saml2 3.1.2 → 3.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Rakefile +6 -4
- data/exe/bulk_verify_responses +94 -0
- data/lib/saml2/assertion.rb +7 -7
- data/lib/saml2/attribute/x500.rb +31 -28
- data/lib/saml2/attribute.rb +53 -49
- data/lib/saml2/attribute_consuming_service.rb +29 -31
- data/lib/saml2/authn_request.rb +54 -47
- data/lib/saml2/authn_statement.rb +31 -20
- data/lib/saml2/base.rb +72 -63
- data/lib/saml2/bindings/http_post.rb +7 -7
- data/lib/saml2/bindings/http_redirect.rb +37 -33
- data/lib/saml2/bindings.rb +1 -1
- data/lib/saml2/conditions.rb +19 -16
- data/lib/saml2/contact.rb +19 -18
- data/lib/saml2/endpoint.rb +14 -11
- data/lib/saml2/entity.rb +27 -27
- data/lib/saml2/identity_provider.rb +13 -10
- data/lib/saml2/indexed_object.rb +15 -12
- data/lib/saml2/key.rb +43 -34
- data/lib/saml2/localized_name.rb +11 -10
- data/lib/saml2/logout_request.rb +8 -8
- data/lib/saml2/logout_response.rb +4 -4
- data/lib/saml2/message.rb +24 -20
- data/lib/saml2/name_id.rb +45 -41
- data/lib/saml2/namespaces.rb +8 -8
- data/lib/saml2/organization.rb +11 -10
- data/lib/saml2/organization_and_contacts.rb +5 -5
- data/lib/saml2/request.rb +3 -3
- data/lib/saml2/requested_authn_context.rb +4 -4
- data/lib/saml2/response.rb +45 -33
- data/lib/saml2/role.rb +11 -11
- data/lib/saml2/schemas.rb +13 -10
- data/lib/saml2/service_provider.rb +11 -12
- data/lib/saml2/signable.rb +23 -18
- data/lib/saml2/sso.rb +5 -5
- data/lib/saml2/status.rb +9 -7
- data/lib/saml2/status_response.rb +5 -5
- data/lib/saml2/subject.rb +28 -28
- data/lib/saml2/version.rb +1 -1
- data/lib/saml2.rb +7 -7
- metadata +78 -137
- data/schemas/MetadataExchange.xsd +0 -112
- data/schemas/metadata_combined.xsd +0 -13
- data/schemas/oasis-200401-wss-wssecurity-secext-1.0.xsd +0 -195
- data/schemas/oasis-200401-wss-wssecurity-utility-1.0.xsd +0 -108
- data/schemas/saml-schema-assertion-2.0.xsd +0 -283
- data/schemas/saml-schema-metadata-2.0.xsd +0 -339
- data/schemas/saml-schema-protocol-2.0.xsd +0 -302
- data/schemas/sstc-saml-metadata-ext-query.xsd +0 -66
- data/schemas/ws-addr.xsd +0 -137
- data/schemas/ws-authorization.xsd +0 -145
- data/schemas/ws-federation.xsd +0 -471
- data/schemas/ws-securitypolicy-1.2.xsd +0 -1205
- data/schemas/xenc-schema.xsd +0 -136
- data/schemas/xml.xsd +0 -287
- data/schemas/xmldsig-core-schema.xsd +0 -309
- data/spec/fixtures/FederationMetadata.xml +0 -670
- data/spec/fixtures/authnrequest.xml +0 -12
- data/spec/fixtures/certificate.pem +0 -24
- data/spec/fixtures/entities.xml +0 -13
- data/spec/fixtures/external-uri-reference-response.xml +0 -48
- data/spec/fixtures/identity_provider.xml +0 -46
- data/spec/fixtures/noconditions_response.xml +0 -1
- data/spec/fixtures/othercertificate.pem +0 -25
- data/spec/fixtures/privatekey.key +0 -27
- data/spec/fixtures/response_assertion_signed_reffed_from_response.xml +0 -6
- data/spec/fixtures/response_signed.xml +0 -46
- data/spec/fixtures/response_tampered_certificate.xml +0 -25
- data/spec/fixtures/response_tampered_signature.xml +0 -46
- data/spec/fixtures/response_with_attribute_signed.xml +0 -46
- data/spec/fixtures/response_with_encrypted_assertion.xml +0 -58
- data/spec/fixtures/response_with_rsa_key_value.xml +0 -1
- data/spec/fixtures/response_with_signed_assertion_and_encrypted_subject.xml +0 -116
- data/spec/fixtures/response_without_keyinfo.xml +0 -1
- data/spec/fixtures/service_provider.xml +0 -79
- data/spec/fixtures/test3-response.xml +0 -9
- data/spec/fixtures/test6-response.xml +0 -10
- data/spec/fixtures/test7-response.xml +0 -10
- data/spec/fixtures/xml_missigned_assertion.xml +0 -84
- data/spec/fixtures/xml_signature_wrapping_attack_duplicate_ids.xml +0 -11
- data/spec/fixtures/xml_signature_wrapping_attack_response_attributes.xml +0 -45
- data/spec/fixtures/xml_signature_wrapping_attack_response_nameid.xml +0 -44
- data/spec/fixtures/xslt-transform-response.xml +0 -57
- data/spec/lib/attribute_consuming_service_spec.rb +0 -129
- data/spec/lib/attribute_spec.rb +0 -149
- data/spec/lib/authn_request_spec.rb +0 -52
- data/spec/lib/bindings/http_redirect_spec.rb +0 -183
- data/spec/lib/conditions_spec.rb +0 -74
- data/spec/lib/entity_spec.rb +0 -58
- data/spec/lib/identity_provider_spec.rb +0 -43
- data/spec/lib/indexed_object_spec.rb +0 -71
- data/spec/lib/key_spec.rb +0 -23
- data/spec/lib/logout_request_spec.rb +0 -33
- data/spec/lib/logout_response_spec.rb +0 -33
- data/spec/lib/message_spec.rb +0 -23
- data/spec/lib/response_spec.rb +0 -293
- data/spec/lib/service_provider_spec.rb +0 -76
- data/spec/lib/signable_spec.rb +0 -15
- data/spec/spec_helper.rb +0 -8
data/schemas/ws-federation.xsd
DELETED
@@ -1,471 +0,0 @@
|
|
1
|
-
<?xml version="1.0" encoding="UTF-8" ?>
|
2
|
-
<!--
|
3
|
-
OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the
|
4
|
-
implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available;
|
5
|
-
neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS
|
6
|
-
specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made
|
7
|
-
available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users
|
8
|
-
of this specification, can be obtained from the OASIS Executive Director.
|
9
|
-
OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may
|
10
|
-
cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
|
11
|
-
Copyright © OASIS Open 2002-2007. All Rights Reserved.
|
12
|
-
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist
|
13
|
-
in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the
|
14
|
-
above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself does not be modified
|
15
|
-
in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications,
|
16
|
-
in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate
|
17
|
-
it into languages other than English.
|
18
|
-
The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
|
19
|
-
This document and the information contained herein is provided on an AS IS basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
|
20
|
-
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
21
|
-
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
22
|
-
-->
|
23
|
-
<xs:schema xmlns:xs='http://www.w3.org/2001/XMLSchema'
|
24
|
-
xmlns:sp='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
|
25
|
-
xmlns:tns='http://docs.oasis-open.org/wsfed/federation/200706'
|
26
|
-
xmlns:wsa='http://www.w3.org/2005/08/addressing'
|
27
|
-
xmlns:mex='http://schemas.xmlsoap.org/ws/2004/09/mex'
|
28
|
-
xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
|
29
|
-
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
|
30
|
-
xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata'
|
31
|
-
xmlns:auth='http://docs.oasis-open.org/wsfed/authorization/200706'
|
32
|
-
targetNamespace='http://docs.oasis-open.org/wsfed/federation/200706'
|
33
|
-
elementFormDefault='qualified' >
|
34
|
-
|
35
|
-
<xs:import namespace='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
|
36
|
-
schemaLocation='oasis-200401-wss-wssecurity-secext-1.0.xsd' />
|
37
|
-
<xs:import namespace='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
|
38
|
-
schemaLocation='oasis-200401-wss-wssecurity-utility-1.0.xsd' />
|
39
|
-
<xs:import namespace='http://www.w3.org/2005/08/addressing'
|
40
|
-
schemaLocation='ws-addr.xsd' />
|
41
|
-
<xs:import namespace='http://schemas.xmlsoap.org/ws/2004/09/mex'
|
42
|
-
schemaLocation='MetadataExchange.xsd' />
|
43
|
-
<xs:import namespace='urn:oasis:names:tc:SAML:2.0:metadata'
|
44
|
-
schemaLocation='saml-schema-metadata-2.0.xsd' />
|
45
|
-
<xs:import namespace='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
|
46
|
-
schemaLocation='ws-securitypolicy-1.2.xsd'/>
|
47
|
-
<xs:import namespace='http://docs.oasis-open.org/wsfed/authorization/200706'
|
48
|
-
schemaLocation='ws-authorization.xsd'/>
|
49
|
-
|
50
|
-
<!-- Section 3.1 -->
|
51
|
-
<!-- Note: Use of this root element is discouraged in favor of use of md:EntitiesDescriptor or md EntityDescriptor -->
|
52
|
-
<xs:element name='FederationMetadata' type='tns:FederationMetadataType' />
|
53
|
-
|
54
|
-
<xs:complexType name='FederationMetadataType' >
|
55
|
-
<xs:sequence>
|
56
|
-
<!--
|
57
|
-
*** Accurate content model is nondeterministic ***
|
58
|
-
<xs:element name='Federation' type='tns:FederationType' minOccurs='1' maxOccurs='unbounded' />
|
59
|
-
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
60
|
-
-->
|
61
|
-
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
62
|
-
</xs:sequence>
|
63
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
64
|
-
</xs:complexType>
|
65
|
-
|
66
|
-
<xs:complexType name='FederationType' >
|
67
|
-
<xs:sequence>
|
68
|
-
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
69
|
-
</xs:sequence>
|
70
|
-
<xs:attribute name='FederationID' type='xs:anyURI' />
|
71
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
72
|
-
</xs:complexType>
|
73
|
-
|
74
|
-
<!-- Section 3.1.2.1 -->
|
75
|
-
<xs:complexType name="WebServiceDescriptorType" abstract="true">
|
76
|
-
<xs:complexContent>
|
77
|
-
<xs:extension base="md:RoleDescriptorType">
|
78
|
-
<xs:sequence>
|
79
|
-
<xs:element ref="tns:LogicalServiceNamesOffered" minOccurs="0" maxOccurs="1" />
|
80
|
-
<xs:element ref="tns:TokenTypesOffered" minOccurs="0" maxOccurs="1" />
|
81
|
-
<xs:element ref="tns:ClaimDialectsOffered" minOccurs="0" maxOccurs="1" />
|
82
|
-
<xs:element ref="tns:ClaimTypesOffered" minOccurs="0" maxOccurs="1" />
|
83
|
-
<xs:element ref="tns:ClaimTypesRequested" minOccurs="0" maxOccurs="1" />
|
84
|
-
<xs:element ref="tns:AutomaticPseudonyms" minOccurs="0" maxOccurs="1"/>
|
85
|
-
<xs:element ref="tns:TargetScopes" minOccurs="0" maxOccurs="1"/>
|
86
|
-
</xs:sequence>
|
87
|
-
<xs:attribute name="ServiceDisplayName" type="xs:string" use="optional"/>
|
88
|
-
<xs:attribute name="ServiceDescription" type="xs:string" use="optional"/>
|
89
|
-
</xs:extension>
|
90
|
-
</xs:complexContent>
|
91
|
-
</xs:complexType>
|
92
|
-
|
93
|
-
<xs:element name='LogicalServiceNamesOffered' type='tns:LogicalServiceNamesOfferedType' />
|
94
|
-
<xs:element name='TokenTypesOffered' type='tns:TokenTypesOfferedType' />
|
95
|
-
<xs:element name='ClaimDialectsOffered' type='tns:ClaimDialectsOfferedType' />
|
96
|
-
<xs:element name='ClaimTypesOffered' type='tns:ClaimTypesOfferedType' />
|
97
|
-
<xs:element name='ClaimTypesRequested' type='tns:ClaimTypesRequestedType' />
|
98
|
-
<xs:element name="AutomaticPseudonyms" type="xs:boolean"/>
|
99
|
-
<xs:element name='TargetScopes' type='tns:EndpointType'/>
|
100
|
-
|
101
|
-
<!-- Section 3.1.2.2 -->
|
102
|
-
<xs:complexType name="SecurityTokenServiceType">
|
103
|
-
<xs:complexContent>
|
104
|
-
<xs:extension base="tns:WebServiceDescriptorType">
|
105
|
-
<xs:sequence>
|
106
|
-
<xs:element ref="tns:SecurityTokenServiceEndpoint" minOccurs="1" maxOccurs="unbounded"/>
|
107
|
-
<xs:element ref="tns:SingleSignOutSubscriptionEndpoint" minOccurs="0" maxOccurs="unbounded"/>
|
108
|
-
<xs:element ref="tns:SingleSignOutNotificationEndpoint" minOccurs="0" maxOccurs="unbounded"/>
|
109
|
-
<xs:element ref="tns:PassiveRequestorEndpoint" minOccurs="0" maxOccurs="unbounded"/>
|
110
|
-
</xs:sequence>
|
111
|
-
</xs:extension>
|
112
|
-
</xs:complexContent>
|
113
|
-
</xs:complexType>
|
114
|
-
<xs:element name="SecurityTokenServiceEndpoint" type="tns:EndpointType"/>
|
115
|
-
<xs:element name="SingleSignOutSubscriptionEndpoint" type="tns:EndpointType"/>
|
116
|
-
<xs:element name="SingleSignOutNotificationEndpoint" type="tns:EndpointType"/>
|
117
|
-
<xs:element name="PassiveRequestorEndpoint" type="tns:EndpointType"/>
|
118
|
-
|
119
|
-
<!-- Section 3.1.2.3 -->
|
120
|
-
<xs:complexType name="PseudonymServiceType">
|
121
|
-
<xs:complexContent>
|
122
|
-
<xs:extension base="tns:WebServiceDescriptorType">
|
123
|
-
<xs:sequence>
|
124
|
-
<xs:element ref="tns:PseudonymServiceEndpoint" minOccurs="1" maxOccurs="unbounded"/>
|
125
|
-
<xs:element ref="tns:SingleSignOutNotificationEndpoint" minOccurs="0" maxOccurs="unbounded"/>
|
126
|
-
</xs:sequence>
|
127
|
-
</xs:extension>
|
128
|
-
</xs:complexContent>
|
129
|
-
</xs:complexType>
|
130
|
-
|
131
|
-
<xs:element name="PseudonymServiceEndpoint" type="tns:EndpointType"/>
|
132
|
-
<!-- Defined above -->
|
133
|
-
<!-- <xs:element name="SingleSignOutNotificationEndpoint" type="tns:EndpointType"/> -->
|
134
|
-
|
135
|
-
<!-- Section 3.1.2.4 -->
|
136
|
-
<xs:complexType name="AttributeServiceType">
|
137
|
-
<xs:complexContent>
|
138
|
-
<xs:extension base="tns:WebServiceDescriptorType">
|
139
|
-
<xs:sequence>
|
140
|
-
<xs:element ref="tns:AttributeServiceEndpoint" minOccurs="1" maxOccurs="unbounded"/>
|
141
|
-
<xs:element ref="tns:SingleSignOutNotificationEndpoint" minOccurs="0" maxOccurs="unbounded"/>
|
142
|
-
</xs:sequence>
|
143
|
-
</xs:extension>
|
144
|
-
</xs:complexContent>
|
145
|
-
</xs:complexType>
|
146
|
-
<xs:element name="AttributeServiceEndpoint" type="tns:EndpointType"/>
|
147
|
-
<!-- Defined above -->
|
148
|
-
<!-- <xs:element name="SingleSignOutNotificationEndpoint" type="tns:EndpointType"/> -->
|
149
|
-
|
150
|
-
<!-- Section 3.1.2.5 -->
|
151
|
-
<xs:complexType name="ApplicationServiceType">
|
152
|
-
<xs:complexContent>
|
153
|
-
<xs:extension base="tns:WebServiceDescriptorType">
|
154
|
-
<xs:sequence>
|
155
|
-
<xs:element ref="tns:ApplicationServiceEndpoint" minOccurs="1" maxOccurs="unbounded"/>
|
156
|
-
<xs:element ref="tns:SingleSignOutNotificationEndpoint" minOccurs="0" maxOccurs="unbounded"/>
|
157
|
-
<xs:element ref="tns:PassiveRequestorEndpoint" minOccurs="0" maxOccurs="unbounded"/>
|
158
|
-
</xs:sequence>
|
159
|
-
</xs:extension>
|
160
|
-
</xs:complexContent>
|
161
|
-
</xs:complexType>
|
162
|
-
<xs:element name="ApplicationServiceEndpoint" type="tns:EndpointType"/>
|
163
|
-
<!-- Defined above -->
|
164
|
-
<!-- <xs:element name="SingleSignOutNotificationEndpoint" type="tns:EndpointType"/> -->
|
165
|
-
<!-- <xs:element name="PassiveRequestorEndpoint" type="tns:EndpointType"/> -->
|
166
|
-
|
167
|
-
|
168
|
-
<!-- Section 3.1.3 -->
|
169
|
-
<!-- Defined above -->
|
170
|
-
<!--<xs:element name='LogicalServiceNamesOffered' type='tns:LogicalServiceNamesOfferedType' />-->
|
171
|
-
|
172
|
-
<xs:complexType name='LogicalServiceNamesOfferedType' >
|
173
|
-
<xs:sequence>
|
174
|
-
<xs:element name='IssuerName' type='tns:IssuerNameType' minOccurs='1' maxOccurs='unbounded' />
|
175
|
-
</xs:sequence>
|
176
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
177
|
-
</xs:complexType>
|
178
|
-
|
179
|
-
<xs:complexType name='IssuerNameType' >
|
180
|
-
<xs:attribute name='Uri' type='xs:anyURI' use='required' />
|
181
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
182
|
-
</xs:complexType>
|
183
|
-
|
184
|
-
<!-- Section 3.1.4 -->
|
185
|
-
<xs:element name='PsuedonymServiceEndpoints' type='tns:EndpointType' />
|
186
|
-
<xs:complexType name='EndpointType' >
|
187
|
-
<xs:sequence>
|
188
|
-
<xs:element ref='wsa:EndpointReference' minOccurs='1' maxOccurs='unbounded'/>
|
189
|
-
</xs:sequence>
|
190
|
-
</xs:complexType>
|
191
|
-
|
192
|
-
<!-- Section 3.1.5 -->
|
193
|
-
<xs:element name='AttributeServiceEndpoints' type='tns:EndpointType' />
|
194
|
-
|
195
|
-
<!-- Section 3.1.6 -->
|
196
|
-
<xs:element name='SingleSignOutSubscriptionEndpoints' type='tns:EndpointType' />
|
197
|
-
|
198
|
-
<!-- Section 3.1.7 -->
|
199
|
-
<xs:element name='SingleSignOutNotificationEndpoints' type='tns:EndpointType' />
|
200
|
-
|
201
|
-
<!-- Section 3.1.8 -->
|
202
|
-
<!-- Defined above -->
|
203
|
-
<!--<xs:element name='TokenTypesOffered' type='tns:TokenTypesOfferedType' />-->
|
204
|
-
<xs:complexType name='TokenTypesOfferedType' >
|
205
|
-
<xs:sequence>
|
206
|
-
<xs:element name='TokenType' type='tns:TokenType' minOccurs='1' maxOccurs='unbounded' />
|
207
|
-
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
208
|
-
</xs:sequence>
|
209
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
210
|
-
</xs:complexType>
|
211
|
-
|
212
|
-
<xs:complexType name='TokenType' >
|
213
|
-
<xs:sequence>
|
214
|
-
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
215
|
-
</xs:sequence>
|
216
|
-
<xs:attribute name='Uri' type='xs:anyURI' />
|
217
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
218
|
-
</xs:complexType>
|
219
|
-
|
220
|
-
<!-- Section 3.1.9 -->
|
221
|
-
<!-- Defined above -->
|
222
|
-
<!-- <xs:element name='ClaimTypesOffered' type='tns:ClaimTypesOfferedType' /> -->
|
223
|
-
<xs:complexType name='ClaimTypesOfferedType'>
|
224
|
-
<xs:sequence>
|
225
|
-
<xs:element ref='auth:ClaimType' minOccurs='1' maxOccurs='unbounded' />
|
226
|
-
</xs:sequence>
|
227
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
228
|
-
</xs:complexType>
|
229
|
-
|
230
|
-
<!-- Section 3.1.10 -->
|
231
|
-
<!-- Defined above -->
|
232
|
-
<!-- <xs:element name='ClaimTypesRequested' ype='tns:ClaimTypesRequestedType' /> -->
|
233
|
-
<xs:complexType name='ClaimTypesRequestedType'>
|
234
|
-
<xs:sequence>
|
235
|
-
<xs:element ref='auth:ClaimType' minOccurs='1' maxOccurs='unbounded' />
|
236
|
-
</xs:sequence>
|
237
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
238
|
-
</xs:complexType>
|
239
|
-
|
240
|
-
<!-- Section 3.1.11 -->
|
241
|
-
<!-- Defined above -->
|
242
|
-
<!--<xs:element name='ClaimDialectsOffered' type='tns:ClaimDialectsOfferedType' />-->
|
243
|
-
<xs:complexType name='ClaimDialectsOfferedType'>
|
244
|
-
<xs:sequence>
|
245
|
-
<xs:element name='ClaimDialect' type='tns:ClaimDialectType' minOccurs='1' maxOccurs='unbounded' />
|
246
|
-
</xs:sequence>
|
247
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
248
|
-
</xs:complexType>
|
249
|
-
|
250
|
-
<xs:complexType name='ClaimDialectType' >
|
251
|
-
<xs:sequence>
|
252
|
-
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
253
|
-
</xs:sequence>
|
254
|
-
<xs:attribute name='Uri' type='xs:anyURI' />
|
255
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
256
|
-
</xs:complexType>
|
257
|
-
|
258
|
-
<!-- Section 3.1.12 -->
|
259
|
-
<!-- Defined above -->
|
260
|
-
<!-- <xs:element name='AutomaticPseudonyms' type='xs:boolean' /> -->
|
261
|
-
|
262
|
-
<!-- Section 3.1.13 -->
|
263
|
-
<xs:element name='PassiveRequestorEnpoints' type='tns:EndpointType'/>
|
264
|
-
|
265
|
-
<!-- Section 3.1.14 -->
|
266
|
-
<!-- Defined above -->
|
267
|
-
<!--<xs:element name='TargetScopes' type='tns:EndpointType'/>-->
|
268
|
-
|
269
|
-
<!-- Section 3.2.4 -->
|
270
|
-
<xs:element name='FederationMetadataHandler' type='tns:FederationMetadataHandlerType' />
|
271
|
-
<xs:complexType name='FederationMetadataHandlerType' >
|
272
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
273
|
-
</xs:complexType>
|
274
|
-
|
275
|
-
<!-- Section 4.1 -->
|
276
|
-
<xs:element name='SignOut' type='tns:SignOutType' />
|
277
|
-
<xs:complexType name='SignOutType' >
|
278
|
-
<xs:sequence>
|
279
|
-
<xs:element ref='tns:Realm' minOccurs='0' />
|
280
|
-
<xs:element name='SignOutBasis' type='tns:SignOutBasisType' minOccurs='1' maxOccurs='1' />
|
281
|
-
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
282
|
-
</xs:sequence>
|
283
|
-
<xs:attribute ref='wsu:Id' use='optional' />
|
284
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
285
|
-
</xs:complexType>
|
286
|
-
|
287
|
-
<xs:complexType name='SignOutBasisType' >
|
288
|
-
<xs:sequence>
|
289
|
-
<xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='unbounded' />
|
290
|
-
</xs:sequence>
|
291
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
292
|
-
</xs:complexType>
|
293
|
-
|
294
|
-
<!-- Section 4.2 -->
|
295
|
-
<xs:element name='Realm' type='xs:anyURI' />
|
296
|
-
|
297
|
-
<!-- Section 6.1 -->
|
298
|
-
<xs:element name='FilterPseudonyms' type='tns:FilterPseudonymsType' />
|
299
|
-
<xs:complexType name='FilterPseudonymsType' >
|
300
|
-
<xs:sequence>
|
301
|
-
<xs:element ref='tns:PseudonymBasis' minOccurs='0' maxOccurs='1' />
|
302
|
-
<xs:element ref='tns:RelativeTo' minOccurs='0' maxOccurs='1' />
|
303
|
-
<xs:any namespace='##other' minOccurs='0' maxOccurs='unbounded' />
|
304
|
-
</xs:sequence>
|
305
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
306
|
-
</xs:complexType>
|
307
|
-
|
308
|
-
<xs:element name='PseudonymBasis' type='tns:PseudonymBasisType' />
|
309
|
-
<xs:complexType name='PseudonymBasisType' >
|
310
|
-
<xs:sequence>
|
311
|
-
<xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='1' />
|
312
|
-
</xs:sequence>
|
313
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
314
|
-
</xs:complexType>
|
315
|
-
|
316
|
-
<xs:element name='RelativeTo' type='tns:RelativeToType' />
|
317
|
-
<xs:complexType name='RelativeToType' >
|
318
|
-
<xs:sequence>
|
319
|
-
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
320
|
-
</xs:sequence>
|
321
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
322
|
-
</xs:complexType>
|
323
|
-
|
324
|
-
<!-- Section 6.2 -->
|
325
|
-
<xs:element name='Pseudonym' type='tns:PseudonymType' />
|
326
|
-
|
327
|
-
<xs:complexType name='PseudonymType' >
|
328
|
-
<xs:sequence>
|
329
|
-
<!--
|
330
|
-
*** Accurate content model is nondeterministic ***
|
331
|
-
<xs:element ref='tns:PseudonymBasis' minOccurs='1' maxOccurs='1' />
|
332
|
-
<xs:element ref='tns:RelativeTo' minOccurs='1' maxOccurs='1' />
|
333
|
-
<xs:element ref='wsu:Expires' minOccurs='0' maxOccurs='1' />
|
334
|
-
<xs:element ref='tns:SecurityToken' minOccurs='0' maxOccurs='unbounded' />
|
335
|
-
<xs:element ref='tns:ProofToken' minOccurs='0' maxOccurs='unbounded' />
|
336
|
-
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
337
|
-
-->
|
338
|
-
|
339
|
-
<xs:element ref='tns:PseudonymBasis' minOccurs='1' maxOccurs='1' />
|
340
|
-
<xs:element ref='tns:RelativeTo' minOccurs='1' maxOccurs='1' />
|
341
|
-
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
342
|
-
</xs:sequence>
|
343
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
344
|
-
</xs:complexType>
|
345
|
-
|
346
|
-
<xs:element name='SecurityToken' type='tns:SecurityTokenType' />
|
347
|
-
<xs:complexType name='SecurityTokenType' >
|
348
|
-
<xs:sequence>
|
349
|
-
<xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='1' />
|
350
|
-
</xs:sequence>
|
351
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
352
|
-
</xs:complexType>
|
353
|
-
|
354
|
-
<xs:element name='ProofToken' type='tns:ProofTokenType' />
|
355
|
-
<xs:complexType name='ProofTokenType' >
|
356
|
-
<xs:sequence>
|
357
|
-
<xs:any namespace='##other' processContents='lax' minOccurs='1' maxOccurs='1' />
|
358
|
-
</xs:sequence>
|
359
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
360
|
-
</xs:complexType>
|
361
|
-
|
362
|
-
<!-- Section 7.1 -->
|
363
|
-
<xs:element name='RequestPseudonym' type='tns:RequestPseudonymType' />
|
364
|
-
<xs:complexType name='RequestPseudonymType' >
|
365
|
-
<xs:sequence>
|
366
|
-
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
367
|
-
</xs:sequence>
|
368
|
-
<xs:attribute name='SingleUse' type='xs:boolean' use='optional' />
|
369
|
-
<xs:attribute name='Lookup' type='xs:boolean' use='optional' />
|
370
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
371
|
-
</xs:complexType>
|
372
|
-
|
373
|
-
<!-- Section 8.1 -->
|
374
|
-
<xs:element name='ReferenceToken' type='tns:ReferenceTokenType' />
|
375
|
-
<xs:complexType name='ReferenceTokenType'>
|
376
|
-
<xs:sequence>
|
377
|
-
<xs:element name='ReferenceEPR' type='wsa:EndpointReferenceType' minOccurs='1' maxOccurs='unbounded' />
|
378
|
-
<xs:element name='ReferenceDigest' type='tns:ReferenceDigestType' minOccurs='0' maxOccurs='1' />
|
379
|
-
<xs:element name='ReferenceType' type='tns:AttributeExtensibleURI' minOccurs='0' maxOccurs='1' />
|
380
|
-
<xs:element name='SerialNo' type='tns:AttributeExtensibleURI' minOccurs='0' maxOccurs='1' />
|
381
|
-
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
382
|
-
</xs:sequence>
|
383
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
384
|
-
</xs:complexType>
|
385
|
-
|
386
|
-
<xs:complexType name='ReferenceDigestType' >
|
387
|
-
<xs:simpleContent>
|
388
|
-
<xs:extension base='xs:base64Binary' >
|
389
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
390
|
-
</xs:extension>
|
391
|
-
</xs:simpleContent>
|
392
|
-
</xs:complexType>
|
393
|
-
<xs:complexType name='AttributeExtensibleURI' >
|
394
|
-
<xs:simpleContent>
|
395
|
-
<xs:extension base='xs:anyURI' >
|
396
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
397
|
-
</xs:extension>
|
398
|
-
</xs:simpleContent>
|
399
|
-
</xs:complexType>
|
400
|
-
|
401
|
-
<!-- Section 8.2 -->
|
402
|
-
<xs:element name='FederationID' type='tns:AttributeExtensibleURI' />
|
403
|
-
|
404
|
-
<!-- Section 8.3 -->
|
405
|
-
<xs:element name='RequestProofToken' type='tns:RequestProofTokenType' />
|
406
|
-
<xs:complexType name='RequestProofTokenType' >
|
407
|
-
<xs:sequence>
|
408
|
-
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
409
|
-
</xs:sequence>
|
410
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
411
|
-
</xs:complexType>
|
412
|
-
|
413
|
-
<!-- Section 8.4 -->
|
414
|
-
<xs:element name='ClientPseudonym' type='tns:ClientPseudonymType' />
|
415
|
-
<xs:complexType name='ClientPseudonymType' >
|
416
|
-
<xs:sequence>
|
417
|
-
<xs:element name='PPID' type='tns:AttributeExtensibleString' minOccurs='0' />
|
418
|
-
<xs:element name='DisplayName' type='tns:AttributeExtensibleString' minOccurs='0' />
|
419
|
-
<xs:element name='EMail' type='tns:AttributeExtensibleString' minOccurs='0' />
|
420
|
-
<xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
421
|
-
</xs:sequence>
|
422
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
423
|
-
</xs:complexType>
|
424
|
-
|
425
|
-
<xs:complexType name='AttributeExtensibleString' >
|
426
|
-
<xs:simpleContent>
|
427
|
-
<xs:extension base='xs:string' >
|
428
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
429
|
-
</xs:extension>
|
430
|
-
</xs:simpleContent>
|
431
|
-
</xs:complexType>
|
432
|
-
|
433
|
-
<!-- Section 8.5 -->
|
434
|
-
<xs:element name='Freshness' type='tns:Freshness' />
|
435
|
-
<xs:complexType name='Freshness'>
|
436
|
-
<xs:simpleContent>
|
437
|
-
<xs:extension base='xs:unsignedInt' >
|
438
|
-
<xs:attribute name='AllowCache' type='xs:boolean' use='optional' />
|
439
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
440
|
-
</xs:extension>
|
441
|
-
</xs:simpleContent>
|
442
|
-
</xs:complexType>
|
443
|
-
|
444
|
-
<!-- Section 14.1 -->
|
445
|
-
<xs:element name='RequireReferenceToken' type='sp:TokenAssertionType' />
|
446
|
-
<xs:element name='ReferenceToken11' type='tns:AssertionType' />
|
447
|
-
|
448
|
-
<xs:complexType name='AssertionType' >
|
449
|
-
<xs:sequence>
|
450
|
-
<xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
|
451
|
-
</xs:sequence>
|
452
|
-
<xs:anyAttribute namespace='##other' processContents='lax' />
|
453
|
-
</xs:complexType>
|
454
|
-
|
455
|
-
<!-- Section 14.2 -->
|
456
|
-
<xs:element name='WebBinding' type='sp:NestedPolicyType' />
|
457
|
-
<xs:element name='AuthenticationToken' type='sp:NestedPolicyType' />
|
458
|
-
<!-- ReferenceToken defined above -->
|
459
|
-
<xs:element name='RequireSignedTokens' type='tns:AssertionType' />
|
460
|
-
<xs:element name='RequireBearerTokens' type='tns:AssertionType' />
|
461
|
-
<xs:element name='RequireSharedCookies' type='tns:AssertionType' />
|
462
|
-
|
463
|
-
|
464
|
-
<!-- Section 14.3 -->
|
465
|
-
<xs:element name='RequiresGenericClaimDialect' type='tns:AssertionType' />
|
466
|
-
<xs:element name='IssuesSpecificPolicyFault' type='tns:AssertionType' />
|
467
|
-
<xs:element name='AdditionalContextProcessed' type='tns:AssertionType' />
|
468
|
-
|
469
|
-
|
470
|
-
</xs:schema>
|
471
|
-
|