} +283 -283
data/lib/schemas/saml-schema-authn-context-2.0.xsd +23 -0
data/lib/schemas/saml-schema-authn-context-types-2.0.xsd +821 -0
data/lib/schemas/saml-schema-metadata-2.0.xsd +339 -0
data/lib/schemas/{saml20protocol_schema.xsd → saml-schema-protocol-2.0.xsd} +302 -302
data/lib/schemas/sstc-metadata-attr.xsd +35 -0
data/lib/schemas/sstc-saml-attribute-ext.xsd +25 -0
data/lib/schemas/sstc-saml-metadata-algsupport-v1.0.xsd +41 -0
data/lib/schemas/sstc-saml-metadata-ui-v1.0.xsd +89 -0
data/lib/schemas/{xenc_schema.xsd → xenc-schema.xsd} +1 -11
data/lib/schemas/xml.xsd +287 -0
data/lib/schemas/{xmldsig_schema.xsd → xmldsig-core-schema.xsd} +0 -9
data/lib/xml_security.rb +83 -235
data/ruby-saml.gemspec +1 -0
data/test/idp_metadata_parser_test.rb +54 -0
data/test/logoutrequest_test.rb +68 -155
data/test/logoutresponse_test.rb +43 -32
data/test/metadata_test.rb +87 -0
data/test/request_test.rb +102 -99
data/test/response_test.rb +181 -495
data/test/responses/idp_descriptor.xml +3 -0
data/test/responses/logoutresponse_fixtures.rb +7 -8
data/test/responses/response_no_cert_and_encrypted_attrs.xml +29 -0
data/test/responses/response_with_multiple_attribute_values.xml +1 -1
data/test/responses/slo_request.xml +4 -0
data/test/settings_test.rb +25 -112
data/test/slo_logoutrequest_test.rb +40 -50
data/test/slo_logoutresponse_test.rb +86 -185
data/test/test_helper.rb +27 -102
data/test/xml_security_test.rb +114 -337
metadata +30 -81
data/lib/onelogin/ruby-saml/setting_error.rb +0 -6
data/test/certificates/certificate.der +0 -0
data/test/certificates/formatted_certificate +0 -14
data/test/certificates/formatted_chained_certificate +0 -42
data/test/certificates/formatted_private_key +0 -12
data/test/certificates/formatted_rsa_private_key +0 -12
data/test/certificates/invalid_certificate1 +0 -1
data/test/certificates/invalid_certificate2 +0 -1
data/test/certificates/invalid_certificate3 +0 -12
data/test/certificates/invalid_chained_certificate1 +0 -1
data/test/certificates/invalid_private_key1 +0 -1
data/test/certificates/invalid_private_key2 +0 -1
data/test/certificates/invalid_private_key3 +0 -10
data/test/certificates/invalid_rsa_private_key1 +0 -1
data/test/certificates/invalid_rsa_private_key2 +0 -1
data/test/certificates/invalid_rsa_private_key3 +0 -10
data/test/certificates/ruby-saml-2.crt +0 -15
data/test/requests/logoutrequest_fixtures.rb +0 -47
data/test/responses/encrypted_new_attack.xml.base64 +0 -1
data/test/responses/invalids/invalid_issuer_assertion.xml.base64 +0 -1
data/test/responses/invalids/invalid_issuer_message.xml.base64 +0 -1
data/test/responses/invalids/multiple_signed.xml.base64 +0 -1
data/test/responses/invalids/no_signature.xml.base64 +0 -1
data/test/responses/invalids/response_with_concealed_signed_assertion.xml +0 -51
data/test/responses/invalids/response_with_doubled_signed_assertion.xml +0 -49
data/test/responses/invalids/signature_wrapping_attack.xml.base64 +0 -1
data/test/responses/response_node_text_attack.xml.base64 +0 -1
data/test/responses/response_with_concealed_signed_assertion.xml +0 -51
data/test/responses/response_with_doubled_signed_assertion.xml +0 -49
data/test/responses/response_with_multiple_attribute_statements.xml +0 -72
data/test/responses/response_with_signed_assertion_3.xml +0 -30
data/test/responses/response_with_signed_message_and_assertion.xml +0 -34
data/test/responses/response_with_undefined_recipient.xml.base64 +0 -1
data/test/responses/response_wrapped.xml.base64 +0 -150
data/test/responses/valid_response.xml.base64 +0 -1
data/test/responses/valid_response_without_x509certificate.xml.base64 +0 -1
data/test/utils_test.rb +0 -231

data/lib/schemas/{saml20assertion_schema.xsd → saml-schema-assertion-2.0.xsd} RENAMED Viewed

@@ -1,283 +1,283 @@
-<?xml version="1.0" encoding="US-ASCII"?>
-<schema
-    targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
-    xmlns="http://www.w3.org/2001/XMLSchema"
-    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
-    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
-    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
-    elementFormDefault="unqualified"
-    attributeFormDefault="unqualified"
-    blockDefault="substitution"
-    version="2.0">
-    <import namespace="http://www.w3.org/2000/09/xmldsig#"
-        schemaLocation="xmldsig_schema.xsd"/>
-    <import namespace="http://www.w3.org/2001/04/xmlenc#"
-        schemaLocation="xenc_schema.xsd"/>
-    <annotation>
-        <documentation>
-            Document identifier: saml-schema-assertion-2.0
-            Location: http://docs.oasis-open.org/security/saml/v2.0/
-            Revision history:
-            V1.0 (November, 2002):
-              Initial Standard Schema.
-            V1.1 (September, 2003):
-              Updates within the same V1.0 namespace.
-            V2.0 (March, 2005):
-              New assertion schema for SAML V2.0 namespace.
-        </documentation>
-    </annotation>
-    <attributeGroup name="IDNameQualifiers">
-        <attribute name="NameQualifier" type="string" use="optional"/>
-        <attribute name="SPNameQualifier" type="string" use="optional"/>
-    </attributeGroup>
-    <element name="BaseID" type="saml:BaseIDAbstractType"/>
-    <complexType name="BaseIDAbstractType" abstract="true">
-        <attributeGroup ref="saml:IDNameQualifiers"/>
-    </complexType>
-    <element name="NameID" type="saml:NameIDType"/>
-    <complexType name="NameIDType">
-        <simpleContent>
-            <extension base="string">
-                <attributeGroup ref="saml:IDNameQualifiers"/>
-                <attribute name="Format" type="anyURI" use="optional"/>
-                <attribute name="SPProvidedID" type="string" use="optional"/>
-            </extension>
-        </simpleContent>
-    </complexType>
-    <complexType name="EncryptedElementType">
-        <sequence>
-            <element ref="xenc:EncryptedData"/>
-            <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
-        </sequence>
-    </complexType>
-    <element name="EncryptedID" type="saml:EncryptedElementType"/>
-    <element name="Issuer" type="saml:NameIDType"/>
-    <element name="AssertionIDRef" type="NCName"/>
-    <element name="AssertionURIRef" type="anyURI"/>
-    <element name="Assertion" type="saml:AssertionType"/>
-    <complexType name="AssertionType">
-        <sequence>
-            <element ref="saml:Issuer"/>
-            <element ref="ds:Signature" minOccurs="0"/>
-            <element ref="saml:Subject" minOccurs="0"/>
-            <element ref="saml:Conditions" minOccurs="0"/>
-            <element ref="saml:Advice" minOccurs="0"/>
-            <choice minOccurs="0" maxOccurs="unbounded">
-                <element ref="saml:Statement"/>
-                <element ref="saml:AuthnStatement"/>
-                <element ref="saml:AuthzDecisionStatement"/>
-                <element ref="saml:AttributeStatement"/>
-            </choice>
-        </sequence>
-        <attribute name="Version" type="string" use="required"/>
-        <attribute name="ID" type="ID" use="required"/>
-        <attribute name="IssueInstant" type="dateTime" use="required"/>
-    </complexType>
-    <element name="Subject" type="saml:SubjectType"/>
-    <complexType name="SubjectType">
-        <choice>
-            <sequence>
-                <choice>
-                    <element ref="saml:BaseID"/>
-                    <element ref="saml:NameID"/>
-                    <element ref="saml:EncryptedID"/>
-                </choice>
-                <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
-            </sequence>
-            <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
-        </choice>
-    </complexType>
-    <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
-    <complexType name="SubjectConfirmationType">
-        <sequence>
-            <choice minOccurs="0">
-                <element ref="saml:BaseID"/>
-                <element ref="saml:NameID"/>
-                <element ref="saml:EncryptedID"/>
-            </choice>
-            <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
-        </sequence>
-        <attribute name="Method" type="anyURI" use="required"/>
-    </complexType>
-    <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
-    <complexType name="SubjectConfirmationDataType" mixed="true">
-        <complexContent>
-            <restriction base="anyType">
-                <sequence>
-                    <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-                </sequence>
-                <attribute name="NotBefore" type="dateTime" use="optional"/>
-                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
-                <attribute name="Recipient" type="anyURI" use="optional"/>
-                <attribute name="InResponseTo" type="NCName" use="optional"/>
-                <attribute name="Address" type="string" use="optional"/>
-                <anyAttribute namespace="##other" processContents="lax"/>
-            </restriction>
-        </complexContent>
-    </complexType>
-    <complexType name="KeyInfoConfirmationDataType" mixed="false">
-        <complexContent>
-            <restriction base="saml:SubjectConfirmationDataType">
-                <sequence>
-                    <element ref="ds:KeyInfo" maxOccurs="unbounded"/>
-                </sequence>
-            </restriction>
-        </complexContent>
-    </complexType>
-    <element name="Conditions" type="saml:ConditionsType"/>
-    <complexType name="ConditionsType">
-        <choice minOccurs="0" maxOccurs="unbounded">
-            <element ref="saml:Condition"/>
-            <element ref="saml:AudienceRestriction"/>
-            <element ref="saml:OneTimeUse"/>
-            <element ref="saml:ProxyRestriction"/>
-        </choice>
-        <attribute name="NotBefore" type="dateTime" use="optional"/>
-        <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
-    </complexType>
-    <element name="Condition" type="saml:ConditionAbstractType"/>
-    <complexType name="ConditionAbstractType" abstract="true"/>
-    <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
-    <complexType name="AudienceRestrictionType">
-        <complexContent>
-            <extension base="saml:ConditionAbstractType">
-                <sequence>
-                    <element ref="saml:Audience" maxOccurs="unbounded"/>
-                </sequence>
-            </extension>
-        </complexContent>
-    </complexType>
-    <element name="Audience" type="anyURI"/>
-    <element name="OneTimeUse" type="saml:OneTimeUseType" />
-    <complexType name="OneTimeUseType">
-        <complexContent>
-            <extension base="saml:ConditionAbstractType"/>
-        </complexContent>
-    </complexType>
-    <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
-    <complexType name="ProxyRestrictionType">
-    <complexContent>
-        <extension base="saml:ConditionAbstractType">
-            <sequence>
-                <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
-            </sequence>
-            <attribute name="Count" type="nonNegativeInteger" use="optional"/>
-        </extension>
-	</complexContent>
-    </complexType>
-    <element name="Advice" type="saml:AdviceType"/>
-    <complexType name="AdviceType">
-        <choice minOccurs="0" maxOccurs="unbounded">
-            <element ref="saml:AssertionIDRef"/>
-            <element ref="saml:AssertionURIRef"/>
-            <element ref="saml:Assertion"/>
-            <element ref="saml:EncryptedAssertion"/>
-            <any namespace="##other" processContents="lax"/>
-        </choice>
-    </complexType>
-    <element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
-    <element name="Statement" type="saml:StatementAbstractType"/>
-    <complexType name="StatementAbstractType" abstract="true"/>
-    <element name="AuthnStatement" type="saml:AuthnStatementType"/>
-    <complexType name="AuthnStatementType">
-        <complexContent>
-            <extension base="saml:StatementAbstractType">
-                <sequence>
-                    <element ref="saml:SubjectLocality" minOccurs="0"/>
-                    <element ref="saml:AuthnContext"/>
-                </sequence>
-                <attribute name="AuthnInstant" type="dateTime" use="required"/>
-                <attribute name="SessionIndex" type="string" use="optional"/>
-                <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
-            </extension>
-        </complexContent>
-    </complexType>
-    <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
-    <complexType name="SubjectLocalityType">
-        <attribute name="Address" type="string" use="optional"/>
-        <attribute name="DNSName" type="string" use="optional"/>
-    </complexType>
-    <element name="AuthnContext" type="saml:AuthnContextType"/>
-    <complexType name="AuthnContextType">
-        <sequence>
-            <choice>
-                <sequence>
-                    <element ref="saml:AuthnContextClassRef"/>
-                    <choice minOccurs="0">
-                        <element ref="saml:AuthnContextDecl"/>
-                        <element ref="saml:AuthnContextDeclRef"/>
-                    </choice>
-                </sequence>
-                <choice>
-                    <element ref="saml:AuthnContextDecl"/>
-                    <element ref="saml:AuthnContextDeclRef"/>
-                </choice>
-            </choice>
-            <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
-        </sequence>
-    </complexType>
-    <element name="AuthnContextClassRef" type="anyURI"/>
-    <element name="AuthnContextDeclRef" type="anyURI"/>
-    <element name="AuthnContextDecl" type="anyType"/>
-    <element name="AuthenticatingAuthority" type="anyURI"/>
-    <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
-    <complexType name="AuthzDecisionStatementType">
-        <complexContent>
-            <extension base="saml:StatementAbstractType">
-                <sequence>
-                    <element ref="saml:Action" maxOccurs="unbounded"/>
-                    <element ref="saml:Evidence" minOccurs="0"/>
-                </sequence>
-                <attribute name="Resource" type="anyURI" use="required"/>
-                <attribute name="Decision" type="saml:DecisionType" use="required"/>
-            </extension>
-        </complexContent>
-    </complexType>
-    <simpleType name="DecisionType">
-        <restriction base="string">
-            <enumeration value="Permit"/>
-            <enumeration value="Deny"/>
-            <enumeration value="Indeterminate"/>
-        </restriction>
-    </simpleType>
-    <element name="Action" type="saml:ActionType"/>
-    <complexType name="ActionType">
-        <simpleContent>
-            <extension base="string">
-                <attribute name="Namespace" type="anyURI" use="required"/>
-            </extension>
-        </simpleContent>
-    </complexType>
-    <element name="Evidence" type="saml:EvidenceType"/>
-    <complexType name="EvidenceType">
-        <choice maxOccurs="unbounded">
-            <element ref="saml:AssertionIDRef"/>
-            <element ref="saml:AssertionURIRef"/>
-            <element ref="saml:Assertion"/>
-            <element ref="saml:EncryptedAssertion"/>
-        </choice>
-    </complexType>
-    <element name="AttributeStatement" type="saml:AttributeStatementType"/>
-    <complexType name="AttributeStatementType">
-        <complexContent>
-            <extension base="saml:StatementAbstractType">
-                <choice maxOccurs="unbounded">
-                    <element ref="saml:Attribute"/>
-                    <element ref="saml:EncryptedAttribute"/>
-                </choice>
-            </extension>
-        </complexContent>
-    </complexType>
-    <element name="Attribute" type="saml:AttributeType"/>
-    <complexType name="AttributeType">
-        <sequence>
-            <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
-        </sequence>
-        <attribute name="Name" type="string" use="required"/>
-        <attribute name="NameFormat" type="anyURI" use="optional"/>
-        <attribute name="FriendlyName" type="string" use="optional"/>
-        <anyAttribute namespace="##other" processContents="lax"/>
-    </complexType>
-    <element name="AttributeValue" type="anyType" nillable="true"/>
-    <element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
-</schema>
+<?xml version="1.0" encoding="US-ASCII"?>
+<schema
+    targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns="http://www.w3.org/2001/XMLSchema"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+    elementFormDefault="unqualified"
+    attributeFormDefault="unqualified"
+    blockDefault="substitution"
+    version="2.0">
+    <import namespace="http://www.w3.org/2000/09/xmldsig#"
+        schemaLocation="xmldsig-core-schema.xsd"/>
+    <import namespace="http://www.w3.org/2001/04/xmlenc#"
+        schemaLocation="xenc-schema.xsd"/>
+    <annotation>
+        <documentation>
+            Document identifier: saml-schema-assertion-2.0
+            Location: http://docs.oasis-open.org/security/saml/v2.0/
+            Revision history:
+            V1.0 (November, 2002):
+              Initial Standard Schema.
+            V1.1 (September, 2003):
+              Updates within the same V1.0 namespace.
+            V2.0 (March, 2005):
+              New assertion schema for SAML V2.0 namespace.
+        </documentation>
+    </annotation>
+    <attributeGroup name="IDNameQualifiers">
+        <attribute name="NameQualifier" type="string" use="optional"/>
+        <attribute name="SPNameQualifier" type="string" use="optional"/>
+    </attributeGroup>
+    <element name="BaseID" type="saml:BaseIDAbstractType"/>
+    <complexType name="BaseIDAbstractType" abstract="true">
+        <attributeGroup ref="saml:IDNameQualifiers"/>
+    </complexType>
+    <element name="NameID" type="saml:NameIDType"/>
+    <complexType name="NameIDType">
+        <simpleContent>
+            <extension base="string">
+                <attributeGroup ref="saml:IDNameQualifiers"/>
+                <attribute name="Format" type="anyURI" use="optional"/>
+                <attribute name="SPProvidedID" type="string" use="optional"/>
+            </extension>
+        </simpleContent>
+    </complexType>
+    <complexType name="EncryptedElementType">
+        <sequence>
+            <element ref="xenc:EncryptedData"/>
+            <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+    </complexType>
+    <element name="EncryptedID" type="saml:EncryptedElementType"/>
+    <element name="Issuer" type="saml:NameIDType"/>
+    <element name="AssertionIDRef" type="NCName"/>
+    <element name="AssertionURIRef" type="anyURI"/>
+    <element name="Assertion" type="saml:AssertionType"/>
+    <complexType name="AssertionType">
+        <sequence>
+            <element ref="saml:Issuer"/>
+            <element ref="ds:Signature" minOccurs="0"/>
+            <element ref="saml:Subject" minOccurs="0"/>
+            <element ref="saml:Conditions" minOccurs="0"/>
+            <element ref="saml:Advice" minOccurs="0"/>
+            <choice minOccurs="0" maxOccurs="unbounded">
+                <element ref="saml:Statement"/>
+                <element ref="saml:AuthnStatement"/>
+                <element ref="saml:AuthzDecisionStatement"/>
+                <element ref="saml:AttributeStatement"/>
+            </choice>
+        </sequence>
+        <attribute name="Version" type="string" use="required"/>
+        <attribute name="ID" type="ID" use="required"/>
+        <attribute name="IssueInstant" type="dateTime" use="required"/>
+    </complexType>
+    <element name="Subject" type="saml:SubjectType"/>
+    <complexType name="SubjectType">
+        <choice>
+            <sequence>
+                <choice>
+                    <element ref="saml:BaseID"/>
+                    <element ref="saml:NameID"/>
+                    <element ref="saml:EncryptedID"/>
+                </choice>
+                <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
+            </sequence>
+            <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
+        </choice>
+    </complexType>
+    <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
+    <complexType name="SubjectConfirmationType">
+        <sequence>
+            <choice minOccurs="0">
+                <element ref="saml:BaseID"/>
+                <element ref="saml:NameID"/>
+                <element ref="saml:EncryptedID"/>
+            </choice>
+            <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
+        </sequence>
+        <attribute name="Method" type="anyURI" use="required"/>
+    </complexType>
+    <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
+    <complexType name="SubjectConfirmationDataType" mixed="true">
+        <complexContent>
+            <restriction base="anyType">
+                <sequence>
+                    <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+                <attribute name="NotBefore" type="dateTime" use="optional"/>
+                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+                <attribute name="Recipient" type="anyURI" use="optional"/>
+                <attribute name="InResponseTo" type="NCName" use="optional"/>
+                <attribute name="Address" type="string" use="optional"/>
+                <anyAttribute namespace="##other" processContents="lax"/>
+            </restriction>
+        </complexContent>
+    </complexType>
+    <complexType name="KeyInfoConfirmationDataType" mixed="false">
+        <complexContent>
+            <restriction base="saml:SubjectConfirmationDataType">
+                <sequence>
+                    <element ref="ds:KeyInfo" maxOccurs="unbounded"/>
+                </sequence>
+            </restriction>
+        </complexContent>
+    </complexType>
+    <element name="Conditions" type="saml:ConditionsType"/>
+    <complexType name="ConditionsType">
+        <choice minOccurs="0" maxOccurs="unbounded">
+            <element ref="saml:Condition"/>
+            <element ref="saml:AudienceRestriction"/>
+            <element ref="saml:OneTimeUse"/>
+            <element ref="saml:ProxyRestriction"/>
+        </choice>
+        <attribute name="NotBefore" type="dateTime" use="optional"/>
+        <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+    </complexType>
+    <element name="Condition" type="saml:ConditionAbstractType"/>
+    <complexType name="ConditionAbstractType" abstract="true"/>
+    <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
+    <complexType name="AudienceRestrictionType">
+        <complexContent>
+            <extension base="saml:ConditionAbstractType">
+                <sequence>
+                    <element ref="saml:Audience" maxOccurs="unbounded"/>
+                </sequence>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="Audience" type="anyURI"/>
+    <element name="OneTimeUse" type="saml:OneTimeUseType" />
+    <complexType name="OneTimeUseType">
+        <complexContent>
+            <extension base="saml:ConditionAbstractType"/>
+        </complexContent>
+    </complexType>
+    <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
+    <complexType name="ProxyRestrictionType">
+    <complexContent>
+        <extension base="saml:ConditionAbstractType">
+            <sequence>
+                <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
+            </sequence>
+            <attribute name="Count" type="nonNegativeInteger" use="optional"/>
+        </extension>
+	</complexContent>
+    </complexType>
+    <element name="Advice" type="saml:AdviceType"/>
+    <complexType name="AdviceType">
+        <choice minOccurs="0" maxOccurs="unbounded">
+            <element ref="saml:AssertionIDRef"/>
+            <element ref="saml:AssertionURIRef"/>
+            <element ref="saml:Assertion"/>
+            <element ref="saml:EncryptedAssertion"/>
+            <any namespace="##other" processContents="lax"/>
+        </choice>
+    </complexType>
+    <element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
+    <element name="Statement" type="saml:StatementAbstractType"/>
+    <complexType name="StatementAbstractType" abstract="true"/>
+    <element name="AuthnStatement" type="saml:AuthnStatementType"/>
+    <complexType name="AuthnStatementType">
+        <complexContent>
+            <extension base="saml:StatementAbstractType">
+                <sequence>
+                    <element ref="saml:SubjectLocality" minOccurs="0"/>
+                    <element ref="saml:AuthnContext"/>
+                </sequence>
+                <attribute name="AuthnInstant" type="dateTime" use="required"/>
+                <attribute name="SessionIndex" type="string" use="optional"/>
+                <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
+    <complexType name="SubjectLocalityType">
+        <attribute name="Address" type="string" use="optional"/>
+        <attribute name="DNSName" type="string" use="optional"/>
+    </complexType>
+    <element name="AuthnContext" type="saml:AuthnContextType"/>
+    <complexType name="AuthnContextType">
+        <sequence>
+            <choice>
+                <sequence>
+                    <element ref="saml:AuthnContextClassRef"/>
+                    <choice minOccurs="0">
+                        <element ref="saml:AuthnContextDecl"/>
+                        <element ref="saml:AuthnContextDeclRef"/>
+                    </choice>
+                </sequence>
+                <choice>
+                    <element ref="saml:AuthnContextDecl"/>
+                    <element ref="saml:AuthnContextDeclRef"/>
+                </choice>
+            </choice>
+            <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+    </complexType>
+    <element name="AuthnContextClassRef" type="anyURI"/>
+    <element name="AuthnContextDeclRef" type="anyURI"/>
+    <element name="AuthnContextDecl" type="anyType"/>
+    <element name="AuthenticatingAuthority" type="anyURI"/>
+    <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
+    <complexType name="AuthzDecisionStatementType">
+        <complexContent>
+            <extension base="saml:StatementAbstractType">
+                <sequence>
+                    <element ref="saml:Action" maxOccurs="unbounded"/>
+                    <element ref="saml:Evidence" minOccurs="0"/>
+                </sequence>
+                <attribute name="Resource" type="anyURI" use="required"/>
+                <attribute name="Decision" type="saml:DecisionType" use="required"/>
+            </extension>
+        </complexContent>
+    </complexType>
+    <simpleType name="DecisionType">
+        <restriction base="string">
+            <enumeration value="Permit"/>
+            <enumeration value="Deny"/>
+            <enumeration value="Indeterminate"/>
+        </restriction>
+    </simpleType>
+    <element name="Action" type="saml:ActionType"/>
+    <complexType name="ActionType">
+        <simpleContent>
+            <extension base="string">
+                <attribute name="Namespace" type="anyURI" use="required"/>
+            </extension>
+        </simpleContent>
+    </complexType>
+    <element name="Evidence" type="saml:EvidenceType"/>
+    <complexType name="EvidenceType">
+        <choice maxOccurs="unbounded">
+            <element ref="saml:AssertionIDRef"/>
+            <element ref="saml:AssertionURIRef"/>
+            <element ref="saml:Assertion"/>
+            <element ref="saml:EncryptedAssertion"/>
+        </choice>
+    </complexType>
+    <element name="AttributeStatement" type="saml:AttributeStatementType"/>
+    <complexType name="AttributeStatementType">
+        <complexContent>
+            <extension base="saml:StatementAbstractType">
+                <choice maxOccurs="unbounded">
+                    <element ref="saml:Attribute"/>
+                    <element ref="saml:EncryptedAttribute"/>
+                </choice>
+            </extension>
+        </complexContent>
+    </complexType>
+    <element name="Attribute" type="saml:AttributeType"/>
+    <complexType name="AttributeType">
+        <sequence>
+            <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
+        </sequence>
+        <attribute name="Name" type="string" use="required"/>
+        <attribute name="NameFormat" type="anyURI" use="optional"/>
+        <attribute name="FriendlyName" type="string" use="optional"/>
+        <anyAttribute namespace="##other" processContents="lax"/>
+    </complexType>
+    <element name="AttributeValue" type="anyType" nillable="true"/>
+    <element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
+</schema>

data/lib/schemas/saml-schema-authn-context-2.0.xsd ADDED Viewed

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema
+  targetNamespace="urn:oasis:names:tc:SAML:2.0:ac"
+  xmlns:xs="http://www.w3.org/2001/XMLSchema"
+  xmlns="urn:oasis:names:tc:SAML:2.0:ac"
+  blockDefault="substitution"
+  version="2.0">
+  <xs:annotation>
+    <xs:documentation>
+      Document identifier: saml-schema-authn-context-2.0
+      Location: http://docs.oasis-open.org/security/saml/v2.0/
+      Revision history:
+        V2.0 (March, 2005):
+          New core authentication context schema for SAML V2.0.
+          This is just an include of all types from the schema
+          referred to in the include statement below.
+    </xs:documentation>
+  </xs:annotation>
+  <xs:include schemaLocation="saml-schema-authn-context-types-2.0.xsd"/>
+</xs:schema>