npm - samlesa - Versions diffs - 2.14.9 → 2.15.1 - Mend

samlesa 2.14.9 → 2.15.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/build/src/flow.js CHANGED Viewed

@@ -111,12 +111,14 @@ async function redirectFlow(options) {
         && !verifyTime(extractedProperties.conditions.notBefore, extractedProperties.conditions.notOnOrAfter, self.entitySetting.clockDrifts)) {
         return Promise.reject('ERR_SUBJECT_UNCONFIRMED');
     }
-    let destination = extractedProperties?.response?.destination;
-    let isExit = self.entitySetting?.assertionConsumerService?.filter((item) => {
-        return item?.Location === destination;
-    });
-    if (isExit?.length === 0) {
-        return Promise.reject('ERR_Destination_URL');
+    if (parserType === 'SAMLResponse') {
+        let destination = extractedProperties?.response?.destination;
+        let isExit = self.entitySetting?.assertionConsumerService?.filter((item) => {
+            return item?.Location === destination;
+        });
+        if (isExit?.length === 0) {
+            return Promise.reject('ERR_Destination_URL');
+        }
     }
     return Promise.resolve(parseResult);
 }
@@ -136,15 +138,11 @@ async function postFlow(options) {
     let extractorFields = [];
     // validate the xml first
     let res = await libsaml.isValidXml(samlContent);
-    console.log(res);
-    console.log("验证结果---------------");
     if (parserType !== urlParams.samlResponse) {
         extractorFields = getDefaultExtractorFields(parserType, null);
     }
-    console.log(parserType);
     // check status based on different scenarios
     await checkStatus(samlContent, parserType);
-    console.log("========走不到这里来=============");
     /**检查签名顺序 */
     /*  if (
         checkSignature &&
@@ -162,10 +160,7 @@ async function postFlow(options) {
           extractorFields = getDefaultExtractorFields(parserType, verifiedAssertionNode);
         }
       }*/
-    console.log("===============我走的这里=========================");
     const [verified, verifiedAssertionNode, isDecryptRequired] = libsaml.verifySignature(samlContent, verificationOptions);
-    console.log(verified);
-    console.log("verified");
     decryptRequired = isDecryptRequired;
     if (!verified) {
         return Promise.reject('ERR_FAIL_TO_VERIFY_ETS_SIGNATURE');
@@ -183,12 +178,6 @@ async function postFlow(options) {
         checkSignature &&
         from.entitySetting.messageSigningOrder === MessageSignatureOrder.STE
       ) {
-        console.log("走不到这里来========================================")
-        console.log("走不到这里来========================================")
-        console.log("走不到这里来========================================")
-        console.log("走不到这里来========================================")
-        console.log("走不到这里来========================================")
         const [verified, verifiedAssertionNode,isDecryptRequired] = libsaml.verifySignature(samlContent, verificationOptions);
         decryptRequired = isDecryptRequired
         if (verified) {
@@ -238,6 +227,15 @@ async function postFlow(options) {
     if (isExit?.length === 0) {
         return Promise.reject('ERR_Destination_URL');
     }
+    if (parserType === 'SAMLResponse') {
+        let destination = extractedProperties?.response?.destination;
+        let isExit = self.entitySetting?.assertionConsumerService?.filter((item) => {
+            return item?.Location === destination;
+        });
+        if (isExit?.length === 0) {
+            return Promise.reject('ERR_Destination_URL');
+        }
+    }
     return Promise.resolve(parseResult);
 }
 // proceed the post simple sign binding flow
@@ -323,12 +321,14 @@ async function postSimpleSignFlow(options) {
         && !verifyTime(extractedProperties.conditions.notBefore, extractedProperties.conditions.notOnOrAfter, self.entitySetting.clockDrifts)) {
         return Promise.reject('ERR_SUBJECT_UNCONFIRMED');
     }
-    let destination = extractedProperties?.response?.destination;
-    let isExit = self.entitySetting?.assertionConsumerService?.filter((item) => {
-        return item?.Location === destination;
-    });
-    if (isExit?.length === 0) {
-        return Promise.reject('ERR_Destination_URL');
+    if (parserType === 'SAMLResponse') {
+        let destination = extractedProperties?.response?.destination;
+        let isExit = self.entitySetting?.assertionConsumerService?.filter((item) => {
+            return item?.Location === destination;
+        });
+        if (isExit?.length === 0) {
+            return Promise.reject('ERR_Destination_URL');
+        }
     }
     return Promise.resolve(parseResult);
 }

package/build/src/schema/saml-schema-assertion-2.0.xsd CHANGED Viewed

@@ -1,4 +1,3 @@
-<?xml version="1.0" encoding="US-ASCII"?>
 <schema
     targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
     xmlns="http://www.w3.org/2001/XMLSchema"
@@ -10,9 +9,9 @@
     blockDefault="substitution"
     version="2.0">
     <import namespace="http://www.w3.org/2000/09/xmldsig#"
-        schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+        schemaLocation="xmldsig-core-schema.xsd"/>
     <import namespace="http://www.w3.org/2001/04/xmlenc#"
-        schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
+        schemaLocation="xenc-schema.xsd"/>
     <annotation>
         <documentation>
             Document identifier: saml-schema-assertion-2.0

package/build/src/schemaValidator.js CHANGED Viewed

@@ -1,13 +1,19 @@
 import { validateXML } from 'xmllint-wasm';
 import * as fs from 'node:fs';
 import * as path from 'node:path';
+import { fileURLToPath } from 'node:url';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
 const schemas = [
     'saml-schema-protocol-2.0.xsd',
     'datatypes.dtd',
     'saml-schema-assertion-2.0.xsd',
     'xmldsig-core-schema.xsd',
     'XMLSchema.dtd',
-    'xenc-schema.xsd'
+    'xenc-schema.xsd',
+    'saml-schema-metadata-2.0.xsd',
+    'saml-schema-ecp-2.0.xsd',
+    'saml-schema-dce-2.0.xsd'
 ];
 export const validate = async (xml) => {
     const schemaPath = path.resolve(__dirname, 'schema');

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "samlesa",
-  "version": "2.14.9",
+  "version": "2.15.1",
   "description": "High-level API for Single Sign On (SAML 2.0) baseed on samlify ",
   "main": "build/index.js",
   "keywords": [

package/types/src/flow.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../src/flow.ts"],"names":[],"mappings":"AAyBA,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,GAAC,IAAI,CAAE;CACvB;~~AAqdD~~,wBAAgB,IAAI,CAAC,OAAO,KAAA,GAAG,OAAO,CAAC,UAAU,CAAC,CAyBjD"}
1	+ {"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../src/flow.ts"],"names":[],"mappings":"AAyBA,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,GAAC,IAAI,CAAE;CACvB;AAwdD,wBAAgB,IAAI,CAAC,OAAO,KAAA,GAAG,OAAO,CAAC,UAAU,CAAC,CAyBjD"}

package/types/src/schemaValidator.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"schemaValidator.d.ts","sourceRoot":"","sources":["../../src/schemaValidator.ts"],"names":[],"mappings":"~~AAaA~~,eAAO,MAAM,QAAQ,GAAU,KAAK,MAAM,~~qBAmCzC~~,CAAC"}
1	+ {"version":3,"file":"schemaValidator.d.ts","sourceRoot":"","sources":["../../src/schemaValidator.ts"],"names":[],"mappings":"AAkBA,eAAO,MAAM,QAAQ,GAAU,KAAK,MAAM,qBAkCzC,CAAC"}

package/build/src/schema/saml-schema-authn-context-2.0.xsd DELETED Viewed

@@ -1,23 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema
-  targetNamespace="urn:oasis:names:tc:SAML:2.0:ac"
-  xmlns:xs="http://www.w3.org/2001/XMLSchema"
-  xmlns="urn:oasis:names:tc:SAML:2.0:ac"
-  blockDefault="substitution"
-  version="2.0">
-  <xs:annotation>
-    <xs:documentation>
-      Document identifier: saml-schema-authn-context-2.0
-      Location: http://docs.oasis-open.org/security/saml/v2.0/
-      Revision history:
-        V2.0 (March, 2005):
-          New core authentication context schema for SAML V2.0.
-          This is just an include of all types from the schema
-          referred to in the include statement below.
-    </xs:documentation>
-  </xs:annotation>
-  <xs:include schemaLocation="saml-schema-authn-context-types-2.0.xsd"/>
-</xs:schema>

package/build/src/schema/saml-schema-authn-context-auth-telephony-2.0.xsd DELETED Viewed

@@ -1,81 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony"
-  xmlns:xs="http://www.w3.org/2001/XMLSchema"
-  xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony"
-  finalDefault="extension"
-  blockDefault="substitution"
-  version="2.0">
-  <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
-    <xs:annotation>
-      <xs:documentation>
-        Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony
-        Document identifier: saml-schema-authn-context-auth-telephony-2.0
-        Location: http://docs.oasis-open.org/security/saml/v2.0/
-        Revision history:
-          V2.0 (March, 2005):
-            New authentication context class schema for SAML V2.0.
-      </xs:documentation>
-    </xs:annotation>
-    <xs:complexType name="AuthnContextDeclarationBaseType">
-      <xs:complexContent>
-        <xs:restriction base="AuthnContextDeclarationBaseType">
-          <xs:sequence>
-            <xs:element ref="Identification" minOccurs="0"/>
-            <xs:element ref="TechnicalProtection" minOccurs="0"/>
-            <xs:element ref="OperationalProtection" minOccurs="0"/>
-            <xs:element ref="AuthnMethod"/>
-            <xs:element ref="GoverningAgreements" minOccurs="0"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-          <xs:attribute name="ID" type="xs:ID" use="optional"/>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="AuthnMethodBaseType">
-      <xs:complexContent>
-        <xs:restriction base="AuthnMethodBaseType">
-          <xs:sequence>
-            <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
-            <xs:element ref="Authenticator"/>
-            <xs:element ref="AuthenticatorTransportProtocol"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="AuthenticatorBaseType">
-      <xs:complexContent>
-        <xs:restriction base="AuthenticatorBaseType">
-          <xs:sequence>
-            <xs:element ref="Password"/>
-            <xs:element ref="SubscriberLineNumber"/>
-            <xs:element ref="UserSuffix"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="AuthenticatorTransportProtocolType">
-      <xs:complexContent>
-        <xs:restriction base="AuthenticatorTransportProtocolType">
-          <xs:sequence>
-            <xs:choice>
-              <xs:element ref="PSTN"/>
-              <xs:element ref="ISDN"/>
-              <xs:element ref="ADSL"/>
-            </xs:choice>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-  </xs:redefine>
-</xs:schema>

package/build/src/schema/saml-schema-authn-context-ip-2.0.xsd DELETED Viewed

@@ -1,65 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema
-  targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol"
-  xmlns:xs="http://www.w3.org/2001/XMLSchema"
-  xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol"
-  finalDefault="extension"
-  blockDefault="substitution"
-  version="2.0">
-  <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
-    <xs:annotation>
-      <xs:documentation>
-        Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol
-        Document identifier: saml-schema-authn-context-ip-2.0
-        Location: http://docs.oasis-open.org/security/saml/v2.0/
-        Revision history:
-          V2.0 (March, 2005):
-            New authentication context class schema for SAML V2.0.
-      </xs:documentation>
-    </xs:annotation>
-    <xs:complexType name="AuthnContextDeclarationBaseType">
-      <xs:complexContent>
-        <xs:restriction base="AuthnContextDeclarationBaseType">
-          <xs:sequence>
-            <xs:element ref="Identification" minOccurs="0"/>
-            <xs:element ref="TechnicalProtection" minOccurs="0"/>
-            <xs:element ref="OperationalProtection" minOccurs="0"/>
-            <xs:element ref="AuthnMethod"/>
-            <xs:element ref="GoverningAgreements" minOccurs="0"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-          <xs:attribute name="ID" type="xs:ID" use="optional"/>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="AuthnMethodBaseType">
-      <xs:complexContent>
-        <xs:restriction base="AuthnMethodBaseType">
-          <xs:sequence>
-            <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
-            <xs:element ref="Authenticator"/>
-            <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="AuthenticatorBaseType">
-      <xs:complexContent>
-        <xs:restriction base="AuthenticatorBaseType">
-          <xs:sequence>
-            <xs:element ref="IPAddress"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-  </xs:redefine>
-</xs:schema>

package/build/src/schema/saml-schema-authn-context-ippword-2.0.xsd DELETED Viewed

@@ -1,67 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword"
-  xmlns:ac="urn:oasis:names:tc:SAML:2.0:ac"
-  xmlns:xs="http://www.w3.org/2001/XMLSchema"
-  xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword"
-  finalDefault="extension"
-  blockDefault="substitution"
-  version="2.0">
-  <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
-    <xs:annotation>
-      <xs:documentation>
-        Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword
-        Document identifier: saml-schema-authn-context-ippword-2.0
-        Location: http://docs.oasis-open.org/security/saml/v2.0/
-        Revision history:
-          V2.0 (March, 2005):
-            New authentication context class schema for SAML V2.0.
-      </xs:documentation>
-    </xs:annotation>
-    <xs:complexType name="AuthnContextDeclarationBaseType">
-      <xs:complexContent>
-        <xs:restriction base="AuthnContextDeclarationBaseType">
-          <xs:sequence>
-            <xs:element ref="Identification" minOccurs="0"/>
-            <xs:element ref="TechnicalProtection" minOccurs="0"/>
-            <xs:element ref="OperationalProtection" minOccurs="0"/>
-            <xs:element ref="AuthnMethod"/>
-            <xs:element ref="GoverningAgreements" minOccurs="0"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-          <xs:attribute name="ID" type="xs:ID" use="optional"/>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="AuthnMethodBaseType">
-      <xs:complexContent>
-        <xs:restriction base="AuthnMethodBaseType">
-          <xs:sequence>
-            <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
-            <xs:element ref="Authenticator"/>
-            <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="AuthenticatorBaseType">
-      <xs:complexContent>
-        <xs:restriction base="AuthenticatorBaseType">
-          <xs:sequence>
-            <xs:element ref="Password"/>
-            <xs:element ref="IPAddress"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-  </xs:redefine>
-</xs:schema>

package/build/src/schema/saml-schema-authn-context-kerberos-2.0.xsd DELETED Viewed

@@ -1,83 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"
-  xmlns:xs="http://www.w3.org/2001/XMLSchema"
-  xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"
-  finalDefault="extension"
-  blockDefault="substitution"
-  version="2.0">
-  <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
-    <xs:annotation>
-      <xs:documentation>
-        Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos
-        Document identifier: saml-schema-authn-context-kerberos-2.0
-        Location: http://docs.oasis-open.org/security/saml/v2.0/
-        Revision history:
-          V2.0 (March, 2005):
-            New authentication context class schema for SAML V2.0.
-      </xs:documentation>
-    </xs:annotation>
-    <xs:complexType name="AuthnContextDeclarationBaseType">
-      <xs:complexContent>
-        <xs:restriction base="AuthnContextDeclarationBaseType">
-          <xs:sequence>
-            <xs:element ref="Identification" minOccurs="0"/>
-            <xs:element ref="TechnicalProtection" minOccurs="0"/>
-            <xs:element ref="OperationalProtection" minOccurs="0"/>
-            <xs:element ref="AuthnMethod"/>
-            <xs:element ref="GoverningAgreements" minOccurs="0"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-          <xs:attribute name="ID" type="xs:ID" use="optional"/>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="AuthnMethodBaseType">
-      <xs:complexContent>
-        <xs:restriction base="AuthnMethodBaseType">
-          <xs:sequence>
-            <xs:element ref="PrincipalAuthenticationMechanism"/>
-            <xs:element ref="Authenticator"/>
-            <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="PrincipalAuthenticationMechanismType">
-      <xs:complexContent>
-        <xs:restriction base="PrincipalAuthenticationMechanismType">
-          <xs:sequence>
-            <xs:element ref="RestrictedPassword"/>
-          </xs:sequence>
-          <xs:attribute name="preauth" type="xs:integer" use="optional"/>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="AuthenticatorBaseType">
-      <xs:complexContent>
-        <xs:restriction base="AuthenticatorBaseType">
-          <xs:sequence>
-            <xs:element ref="SharedSecretChallengeResponse"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="SharedSecretChallengeResponseType">
-      <xs:complexContent>
-        <xs:restriction base="SharedSecretChallengeResponseType">
-          <xs:attribute name="method" type="xs:anyURI" fixed="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"/>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-  </xs:redefine>
-</xs:schema>

package/build/src/schema/saml-schema-authn-context-mobileonefactor-reg-2.0.xsd DELETED Viewed

@@ -1,186 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema targetNamespace="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract"
-  xmlns:xs="http://www.w3.org/2001/XMLSchema"
-  xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract"
-  finalDefault="extension"
-  blockDefault="substitution"
-  version="2.0">
-  <xs:redefine schemaLocation="saml-schema-authn-context-types-2.0.xsd">
-    <xs:annotation>
-      <xs:documentation>
-        Class identifier: urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract
-        Document identifier: saml-schema-authn-context-mobileonefactor-reg-2.0
-        Location: http://docs.oasis-open.org/security/saml/v2.0/
-        Revision history:
-          V2.0 (March, 2005):
-            New authentication context class schema for SAML V2.0.
-      </xs:documentation>
-    </xs:annotation>
-    <xs:complexType name="AuthnContextDeclarationBaseType">
-      <xs:complexContent>
-        <xs:restriction base="AuthnContextDeclarationBaseType">
-          <xs:sequence>
-            <xs:element ref="Identification" minOccurs="0"/>
-            <xs:element ref="TechnicalProtection" minOccurs="0"/>
-            <xs:element ref="OperationalProtection" minOccurs="0"/>
-            <xs:element ref="AuthnMethod"/>
-            <xs:element ref="GoverningAgreements" minOccurs="0"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-          <xs:attribute name="ID" type="xs:ID" use="optional"/>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="AuthnMethodBaseType">
-      <xs:complexContent>
-        <xs:restriction base="AuthnMethodBaseType">
-          <xs:sequence>
-            <xs:element ref="PrincipalAuthenticationMechanism" minOccurs="0"/>
-            <xs:element ref="Authenticator"/>
-            <xs:element ref="AuthenticatorTransportProtocol" minOccurs="0"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="AuthenticatorBaseType">
-      <xs:complexContent>
-        <xs:restriction base="AuthenticatorBaseType">
-          <xs:sequence>
-            <xs:choice>
-              <xs:element ref="DigSig"/>
-              <xs:element ref="ZeroKnowledge"/>
-              <xs:element ref="SharedSecretChallengeResponse"/>
-              <xs:element ref="SharedSecretDynamicPlaintext"/>
-              <xs:element ref="AsymmetricDecryption"/>
-              <xs:element ref="AsymmetricKeyAgreement"/>
-            </xs:choice>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="AuthenticatorTransportProtocolType">
-      <xs:complexContent>
-        <xs:restriction base="AuthenticatorTransportProtocolType">
-          <xs:sequence>
-            <xs:choice>
-              <xs:element ref="SSL"/>
-              <xs:element ref="MobileNetworkNoEncryption"/>
-              <xs:element ref="MobileNetworkRadioEncryption"/>
-              <xs:element ref="MobileNetworkEndToEndEncryption"/>
-              <xs:element ref="WTLS"/>
-            </xs:choice>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="OperationalProtectionType">
-      <xs:complexContent>
-        <xs:restriction base="OperationalProtectionType">
-          <xs:sequence>
-            <xs:element ref="SecurityAudit"/>
-            <xs:element ref="DeactivationCallCenter"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="TechnicalProtectionBaseType">
-      <xs:complexContent>
-        <xs:restriction base="TechnicalProtectionBaseType">
-          <xs:sequence>
-            <xs:choice>
-              <xs:element ref="PrivateKeyProtection"/>
-              <xs:element ref="SecretKeyProtection"/>
-            </xs:choice>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="PrivateKeyProtectionType">
-      <xs:complexContent>
-        <xs:restriction base="PrivateKeyProtectionType">
-          <xs:sequence>
-            <xs:element ref="KeyStorage"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="SecretKeyProtectionType">
-      <xs:complexContent>
-        <xs:restriction base="SecretKeyProtectionType">
-          <xs:sequence>
-            <xs:element ref="KeyStorage"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="KeyStorageType">
-      <xs:complexContent>
-        <xs:restriction base="KeyStorageType">
-          <xs:attribute name="medium" use="required">
-            <xs:simpleType>
-              <xs:restriction base="mediumType">
-                <xs:enumeration value="smartcard"/>
-                <xs:enumeration value="MobileDevice"/>
-                <xs:enumeration value="MobileAuthCard"/>
-              </xs:restriction>
-            </xs:simpleType>
-          </xs:attribute>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="SecurityAuditType">
-      <xs:complexContent>
-        <xs:restriction base="SecurityAuditType">
-          <xs:sequence>
-            <xs:element ref="SwitchAudit"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-    <xs:complexType name="IdentificationType">
-      <xs:complexContent>
-        <xs:restriction base="IdentificationType">
-          <xs:sequence>
-            <xs:element ref="PhysicalVerification"/>
-            <xs:element ref="WrittenConsent"/>
-            <xs:element ref="GoverningAgreements"/>
-            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>
-          </xs:sequence>
-          <xs:attribute name="nym">
-            <xs:simpleType>
-              <xs:restriction base="nymType">
-                <xs:enumeration value="anonymity"/>
-                <xs:enumeration value="verinymity"/>
-                <xs:enumeration value="pseudonymity"/>
-              </xs:restriction>
-            </xs:simpleType>
-          </xs:attribute>
-        </xs:restriction>
-      </xs:complexContent>
-    </xs:complexType>
-  </xs:redefine>
-</xs:schema>