saml_tools 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (44) hide show
  1. checksums.yaml +15 -0
  2. data/LICENSE +24 -0
  3. data/README.rdoc +65 -0
  4. data/Rakefile +28 -0
  5. data/lib/saml_tool.rb +23 -0
  6. data/lib/saml_tool/certificate.rb +27 -0
  7. data/lib/saml_tool/decoder.rb +35 -0
  8. data/lib/saml_tool/encoder.rb +31 -0
  9. data/lib/saml_tool/erb_builder.rb +33 -0
  10. data/lib/saml_tool/reader.rb +40 -0
  11. data/lib/saml_tool/redirect.rb +45 -0
  12. data/lib/saml_tool/response_reader.rb +148 -0
  13. data/lib/saml_tool/rsa_key.rb +13 -0
  14. data/lib/saml_tool/saml.rb +30 -0
  15. data/lib/saml_tool/settings.rb +24 -0
  16. data/lib/saml_tool/validator.rb +40 -0
  17. data/lib/saml_tool/version.rb +8 -0
  18. data/lib/saml_tools.rb +1 -0
  19. data/lib/schema/localised-saml-schema-assertion-2.0.xsd +292 -0
  20. data/lib/schema/localised-saml-schema-protocol-2.0.xsd +309 -0
  21. data/lib/schema/localised-xenc-schema.xsd +151 -0
  22. data/lib/schema/xmldsig-core-schema.xsd +318 -0
  23. data/test/files/TEST_FILES.rdoc +22 -0
  24. data/test/files/cacert.pem +21 -0
  25. data/test/files/open_saml_response.xml +56 -0
  26. data/test/files/request.saml.erb +28 -0
  27. data/test/files/response.xml +94 -0
  28. data/test/files/response_template.xml +63 -0
  29. data/test/files/usercert.p12 +0 -0
  30. data/test/files/userkey.pem +18 -0
  31. data/test/files/valid_saml_request.xml +13 -0
  32. data/test/test_helper.rb +51 -0
  33. data/test/units/saml_tool/certificate_test.rb +30 -0
  34. data/test/units/saml_tool/decoder_test.rb +36 -0
  35. data/test/units/saml_tool/encoder_test.rb +38 -0
  36. data/test/units/saml_tool/erb_builder_test.rb +50 -0
  37. data/test/units/saml_tool/reader_test.rb +104 -0
  38. data/test/units/saml_tool/redirect_test.rb +70 -0
  39. data/test/units/saml_tool/response_reader_test.rb +144 -0
  40. data/test/units/saml_tool/rsa_key_test.rb +21 -0
  41. data/test/units/saml_tool/saml_test.rb +21 -0
  42. data/test/units/saml_tool/settings_test.rb +36 -0
  43. data/test/units/saml_tool/validator_test.rb +16 -0
  44. metadata +168 -0
data/lib/saml_tool/rsa_key.rb ADDED
@@ -0,0 +1,13 @@
1
+
2
+ module SamlTool
3
+ class RsaKey < OpenSSL::PKey::RSA
4
+
5
+ def modulus
6
+ Base64.encode64(n.to_s(2))
7
+ end
8
+
9
+ def exponent
10
+ Base64.encode64(e.to_s(2))
11
+ end
12
+ end
13
+ end
data/lib/saml_tool/saml.rb ADDED
@@ -0,0 +1,30 @@
1
+ module SamlTool
2
+
3
+ class << self
4
+ # Parse XML. Convenience method for Nokogiri::XML::Document.parse
5
+ # but defaults to strict mode
6
+ def SAML thing, url = nil, encoding = nil, options = SAML::ParseOptions::DEFAULT_SAML, &block
7
+ SAML::Document.parse(thing, url, encoding, options, &block)
8
+ end
9
+ end
10
+
11
+ # A wrapper for Nokogiri::XML, that applies defaults that are appropriate for SAML
12
+ module SAML
13
+
14
+ class ParseOptions < Nokogiri::XML::ParseOptions
15
+ DEFAULT_SAML = STRICT
16
+ end
17
+
18
+ class Document < Nokogiri::XML::Document
19
+ def self.parse string_or_io, url = nil, encoding = nil, options = ParseOptions::DEFAULT_SAML, &block
20
+ super
21
+ end
22
+ end
23
+
24
+ # Parse XML. Convenience method for Nokogiri::XML::Document.parse
25
+ def self.parse thing, url = nil, encoding = nil, options = ParseOptions::DEFAULT_SAML, &block
26
+ Document.parse(thing, url, encoding, options, &block)
27
+ end
28
+
29
+ end
30
+ end
data/lib/saml_tool/settings.rb ADDED
@@ -0,0 +1,24 @@
1
+ require 'securerandom'
2
+ require 'time'
3
+ module SamlTool
4
+ class Settings < Hashie::Mash
5
+
6
+ def uuid
7
+ fetch :uuid, auto_uuid
8
+ end
9
+
10
+ def issue_instance
11
+ fetch :issue_instance, auto_issue_instance
12
+ end
13
+
14
+ private
15
+ def auto_uuid
16
+ @auto_uuid ||= ('_' + SecureRandom.uuid)
17
+ end
18
+
19
+ def auto_issue_instance
20
+ @auto_issue_instance ||= Time.now.utc.iso8601
21
+ end
22
+
23
+ end
24
+ end
data/lib/saml_tool/validator.rb ADDED
@@ -0,0 +1,40 @@
1
+ module SamlTool
2
+ class Validator
3
+ attr_reader :saml
4
+ def initialize(saml)
5
+ @saml = saml
6
+ end
7
+
8
+ def valid?
9
+ validate
10
+ errors.empty?
11
+ end
12
+
13
+ def errors
14
+ @errors ||= []
15
+ end
16
+
17
+ #
18
+ def validate
19
+ # Need to load schema with other schemas in path
20
+ # see http://ktulu.com.ar/blog/2011/06/26/resolving-validation-errors-using-nokogiri-and-schemas/
21
+ Dir.chdir(schema_path) do
22
+ schema = Nokogiri::XML::Schema(File.read('localised-saml-schema-protocol-2.0.xsd'))
23
+
24
+ schema.validate(saml_document).each do |error|
25
+ errors << error.message unless errors.include? error.message
26
+ end
27
+ end
28
+ end
29
+
30
+ def schema_path
31
+ File.expand_path('../schema/', File.dirname(__FILE__))
32
+ end
33
+
34
+ def saml_document
35
+ @saml_document ||= Nokogiri::XML(saml)
36
+ end
37
+
38
+
39
+ end
40
+ end
data/lib/saml_tool/version.rb ADDED
@@ -0,0 +1,8 @@
1
+ module SamlTool
2
+ VERSION = '0.0.1'
3
+ end
4
+
5
+ # History
6
+ # =======
7
+ #
8
+ # 0.0.1 - First build
data/lib/saml_tools.rb ADDED
@@ -0,0 +1 @@
1
+ require_relative 'saml_tool'
data/lib/schema/localised-saml-schema-assertion-2.0.xsd ADDED
@@ -0,0 +1,292 @@
1
+ <?xml version="1.0" encoding="US-ASCII"?>
2
+ <!-- This file has been modified so that import elements point at local uris -->
3
+ <schema
4
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
5
+ xmlns="http://www.w3.org/2001/XMLSchema"
6
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
7
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
8
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
9
+ elementFormDefault="unqualified"
10
+ attributeFormDefault="unqualified"
11
+ blockDefault="substitution"
12
+ version="2.0">
13
+ <!-- original
14
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"
15
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
16
+ <import namespace="http://www.w3.org/2001/04/xmlenc#"
17
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
18
+ -->
19
+
20
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"
21
+ schemaLocation="xmldsig-core-schema.xsd"/><!-- localised version -->
22
+ <import namespace="http://www.w3.org/2001/04/xmlenc#"
23
+ schemaLocation="localised-xenc-schema.xsd"/><!-- localised version -->
24
+
25
+ <annotation>
26
+ <documentation>
27
+ Document identifier: saml-schema-assertion-2.0
28
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
29
+ Revision history:
30
+ V1.0 (November, 2002):
31
+ Initial Standard Schema.
32
+ V1.1 (September, 2003):
33
+ Updates within the same V1.0 namespace.
34
+ V2.0 (March, 2005):
35
+ New assertion schema for SAML V2.0 namespace.
36
+ </documentation>
37
+ </annotation>
38
+ <attributeGroup name="IDNameQualifiers">
39
+ <attribute name="NameQualifier" type="string" use="optional"/>
40
+ <attribute name="SPNameQualifier" type="string" use="optional"/>
41
+ </attributeGroup>
42
+ <element name="BaseID" type="saml:BaseIDAbstractType"/>
43
+ <complexType name="BaseIDAbstractType" abstract="true">
44
+ <attributeGroup ref="saml:IDNameQualifiers"/>
45
+ </complexType>
46
+ <element name="NameID" type="saml:NameIDType"/>
47
+ <complexType name="NameIDType">
48
+ <simpleContent>
49
+ <extension base="string">
50
+ <attributeGroup ref="saml:IDNameQualifiers"/>
51
+ <attribute name="Format" type="anyURI" use="optional"/>
52
+ <attribute name="SPProvidedID" type="string" use="optional"/>
53
+ </extension>
54
+ </simpleContent>
55
+ </complexType>
56
+ <complexType name="EncryptedElementType">
57
+ <sequence>
58
+ <element ref="xenc:EncryptedData"/>
59
+ <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
60
+ </sequence>
61
+ </complexType>
62
+ <element name="EncryptedID" type="saml:EncryptedElementType"/>
63
+ <element name="Issuer" type="saml:NameIDType"/>
64
+ <element name="AssertionIDRef" type="NCName"/>
65
+ <element name="AssertionURIRef" type="anyURI"/>
66
+ <element name="Assertion" type="saml:AssertionType"/>
67
+ <complexType name="AssertionType">
68
+ <sequence>
69
+ <element ref="saml:Issuer"/>
70
+ <element ref="ds:Signature" minOccurs="0"/>
71
+ <element ref="saml:Subject" minOccurs="0"/>
72
+ <element ref="saml:Conditions" minOccurs="0"/>
73
+ <element ref="saml:Advice" minOccurs="0"/>
74
+ <choice minOccurs="0" maxOccurs="unbounded">
75
+ <element ref="saml:Statement"/>
76
+ <element ref="saml:AuthnStatement"/>
77
+ <element ref="saml:AuthzDecisionStatement"/>
78
+ <element ref="saml:AttributeStatement"/>
79
+ </choice>
80
+ </sequence>
81
+ <attribute name="Version" type="string" use="required"/>
82
+ <attribute name="ID" type="ID" use="required"/>
83
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
84
+ </complexType>
85
+ <element name="Subject" type="saml:SubjectType"/>
86
+ <complexType name="SubjectType">
87
+ <choice>
88
+ <sequence>
89
+ <choice>
90
+ <element ref="saml:BaseID"/>
91
+ <element ref="saml:NameID"/>
92
+ <element ref="saml:EncryptedID"/>
93
+ </choice>
94
+ <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
95
+ </sequence>
96
+ <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
97
+ </choice>
98
+ </complexType>
99
+ <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
100
+ <complexType name="SubjectConfirmationType">
101
+ <sequence>
102
+ <choice minOccurs="0">
103
+ <element ref="saml:BaseID"/>
104
+ <element ref="saml:NameID"/>
105
+ <element ref="saml:EncryptedID"/>
106
+ </choice>
107
+ <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
108
+ </sequence>
109
+ <attribute name="Method" type="anyURI" use="required"/>
110
+ </complexType>
111
+ <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
112
+ <complexType name="SubjectConfirmationDataType" mixed="true">
113
+ <complexContent>
114
+ <restriction base="anyType">
115
+ <sequence>
116
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
117
+ </sequence>
118
+ <attribute name="NotBefore" type="dateTime" use="optional"/>
119
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
120
+ <attribute name="Recipient" type="anyURI" use="optional"/>
121
+ <attribute name="InResponseTo" type="NCName" use="optional"/>
122
+ <attribute name="Address" type="string" use="optional"/>
123
+ <anyAttribute namespace="##other" processContents="lax"/>
124
+ </restriction>
125
+ </complexContent>
126
+ </complexType>
127
+ <complexType name="KeyInfoConfirmationDataType" mixed="false">
128
+ <complexContent>
129
+ <restriction base="saml:SubjectConfirmationDataType">
130
+ <sequence>
131
+ <element ref="ds:KeyInfo" maxOccurs="unbounded"/>
132
+ </sequence>
133
+ </restriction>
134
+ </complexContent>
135
+ </complexType>
136
+ <element name="Conditions" type="saml:ConditionsType"/>
137
+ <complexType name="ConditionsType">
138
+ <choice minOccurs="0" maxOccurs="unbounded">
139
+ <element ref="saml:Condition"/>
140
+ <element ref="saml:AudienceRestriction"/>
141
+ <element ref="saml:OneTimeUse"/>
142
+ <element ref="saml:ProxyRestriction"/>
143
+ </choice>
144
+ <attribute name="NotBefore" type="dateTime" use="optional"/>
145
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
146
+ </complexType>
147
+ <element name="Condition" type="saml:ConditionAbstractType"/>
148
+ <complexType name="ConditionAbstractType" abstract="true"/>
149
+ <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
150
+ <complexType name="AudienceRestrictionType">
151
+ <complexContent>
152
+ <extension base="saml:ConditionAbstractType">
153
+ <sequence>
154
+ <element ref="saml:Audience" maxOccurs="unbounded"/>
155
+ </sequence>
156
+ </extension>
157
+ </complexContent>
158
+ </complexType>
159
+ <element name="Audience" type="anyURI"/>
160
+ <element name="OneTimeUse" type="saml:OneTimeUseType" />
161
+ <complexType name="OneTimeUseType">
162
+ <complexContent>
163
+ <extension base="saml:ConditionAbstractType"/>
164
+ </complexContent>
165
+ </complexType>
166
+ <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
167
+ <complexType name="ProxyRestrictionType">
168
+ <complexContent>
169
+ <extension base="saml:ConditionAbstractType">
170
+ <sequence>
171
+ <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
172
+ </sequence>
173
+ <attribute name="Count" type="nonNegativeInteger" use="optional"/>
174
+ </extension>
175
+ </complexContent>
176
+ </complexType>
177
+ <element name="Advice" type="saml:AdviceType"/>
178
+ <complexType name="AdviceType">
179
+ <choice minOccurs="0" maxOccurs="unbounded">
180
+ <element ref="saml:AssertionIDRef"/>
181
+ <element ref="saml:AssertionURIRef"/>
182
+ <element ref="saml:Assertion"/>
183
+ <element ref="saml:EncryptedAssertion"/>
184
+ <any namespace="##other" processContents="lax"/>
185
+ </choice>
186
+ </complexType>
187
+ <element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
188
+ <element name="Statement" type="saml:StatementAbstractType"/>
189
+ <complexType name="StatementAbstractType" abstract="true"/>
190
+ <element name="AuthnStatement" type="saml:AuthnStatementType"/>
191
+ <complexType name="AuthnStatementType">
192
+ <complexContent>
193
+ <extension base="saml:StatementAbstractType">
194
+ <sequence>
195
+ <element ref="saml:SubjectLocality" minOccurs="0"/>
196
+ <element ref="saml:AuthnContext"/>
197
+ </sequence>
198
+ <attribute name="AuthnInstant" type="dateTime" use="required"/>
199
+ <attribute name="SessionIndex" type="string" use="optional"/>
200
+ <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
201
+ </extension>
202
+ </complexContent>
203
+ </complexType>
204
+ <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
205
+ <complexType name="SubjectLocalityType">
206
+ <attribute name="Address" type="string" use="optional"/>
207
+ <attribute name="DNSName" type="string" use="optional"/>
208
+ </complexType>
209
+ <element name="AuthnContext" type="saml:AuthnContextType"/>
210
+ <complexType name="AuthnContextType">
211
+ <sequence>
212
+ <choice>
213
+ <sequence>
214
+ <element ref="saml:AuthnContextClassRef"/>
215
+ <choice minOccurs="0">
216
+ <element ref="saml:AuthnContextDecl"/>
217
+ <element ref="saml:AuthnContextDeclRef"/>
218
+ </choice>
219
+ </sequence>
220
+ <choice>
221
+ <element ref="saml:AuthnContextDecl"/>
222
+ <element ref="saml:AuthnContextDeclRef"/>
223
+ </choice>
224
+ </choice>
225
+ <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
226
+ </sequence>
227
+ </complexType>
228
+ <element name="AuthnContextClassRef" type="anyURI"/>
229
+ <element name="AuthnContextDeclRef" type="anyURI"/>
230
+ <element name="AuthnContextDecl" type="anyType"/>
231
+ <element name="AuthenticatingAuthority" type="anyURI"/>
232
+ <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
233
+ <complexType name="AuthzDecisionStatementType">
234
+ <complexContent>
235
+ <extension base="saml:StatementAbstractType">
236
+ <sequence>
237
+ <element ref="saml:Action" maxOccurs="unbounded"/>
238
+ <element ref="saml:Evidence" minOccurs="0"/>
239
+ </sequence>
240
+ <attribute name="Resource" type="anyURI" use="required"/>
241
+ <attribute name="Decision" type="saml:DecisionType" use="required"/>
242
+ </extension>
243
+ </complexContent>
244
+ </complexType>
245
+ <simpleType name="DecisionType">
246
+ <restriction base="string">
247
+ <enumeration value="Permit"/>
248
+ <enumeration value="Deny"/>
249
+ <enumeration value="Indeterminate"/>
250
+ </restriction>
251
+ </simpleType>
252
+ <element name="Action" type="saml:ActionType"/>
253
+ <complexType name="ActionType">
254
+ <simpleContent>
255
+ <extension base="string">
256
+ <attribute name="Namespace" type="anyURI" use="required"/>
257
+ </extension>
258
+ </simpleContent>
259
+ </complexType>
260
+ <element name="Evidence" type="saml:EvidenceType"/>
261
+ <complexType name="EvidenceType">
262
+ <choice maxOccurs="unbounded">
263
+ <element ref="saml:AssertionIDRef"/>
264
+ <element ref="saml:AssertionURIRef"/>
265
+ <element ref="saml:Assertion"/>
266
+ <element ref="saml:EncryptedAssertion"/>
267
+ </choice>
268
+ </complexType>
269
+ <element name="AttributeStatement" type="saml:AttributeStatementType"/>
270
+ <complexType name="AttributeStatementType">
271
+ <complexContent>
272
+ <extension base="saml:StatementAbstractType">
273
+ <choice maxOccurs="unbounded">
274
+ <element ref="saml:Attribute"/>
275
+ <element ref="saml:EncryptedAttribute"/>
276
+ </choice>
277
+ </extension>
278
+ </complexContent>
279
+ </complexType>
280
+ <element name="Attribute" type="saml:AttributeType"/>
281
+ <complexType name="AttributeType">
282
+ <sequence>
283
+ <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
284
+ </sequence>
285
+ <attribute name="Name" type="string" use="required"/>
286
+ <attribute name="NameFormat" type="anyURI" use="optional"/>
287
+ <attribute name="FriendlyName" type="string" use="optional"/>
288
+ <anyAttribute namespace="##other" processContents="lax"/>
289
+ </complexType>
290
+ <element name="AttributeValue" type="anyType" nillable="true"/>
291
+ <element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
292
+ </schema>
data/lib/schema/localised-saml-schema-protocol-2.0.xsd ADDED
@@ -0,0 +1,309 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <!-- This file has been modified so that import elements point at local uris -->
3
+ <schema
4
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
5
+ xmlns="http://www.w3.org/2001/XMLSchema"
6
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
7
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
8
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
9
+ elementFormDefault="unqualified"
10
+ attributeFormDefault="unqualified"
11
+ blockDefault="substitution"
12
+ version="2.0">
13
+ <!-- original
14
+ <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
15
+ schemaLocation="saml-schema-assertion-2.0.xsd"/>
16
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"
17
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
18
+ -->
19
+ <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
20
+ schemaLocation="localised-saml-schema-assertion-2.0.xsd"/><!-- localised version -->
21
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"
22
+ schemaLocation="xmldsig-core-schema.xsd"/><!-- localised version -->
23
+ <annotation>
24
+ <documentation>
25
+ Document identifier: saml-schema-protocol-2.0
26
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
27
+ Revision history:
28
+ V1.0 (November, 2002):
29
+ Initial Standard Schema.
30
+ V1.1 (September, 2003):
31
+ Updates within the same V1.0 namespace.
32
+ V2.0 (March, 2005):
33
+ New protocol schema based in a SAML V2.0 namespace.
34
+ </documentation>
35
+ </annotation>
36
+ <complexType name="RequestAbstractType" abstract="true">
37
+ <sequence>
38
+ <element ref="saml:Issuer" minOccurs="0"/>
39
+ <element ref="ds:Signature" minOccurs="0"/>
40
+ <element ref="samlp:Extensions" minOccurs="0"/>
41
+ </sequence>
42
+ <attribute name="ID" type="ID" use="required"/>
43
+ <attribute name="Version" type="string" use="required"/>
44
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
45
+ <attribute name="Destination" type="anyURI" use="optional"/>
46
+ <attribute name="Consent" type="anyURI" use="optional"/>
47
+ </complexType>
48
+ <element name="Extensions" type="samlp:ExtensionsType"/>
49
+ <complexType name="ExtensionsType">
50
+ <sequence>
51
+ <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
52
+ </sequence>
53
+ </complexType>
54
+ <complexType name="StatusResponseType">
55
+ <sequence>
56
+ <element ref="saml:Issuer" minOccurs="0"/>
57
+ <element ref="ds:Signature" minOccurs="0"/>
58
+ <element ref="samlp:Extensions" minOccurs="0"/>
59
+ <element ref="samlp:Status"/>
60
+ </sequence>
61
+ <attribute name="ID" type="ID" use="required"/>
62
+ <attribute name="InResponseTo" type="NCName" use="optional"/>
63
+ <attribute name="Version" type="string" use="required"/>
64
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
65
+ <attribute name="Destination" type="anyURI" use="optional"/>
66
+ <attribute name="Consent" type="anyURI" use="optional"/>
67
+ </complexType>
68
+ <element name="Status" type="samlp:StatusType"/>
69
+ <complexType name="StatusType">
70
+ <sequence>
71
+ <element ref="samlp:StatusCode"/>
72
+ <element ref="samlp:StatusMessage" minOccurs="0"/>
73
+ <element ref="samlp:StatusDetail" minOccurs="0"/>
74
+ </sequence>
75
+ </complexType>
76
+ <element name="StatusCode" type="samlp:StatusCodeType"/>
77
+ <complexType name="StatusCodeType">
78
+ <sequence>
79
+ <element ref="samlp:StatusCode" minOccurs="0"/>
80
+ </sequence>
81
+ <attribute name="Value" type="anyURI" use="required"/>
82
+ </complexType>
83
+ <element name="StatusMessage" type="string"/>
84
+ <element name="StatusDetail" type="samlp:StatusDetailType"/>
85
+ <complexType name="StatusDetailType">
86
+ <sequence>
87
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
88
+ </sequence>
89
+ </complexType>
90
+ <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
91
+ <complexType name="AssertionIDRequestType">
92
+ <complexContent>
93
+ <extension base="samlp:RequestAbstractType">
94
+ <sequence>
95
+ <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
96
+ </sequence>
97
+ </extension>
98
+ </complexContent>
99
+ </complexType>
100
+ <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
101
+ <complexType name="SubjectQueryAbstractType" abstract="true">
102
+ <complexContent>
103
+ <extension base="samlp:RequestAbstractType">
104
+ <sequence>
105
+ <element ref="saml:Subject"/>
106
+ </sequence>
107
+ </extension>
108
+ </complexContent>
109
+ </complexType>
110
+ <element name="AuthnQuery" type="samlp:AuthnQueryType"/>
111
+ <complexType name="AuthnQueryType">
112
+ <complexContent>
113
+ <extension base="samlp:SubjectQueryAbstractType">
114
+ <sequence>
115
+ <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
116
+ </sequence>
117
+ <attribute name="SessionIndex" type="string" use="optional"/>
118
+ </extension>
119
+ </complexContent>
120
+ </complexType>
121
+ <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
122
+ <complexType name="RequestedAuthnContextType">
123
+ <choice>
124
+ <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
125
+ <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
126
+ </choice>
127
+ <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
128
+ </complexType>
129
+ <simpleType name="AuthnContextComparisonType">
130
+ <restriction base="string">
131
+ <enumeration value="exact"/>
132
+ <enumeration value="minimum"/>
133
+ <enumeration value="maximum"/>
134
+ <enumeration value="better"/>
135
+ </restriction>
136
+ </simpleType>
137
+ <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
138
+ <complexType name="AttributeQueryType">
139
+ <complexContent>
140
+ <extension base="samlp:SubjectQueryAbstractType">
141
+ <sequence>
142
+ <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
143
+ </sequence>
144
+ </extension>
145
+ </complexContent>
146
+ </complexType>
147
+ <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
148
+ <complexType name="AuthzDecisionQueryType">
149
+ <complexContent>
150
+ <extension base="samlp:SubjectQueryAbstractType">
151
+ <sequence>
152
+ <element ref="saml:Action" maxOccurs="unbounded"/>
153
+ <element ref="saml:Evidence" minOccurs="0"/>
154
+ </sequence>
155
+ <attribute name="Resource" type="anyURI" use="required"/>
156
+ </extension>
157
+ </complexContent>
158
+ </complexType>
159
+ <element name="AuthnRequest" type="samlp:AuthnRequestType"/>
160
+ <complexType name="AuthnRequestType">
161
+ <complexContent>
162
+ <extension base="samlp:RequestAbstractType">
163
+ <sequence>
164
+ <element ref="saml:Subject" minOccurs="0"/>
165
+ <element ref="samlp:NameIDPolicy" minOccurs="0"/>
166
+ <element ref="saml:Conditions" minOccurs="0"/>
167
+ <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
168
+ <element ref="samlp:Scoping" minOccurs="0"/>
169
+ </sequence>
170
+ <attribute name="ForceAuthn" type="boolean" use="optional"/>
171
+ <attribute name="IsPassive" type="boolean" use="optional"/>
172
+ <attribute name="ProtocolBinding" type="anyURI" use="optional"/>
173
+ <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
174
+ <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
175
+ <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
176
+ <attribute name="ProviderName" type="string" use="optional"/>
177
+ </extension>
178
+ </complexContent>
179
+ </complexType>
180
+ <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
181
+ <complexType name="NameIDPolicyType">
182
+ <attribute name="Format" type="anyURI" use="optional"/>
183
+ <attribute name="SPNameQualifier" type="string" use="optional"/>
184
+ <attribute name="AllowCreate" type="boolean" use="optional"/>
185
+ </complexType>
186
+ <element name="Scoping" type="samlp:ScopingType"/>
187
+ <complexType name="ScopingType">
188
+ <sequence>
189
+ <element ref="samlp:IDPList" minOccurs="0"/>
190
+ <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
191
+ </sequence>
192
+ <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
193
+ </complexType>
194
+ <element name="RequesterID" type="anyURI"/>
195
+ <element name="IDPList" type="samlp:IDPListType"/>
196
+ <complexType name="IDPListType">
197
+ <sequence>
198
+ <element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
199
+ <element ref="samlp:GetComplete" minOccurs="0"/>
200
+ </sequence>
201
+ </complexType>
202
+ <element name="IDPEntry" type="samlp:IDPEntryType"/>
203
+ <complexType name="IDPEntryType">
204
+ <attribute name="ProviderID" type="anyURI" use="required"/>
205
+ <attribute name="Name" type="string" use="optional"/>
206
+ <attribute name="Loc" type="anyURI" use="optional"/>
207
+ </complexType>
208
+ <element name="GetComplete" type="anyURI"/>
209
+ <element name="Response" type="samlp:ResponseType"/>
210
+ <complexType name="ResponseType">
211
+ <complexContent>
212
+ <extension base="samlp:StatusResponseType">
213
+ <choice minOccurs="0" maxOccurs="unbounded">
214
+ <element ref="saml:Assertion"/>
215
+ <element ref="saml:EncryptedAssertion"/>
216
+ </choice>
217
+ </extension>
218
+ </complexContent>
219
+ </complexType>
220
+ <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
221
+ <complexType name="ArtifactResolveType">
222
+ <complexContent>
223
+ <extension base="samlp:RequestAbstractType">
224
+ <sequence>
225
+ <element ref="samlp:Artifact"/>
226
+ </sequence>
227
+ </extension>
228
+ </complexContent>
229
+ </complexType>
230
+ <element name="Artifact" type="string"/>
231
+ <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
232
+ <complexType name="ArtifactResponseType">
233
+ <complexContent>
234
+ <extension base="samlp:StatusResponseType">
235
+ <sequence>
236
+ <any namespace="##any" processContents="lax" minOccurs="0"/>
237
+ </sequence>
238
+ </extension>
239
+ </complexContent>
240
+ </complexType>
241
+ <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
242
+ <complexType name="ManageNameIDRequestType">
243
+ <complexContent>
244
+ <extension base="samlp:RequestAbstractType">
245
+ <sequence>
246
+ <choice>
247
+ <element ref="saml:NameID"/>
248
+ <element ref="saml:EncryptedID"/>
249
+ </choice>
250
+ <choice>
251
+ <element ref="samlp:NewID"/>
252
+ <element ref="samlp:NewEncryptedID"/>
253
+ <element ref="samlp:Terminate"/>
254
+ </choice>
255
+ </sequence>
256
+ </extension>
257
+ </complexContent>
258
+ </complexType>
259
+ <element name="NewID" type="string"/>
260
+ <element name="NewEncryptedID" type="saml:EncryptedElementType"/>
261
+ <element name="Terminate" type="samlp:TerminateType"/>
262
+ <complexType name="TerminateType"/>
263
+ <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
264
+ <element name="LogoutRequest" type="samlp:LogoutRequestType"/>
265
+ <complexType name="LogoutRequestType">
266
+ <complexContent>
267
+ <extension base="samlp:RequestAbstractType">
268
+ <sequence>
269
+ <choice>
270
+ <element ref="saml:BaseID"/>
271
+ <element ref="saml:NameID"/>
272
+ <element ref="saml:EncryptedID"/>
273
+ </choice>
274
+ <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
275
+ </sequence>
276
+ <attribute name="Reason" type="string" use="optional"/>
277
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
278
+ </extension>
279
+ </complexContent>
280
+ </complexType>
281
+ <element name="SessionIndex" type="string"/>
282
+ <element name="LogoutResponse" type="samlp:StatusResponseType"/>
283
+ <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
284
+ <complexType name="NameIDMappingRequestType">
285
+ <complexContent>
286
+ <extension base="samlp:RequestAbstractType">
287
+ <sequence>
288
+ <choice>
289
+ <element ref="saml:BaseID"/>
290
+ <element ref="saml:NameID"/>
291
+ <element ref="saml:EncryptedID"/>
292
+ </choice>
293
+ <element ref="samlp:NameIDPolicy"/>
294
+ </sequence>
295
+ </extension>
296
+ </complexContent>
297
+ </complexType>
298
+ <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
299
+ <complexType name="NameIDMappingResponseType">
300
+ <complexContent>
301
+ <extension base="samlp:StatusResponseType">
302
+ <choice>
303
+ <element ref="saml:NameID"/>
304
+ <element ref="saml:EncryptedID"/>
305
+ </choice>
306
+ </extension>
307
+ </complexContent>
308
+ </complexType>
309
+ </schema>