samlsso 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (41) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +50 -0
  3. data/CODE_OF_CONDUCT.md +49 -0
  4. data/Gemfile +4 -0
  5. data/LICENSE +21 -0
  6. data/README.md +36 -0
  7. data/Rakefile +2 -0
  8. data/bin/console +14 -0
  9. data/bin/setup +8 -0
  10. data/lib/samlsso.rb +16 -0
  11. data/lib/samlsso/attribute_service.rb +32 -0
  12. data/lib/samlsso/attributes.rb +107 -0
  13. data/lib/samlsso/authrequest.rb +124 -0
  14. data/lib/samlsso/idp_metadata_parser.rb +85 -0
  15. data/lib/samlsso/logging.rb +20 -0
  16. data/lib/samlsso/logoutrequest.rb +100 -0
  17. data/lib/samlsso/logoutresponse.rb +110 -0
  18. data/lib/samlsso/metadata.rb +94 -0
  19. data/lib/samlsso/response.rb +271 -0
  20. data/lib/samlsso/saml_message.rb +117 -0
  21. data/lib/samlsso/settings.rb +115 -0
  22. data/lib/samlsso/slo_logoutrequest.rb +64 -0
  23. data/lib/samlsso/slo_logoutresponse.rb +99 -0
  24. data/lib/samlsso/utils.rb +42 -0
  25. data/lib/samlsso/validation_error.rb +5 -0
  26. data/lib/samlsso/version.rb +3 -0
  27. data/lib/schemas/saml-schema-assertion-2.0.xsd +283 -0
  28. data/lib/schemas/saml-schema-authn-context-2.0.xsd +23 -0
  29. data/lib/schemas/saml-schema-authn-context-types-2.0.xsd +821 -0
  30. data/lib/schemas/saml-schema-metadata-2.0.xsd +339 -0
  31. data/lib/schemas/saml-schema-protocol-2.0.xsd +302 -0
  32. data/lib/schemas/sstc-metadata-attr.xsd +35 -0
  33. data/lib/schemas/sstc-saml-attribute-ext.xsd +25 -0
  34. data/lib/schemas/sstc-saml-metadata-algsupport-v1.0.xsd +41 -0
  35. data/lib/schemas/sstc-saml-metadata-ui-v1.0.xsd +89 -0
  36. data/lib/schemas/xenc-schema.xsd +136 -0
  37. data/lib/schemas/xml.xsd +287 -0
  38. data/lib/schemas/xmldsig-core-schema.xsd +309 -0
  39. data/lib/xml_security.rb +276 -0
  40. data/samlsso.gemspec +44 -0
  41. metadata +168 -0
data/lib/schemas/saml-schema-metadata-2.0.xsd ADDED
@@ -0,0 +1,339 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <schema
3
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata"
4
+ xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
5
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
7
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
8
+ xmlns="http://www.w3.org/2001/XMLSchema"
9
+ elementFormDefault="unqualified"
10
+ attributeFormDefault="unqualified"
11
+ blockDefault="substitution"
12
+ version="2.0">
13
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"
14
+ schemaLocation="xmldsig-core-schema.xsd"/>
15
+ <import namespace="http://www.w3.org/2001/04/xmlenc#"
16
+ schemaLocation="xenc-schema.xsd"/>
17
+ <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
18
+ schemaLocation="saml-schema-assertion-2.0.xsd"/>
19
+ <import namespace="http://www.w3.org/XML/1998/namespace"
20
+ schemaLocation="xml.xsd"/>
21
+ <annotation>
22
+ <documentation>
23
+ Document identifier: saml-schema-metadata-2.0
24
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
25
+ Revision history:
26
+ V2.0 (March, 2005):
27
+ Schema for SAML metadata, first published in SAML 2.0.
28
+ </documentation>
29
+ </annotation>
30
+
31
+ <simpleType name="entityIDType">
32
+ <restriction base="anyURI">
33
+ <maxLength value="1024"/>
34
+ </restriction>
35
+ </simpleType>
36
+ <complexType name="localizedNameType">
37
+ <simpleContent>
38
+ <extension base="string">
39
+ <attribute ref="xml:lang" use="required"/>
40
+ </extension>
41
+ </simpleContent>
42
+ </complexType>
43
+ <complexType name="localizedURIType">
44
+ <simpleContent>
45
+ <extension base="anyURI">
46
+ <attribute ref="xml:lang" use="required"/>
47
+ </extension>
48
+ </simpleContent>
49
+ </complexType>
50
+
51
+ <element name="Extensions" type="md:ExtensionsType"/>
52
+ <complexType final="#all" name="ExtensionsType">
53
+ <sequence>
54
+ <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
55
+ </sequence>
56
+ </complexType>
57
+
58
+ <complexType name="EndpointType">
59
+ <sequence>
60
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
61
+ </sequence>
62
+ <attribute name="Binding" type="anyURI" use="required"/>
63
+ <attribute name="Location" type="anyURI" use="required"/>
64
+ <attribute name="ResponseLocation" type="anyURI" use="optional"/>
65
+ <anyAttribute namespace="##other" processContents="lax"/>
66
+ </complexType>
67
+
68
+ <complexType name="IndexedEndpointType">
69
+ <complexContent>
70
+ <extension base="md:EndpointType">
71
+ <attribute name="index" type="unsignedShort" use="required"/>
72
+ <attribute name="isDefault" type="boolean" use="optional"/>
73
+ </extension>
74
+ </complexContent>
75
+ </complexType>
76
+
77
+ <element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/>
78
+ <complexType name="EntitiesDescriptorType">
79
+ <sequence>
80
+ <element ref="ds:Signature" minOccurs="0"/>
81
+ <element ref="md:Extensions" minOccurs="0"/>
82
+ <choice minOccurs="1" maxOccurs="unbounded">
83
+ <element ref="md:EntityDescriptor"/>
84
+ <element ref="md:EntitiesDescriptor"/>
85
+ </choice>
86
+ </sequence>
87
+ <attribute name="validUntil" type="dateTime" use="optional"/>
88
+ <attribute name="cacheDuration" type="duration" use="optional"/>
89
+ <attribute name="ID" type="ID" use="optional"/>
90
+ <attribute name="Name" type="string" use="optional"/>
91
+ </complexType>
92
+
93
+ <element name="EntityDescriptor" type="md:EntityDescriptorType"/>
94
+ <complexType name="EntityDescriptorType">
95
+ <sequence>
96
+ <element ref="ds:Signature" minOccurs="0"/>
97
+ <element ref="md:Extensions" minOccurs="0"/>
98
+ <choice>
99
+ <choice maxOccurs="unbounded">
100
+ <element ref="md:RoleDescriptor"/>
101
+ <element ref="md:IDPSSODescriptor"/>
102
+ <element ref="md:SPSSODescriptor"/>
103
+ <element ref="md:AuthnAuthorityDescriptor"/>
104
+ <element ref="md:AttributeAuthorityDescriptor"/>
105
+ <element ref="md:PDPDescriptor"/>
106
+ </choice>
107
+ <element ref="md:AffiliationDescriptor"/>
108
+ </choice>
109
+ <element ref="md:Organization" minOccurs="0"/>
110
+ <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
111
+ <element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/>
112
+ </sequence>
113
+ <attribute name="entityID" type="md:entityIDType" use="required"/>
114
+ <attribute name="validUntil" type="dateTime" use="optional"/>
115
+ <attribute name="cacheDuration" type="duration" use="optional"/>
116
+ <attribute name="ID" type="ID" use="optional"/>
117
+ <anyAttribute namespace="##other" processContents="lax"/>
118
+ </complexType>
119
+
120
+ <element name="Organization" type="md:OrganizationType"/>
121
+ <complexType name="OrganizationType">
122
+ <sequence>
123
+ <element ref="md:Extensions" minOccurs="0"/>
124
+ <element ref="md:OrganizationName" maxOccurs="unbounded"/>
125
+ <element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/>
126
+ <element ref="md:OrganizationURL" maxOccurs="unbounded"/>
127
+ </sequence>
128
+ <anyAttribute namespace="##other" processContents="lax"/>
129
+ </complexType>
130
+ <element name="OrganizationName" type="md:localizedNameType"/>
131
+ <element name="OrganizationDisplayName" type="md:localizedNameType"/>
132
+ <element name="OrganizationURL" type="md:localizedURIType"/>
133
+ <element name="ContactPerson" type="md:ContactType"/>
134
+ <complexType name="ContactType">
135
+ <sequence>
136
+ <element ref="md:Extensions" minOccurs="0"/>
137
+ <element ref="md:Company" minOccurs="0"/>
138
+ <element ref="md:GivenName" minOccurs="0"/>
139
+ <element ref="md:SurName" minOccurs="0"/>
140
+ <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/>
141
+ <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/>
142
+ </sequence>
143
+ <attribute name="contactType" type="md:ContactTypeType" use="required"/>
144
+ <anyAttribute namespace="##other" processContents="lax"/>
145
+ </complexType>
146
+ <element name="Company" type="string"/>
147
+ <element name="GivenName" type="string"/>
148
+ <element name="SurName" type="string"/>
149
+ <element name="EmailAddress" type="anyURI"/>
150
+ <element name="TelephoneNumber" type="string"/>
151
+ <simpleType name="ContactTypeType">
152
+ <restriction base="string">
153
+ <enumeration value="technical"/>
154
+ <enumeration value="support"/>
155
+ <enumeration value="administrative"/>
156
+ <enumeration value="billing"/>
157
+ <enumeration value="other"/>
158
+ </restriction>
159
+ </simpleType>
160
+
161
+ <element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/>
162
+ <complexType name="AdditionalMetadataLocationType">
163
+ <simpleContent>
164
+ <extension base="anyURI">
165
+ <attribute name="namespace" type="anyURI" use="required"/>
166
+ </extension>
167
+ </simpleContent>
168
+ </complexType>
169
+
170
+ <element name="RoleDescriptor" type="md:RoleDescriptorType"/>
171
+ <complexType name="RoleDescriptorType" abstract="true">
172
+ <sequence>
173
+ <element ref="ds:Signature" minOccurs="0"/>
174
+ <element ref="md:Extensions" minOccurs="0"/>
175
+ <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
176
+ <element ref="md:Organization" minOccurs="0"/>
177
+ <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
178
+ </sequence>
179
+ <attribute name="ID" type="ID" use="optional"/>
180
+ <attribute name="validUntil" type="dateTime" use="optional"/>
181
+ <attribute name="cacheDuration" type="duration" use="optional"/>
182
+ <attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/>
183
+ <attribute name="errorURL" type="anyURI" use="optional"/>
184
+ <anyAttribute namespace="##other" processContents="lax"/>
185
+ </complexType>
186
+ <simpleType name="anyURIListType">
187
+ <list itemType="anyURI"/>
188
+ </simpleType>
189
+
190
+ <element name="KeyDescriptor" type="md:KeyDescriptorType"/>
191
+ <complexType name="KeyDescriptorType">
192
+ <sequence>
193
+ <element ref="ds:KeyInfo"/>
194
+ <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>
195
+ </sequence>
196
+ <attribute name="use" type="md:KeyTypes" use="optional"/>
197
+ </complexType>
198
+ <simpleType name="KeyTypes">
199
+ <restriction base="string">
200
+ <enumeration value="encryption"/>
201
+ <enumeration value="signing"/>
202
+ </restriction>
203
+ </simpleType>
204
+ <element name="EncryptionMethod" type="xenc:EncryptionMethodType"/>
205
+
206
+ <complexType name="SSODescriptorType" abstract="true">
207
+ <complexContent>
208
+ <extension base="md:RoleDescriptorType">
209
+ <sequence>
210
+ <element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/>
211
+ <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>
212
+ <element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/>
213
+ <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
214
+ </sequence>
215
+ </extension>
216
+ </complexContent>
217
+ </complexType>
218
+ <element name="ArtifactResolutionService" type="md:IndexedEndpointType"/>
219
+ <element name="SingleLogoutService" type="md:EndpointType"/>
220
+ <element name="ManageNameIDService" type="md:EndpointType"/>
221
+ <element name="NameIDFormat" type="anyURI"/>
222
+
223
+ <element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/>
224
+ <complexType name="IDPSSODescriptorType">
225
+ <complexContent>
226
+ <extension base="md:SSODescriptorType">
227
+ <sequence>
228
+ <element ref="md:SingleSignOnService" maxOccurs="unbounded"/>
229
+ <element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>
230
+ <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
231
+ <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
232
+ <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
233
+ </sequence>
234
+ <attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>
235
+ </extension>
236
+ </complexContent>
237
+ </complexType>
238
+ <element name="SingleSignOnService" type="md:EndpointType"/>
239
+ <element name="NameIDMappingService" type="md:EndpointType"/>
240
+ <element name="AssertionIDRequestService" type="md:EndpointType"/>
241
+ <element name="AttributeProfile" type="anyURI"/>
242
+
243
+ <element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>
244
+ <complexType name="SPSSODescriptorType">
245
+ <complexContent>
246
+ <extension base="md:SSODescriptorType">
247
+ <sequence>
248
+ <element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>
249
+ <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
250
+ <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>
251
+ <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
252
+ </sequence>
253
+ <attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>
254
+ <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
255
+ </extension>
256
+ </complexContent>
257
+ </complexType>
258
+ <element name="AssertionConsumerService" type="md:IndexedEndpointType"/>
259
+ <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>
260
+ <complexType name="AttributeConsumingServiceType">
261
+ <sequence>
262
+ <element ref="md:ServiceName" maxOccurs="unbounded"/>
263
+ <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>
264
+ <element ref="md:RequestedAttribute" maxOccurs="unbounded"/>
265
+ </sequence>
266
+ <attribute name="index" type="unsignedShort" use="required"/>
267
+ <attribute name="isDefault" type="boolean" use="optional"/>
268
+ </complexType>
269
+ <element name="ServiceName" type="md:localizedNameType"/>
270
+ <element name="ServiceDescription" type="md:localizedNameType"/>
271
+ <element name="RequestedAttribute" type="md:RequestedAttributeType"/>
272
+ <complexType name="RequestedAttributeType">
273
+ <complexContent>
274
+ <extension base="saml:AttributeType">
275
+ <attribute name="isRequired" type="boolean" use="optional"/>
276
+ </extension>
277
+ </complexContent>
278
+ </complexType>
279
+
280
+ <element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>
281
+ <complexType name="AuthnAuthorityDescriptorType">
282
+ <complexContent>
283
+ <extension base="md:RoleDescriptorType">
284
+ <sequence>
285
+ <element ref="md:AuthnQueryService" maxOccurs="unbounded"/>
286
+ <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
287
+ <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
288
+ </sequence>
289
+ </extension>
290
+ </complexContent>
291
+ </complexType>
292
+ <element name="AuthnQueryService" type="md:EndpointType"/>
293
+
294
+ <element name="PDPDescriptor" type="md:PDPDescriptorType"/>
295
+ <complexType name="PDPDescriptorType">
296
+ <complexContent>
297
+ <extension base="md:RoleDescriptorType">
298
+ <sequence>
299
+ <element ref="md:AuthzService" maxOccurs="unbounded"/>
300
+ <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
301
+ <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
302
+ </sequence>
303
+ </extension>
304
+ </complexContent>
305
+ </complexType>
306
+ <element name="AuthzService" type="md:EndpointType"/>
307
+
308
+ <element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/>
309
+ <complexType name="AttributeAuthorityDescriptorType">
310
+ <complexContent>
311
+ <extension base="md:RoleDescriptorType">
312
+ <sequence>
313
+ <element ref="md:AttributeService" maxOccurs="unbounded"/>
314
+ <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
315
+ <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
316
+ <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
317
+ <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
318
+ </sequence>
319
+ </extension>
320
+ </complexContent>
321
+ </complexType>
322
+ <element name="AttributeService" type="md:EndpointType"/>
323
+
324
+ <element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>
325
+ <complexType name="AffiliationDescriptorType">
326
+ <sequence>
327
+ <element ref="ds:Signature" minOccurs="0"/>
328
+ <element ref="md:Extensions" minOccurs="0"/>
329
+ <element ref="md:AffiliateMember" maxOccurs="unbounded"/>
330
+ <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
331
+ </sequence>
332
+ <attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/>
333
+ <attribute name="validUntil" type="dateTime" use="optional"/>
334
+ <attribute name="cacheDuration" type="duration" use="optional"/>
335
+ <attribute name="ID" type="ID" use="optional"/>
336
+ <anyAttribute namespace="##other" processContents="lax"/>
337
+ </complexType>
338
+ <element name="AffiliateMember" type="md:entityIDType"/>
339
+ </schema>
data/lib/schemas/saml-schema-protocol-2.0.xsd ADDED
@@ -0,0 +1,302 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <schema
3
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
4
+ xmlns="http://www.w3.org/2001/XMLSchema"
5
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
6
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
7
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
8
+ elementFormDefault="unqualified"
9
+ attributeFormDefault="unqualified"
10
+ blockDefault="substitution"
11
+ version="2.0">
12
+ <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
13
+ schemaLocation="saml-schema-assertion-2.0.xsd"/>
14
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"
15
+ schemaLocation="xmldsig-core-schema.xsd"/>
16
+ <annotation>
17
+ <documentation>
18
+ Document identifier: saml-schema-protocol-2.0
19
+ Location: http://docs.oasis-open.org/security/saml/v2.0/
20
+ Revision history:
21
+ V1.0 (November, 2002):
22
+ Initial Standard Schema.
23
+ V1.1 (September, 2003):
24
+ Updates within the same V1.0 namespace.
25
+ V2.0 (March, 2005):
26
+ New protocol schema based in a SAML V2.0 namespace.
27
+ </documentation>
28
+ </annotation>
29
+ <complexType name="RequestAbstractType" abstract="true">
30
+ <sequence>
31
+ <element ref="saml:Issuer" minOccurs="0"/>
32
+ <element ref="ds:Signature" minOccurs="0"/>
33
+ <element ref="samlp:Extensions" minOccurs="0"/>
34
+ </sequence>
35
+ <attribute name="ID" type="ID" use="required"/>
36
+ <attribute name="Version" type="string" use="required"/>
37
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
38
+ <attribute name="Destination" type="anyURI" use="optional"/>
39
+ <attribute name="Consent" type="anyURI" use="optional"/>
40
+ </complexType>
41
+ <element name="Extensions" type="samlp:ExtensionsType"/>
42
+ <complexType name="ExtensionsType">
43
+ <sequence>
44
+ <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
45
+ </sequence>
46
+ </complexType>
47
+ <complexType name="StatusResponseType">
48
+ <sequence>
49
+ <element ref="saml:Issuer" minOccurs="0"/>
50
+ <element ref="ds:Signature" minOccurs="0"/>
51
+ <element ref="samlp:Extensions" minOccurs="0"/>
52
+ <element ref="samlp:Status"/>
53
+ </sequence>
54
+ <attribute name="ID" type="ID" use="required"/>
55
+ <attribute name="InResponseTo" type="NCName" use="optional"/>
56
+ <attribute name="Version" type="string" use="required"/>
57
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
58
+ <attribute name="Destination" type="anyURI" use="optional"/>
59
+ <attribute name="Consent" type="anyURI" use="optional"/>
60
+ </complexType>
61
+ <element name="Status" type="samlp:StatusType"/>
62
+ <complexType name="StatusType">
63
+ <sequence>
64
+ <element ref="samlp:StatusCode"/>
65
+ <element ref="samlp:StatusMessage" minOccurs="0"/>
66
+ <element ref="samlp:StatusDetail" minOccurs="0"/>
67
+ </sequence>
68
+ </complexType>
69
+ <element name="StatusCode" type="samlp:StatusCodeType"/>
70
+ <complexType name="StatusCodeType">
71
+ <sequence>
72
+ <element ref="samlp:StatusCode" minOccurs="0"/>
73
+ </sequence>
74
+ <attribute name="Value" type="anyURI" use="required"/>
75
+ </complexType>
76
+ <element name="StatusMessage" type="string"/>
77
+ <element name="StatusDetail" type="samlp:StatusDetailType"/>
78
+ <complexType name="StatusDetailType">
79
+ <sequence>
80
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
81
+ </sequence>
82
+ </complexType>
83
+ <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
84
+ <complexType name="AssertionIDRequestType">
85
+ <complexContent>
86
+ <extension base="samlp:RequestAbstractType">
87
+ <sequence>
88
+ <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
89
+ </sequence>
90
+ </extension>
91
+ </complexContent>
92
+ </complexType>
93
+ <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
94
+ <complexType name="SubjectQueryAbstractType" abstract="true">
95
+ <complexContent>
96
+ <extension base="samlp:RequestAbstractType">
97
+ <sequence>
98
+ <element ref="saml:Subject"/>
99
+ </sequence>
100
+ </extension>
101
+ </complexContent>
102
+ </complexType>
103
+ <element name="AuthnQuery" type="samlp:AuthnQueryType"/>
104
+ <complexType name="AuthnQueryType">
105
+ <complexContent>
106
+ <extension base="samlp:SubjectQueryAbstractType">
107
+ <sequence>
108
+ <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
109
+ </sequence>
110
+ <attribute name="SessionIndex" type="string" use="optional"/>
111
+ </extension>
112
+ </complexContent>
113
+ </complexType>
114
+ <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
115
+ <complexType name="RequestedAuthnContextType">
116
+ <choice>
117
+ <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
118
+ <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
119
+ </choice>
120
+ <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
121
+ </complexType>
122
+ <simpleType name="AuthnContextComparisonType">
123
+ <restriction base="string">
124
+ <enumeration value="exact"/>
125
+ <enumeration value="minimum"/>
126
+ <enumeration value="maximum"/>
127
+ <enumeration value="better"/>
128
+ </restriction>
129
+ </simpleType>
130
+ <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
131
+ <complexType name="AttributeQueryType">
132
+ <complexContent>
133
+ <extension base="samlp:SubjectQueryAbstractType">
134
+ <sequence>
135
+ <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
136
+ </sequence>
137
+ </extension>
138
+ </complexContent>
139
+ </complexType>
140
+ <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
141
+ <complexType name="AuthzDecisionQueryType">
142
+ <complexContent>
143
+ <extension base="samlp:SubjectQueryAbstractType">
144
+ <sequence>
145
+ <element ref="saml:Action" maxOccurs="unbounded"/>
146
+ <element ref="saml:Evidence" minOccurs="0"/>
147
+ </sequence>
148
+ <attribute name="Resource" type="anyURI" use="required"/>
149
+ </extension>
150
+ </complexContent>
151
+ </complexType>
152
+ <element name="AuthnRequest" type="samlp:AuthnRequestType"/>
153
+ <complexType name="AuthnRequestType">
154
+ <complexContent>
155
+ <extension base="samlp:RequestAbstractType">
156
+ <sequence>
157
+ <element ref="saml:Subject" minOccurs="0"/>
158
+ <element ref="samlp:NameIDPolicy" minOccurs="0"/>
159
+ <element ref="saml:Conditions" minOccurs="0"/>
160
+ <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
161
+ <element ref="samlp:Scoping" minOccurs="0"/>
162
+ </sequence>
163
+ <attribute name="ForceAuthn" type="boolean" use="optional"/>
164
+ <attribute name="IsPassive" type="boolean" use="optional"/>
165
+ <attribute name="ProtocolBinding" type="anyURI" use="optional"/>
166
+ <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
167
+ <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
168
+ <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
169
+ <attribute name="ProviderName" type="string" use="optional"/>
170
+ </extension>
171
+ </complexContent>
172
+ </complexType>
173
+ <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
174
+ <complexType name="NameIDPolicyType">
175
+ <attribute name="Format" type="anyURI" use="optional"/>
176
+ <attribute name="SPNameQualifier" type="string" use="optional"/>
177
+ <attribute name="AllowCreate" type="boolean" use="optional"/>
178
+ </complexType>
179
+ <element name="Scoping" type="samlp:ScopingType"/>
180
+ <complexType name="ScopingType">
181
+ <sequence>
182
+ <element ref="samlp:IDPList" minOccurs="0"/>
183
+ <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
184
+ </sequence>
185
+ <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
186
+ </complexType>
187
+ <element name="RequesterID" type="anyURI"/>
188
+ <element name="IDPList" type="samlp:IDPListType"/>
189
+ <complexType name="IDPListType">
190
+ <sequence>
191
+ <element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
192
+ <element ref="samlp:GetComplete" minOccurs="0"/>
193
+ </sequence>
194
+ </complexType>
195
+ <element name="IDPEntry" type="samlp:IDPEntryType"/>
196
+ <complexType name="IDPEntryType">
197
+ <attribute name="ProviderID" type="anyURI" use="required"/>
198
+ <attribute name="Name" type="string" use="optional"/>
199
+ <attribute name="Loc" type="anyURI" use="optional"/>
200
+ </complexType>
201
+ <element name="GetComplete" type="anyURI"/>
202
+ <element name="Response" type="samlp:ResponseType"/>
203
+ <complexType name="ResponseType">
204
+ <complexContent>
205
+ <extension base="samlp:StatusResponseType">
206
+ <choice minOccurs="0" maxOccurs="unbounded">
207
+ <element ref="saml:Assertion"/>
208
+ <element ref="saml:EncryptedAssertion"/>
209
+ </choice>
210
+ </extension>
211
+ </complexContent>
212
+ </complexType>
213
+ <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
214
+ <complexType name="ArtifactResolveType">
215
+ <complexContent>
216
+ <extension base="samlp:RequestAbstractType">
217
+ <sequence>
218
+ <element ref="samlp:Artifact"/>
219
+ </sequence>
220
+ </extension>
221
+ </complexContent>
222
+ </complexType>
223
+ <element name="Artifact" type="string"/>
224
+ <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
225
+ <complexType name="ArtifactResponseType">
226
+ <complexContent>
227
+ <extension base="samlp:StatusResponseType">
228
+ <sequence>
229
+ <any namespace="##any" processContents="lax" minOccurs="0"/>
230
+ </sequence>
231
+ </extension>
232
+ </complexContent>
233
+ </complexType>
234
+ <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
235
+ <complexType name="ManageNameIDRequestType">
236
+ <complexContent>
237
+ <extension base="samlp:RequestAbstractType">
238
+ <sequence>
239
+ <choice>
240
+ <element ref="saml:NameID"/>
241
+ <element ref="saml:EncryptedID"/>
242
+ </choice>
243
+ <choice>
244
+ <element ref="samlp:NewID"/>
245
+ <element ref="samlp:NewEncryptedID"/>
246
+ <element ref="samlp:Terminate"/>
247
+ </choice>
248
+ </sequence>
249
+ </extension>
250
+ </complexContent>
251
+ </complexType>
252
+ <element name="NewID" type="string"/>
253
+ <element name="NewEncryptedID" type="saml:EncryptedElementType"/>
254
+ <element name="Terminate" type="samlp:TerminateType"/>
255
+ <complexType name="TerminateType"/>
256
+ <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
257
+ <element name="LogoutRequest" type="samlp:LogoutRequestType"/>
258
+ <complexType name="LogoutRequestType">
259
+ <complexContent>
260
+ <extension base="samlp:RequestAbstractType">
261
+ <sequence>
262
+ <choice>
263
+ <element ref="saml:BaseID"/>
264
+ <element ref="saml:NameID"/>
265
+ <element ref="saml:EncryptedID"/>
266
+ </choice>
267
+ <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
268
+ </sequence>
269
+ <attribute name="Reason" type="string" use="optional"/>
270
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
271
+ </extension>
272
+ </complexContent>
273
+ </complexType>
274
+ <element name="SessionIndex" type="string"/>
275
+ <element name="LogoutResponse" type="samlp:StatusResponseType"/>
276
+ <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
277
+ <complexType name="NameIDMappingRequestType">
278
+ <complexContent>
279
+ <extension base="samlp:RequestAbstractType">
280
+ <sequence>
281
+ <choice>
282
+ <element ref="saml:BaseID"/>
283
+ <element ref="saml:NameID"/>
284
+ <element ref="saml:EncryptedID"/>
285
+ </choice>
286
+ <element ref="samlp:NameIDPolicy"/>
287
+ </sequence>
288
+ </extension>
289
+ </complexContent>
290
+ </complexType>
291
+ <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
292
+ <complexType name="NameIDMappingResponseType">
293
+ <complexContent>
294
+ <extension base="samlp:StatusResponseType">
295
+ <choice>
296
+ <element ref="saml:NameID"/>
297
+ <element ref="saml:EncryptedID"/>
298
+ </choice>
299
+ </extension>
300
+ </complexContent>
301
+ </complexType>
302
+ </schema>