main
1<?xml version="1.0" encoding="UTF-8"?>
2<schema
3 targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata"
4 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
5 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6 xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
7 xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
8 xmlns="http://www.w3.org/2001/XMLSchema"
9 elementFormDefault="unqualified"
10 attributeFormDefault="unqualified"
11 blockDefault="substitution"
12 version="2.0">
13 <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
14 <import namespace="http://www.w3.org/2001/04/xmlenc#" schemaLocation="xenc-schema.xsd"/>
15 <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" schemaLocation="saml-schema-assertion-2.0.xsd"/>
16 <import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
17 <import namespace="http://docs.oasis-open.org/wsfed/federation/200706" schemaLocation="ws-federation.xsd"/>
18 <import namespace="http://docs.oasis-open.org/wsfed/authorization/200706" schemaLocation="ws-authorization.xsd"/>
19 <annotation>
20 <documentation>
21 Document identifier: saml-schema-metadata-2.0
22 Location: http://docs.oasis-open.org/security/saml/v2.0/
23 Revision history:
24 V2.0 (March, 2005):
25 Schema for SAML metadata, first published in SAML 2.0.
26 </documentation>
27 </annotation>
28
29 <simpleType name="entityIDType">
30 <restriction base="anyURI">
31 <maxLength value="1024"/>
32 </restriction>
33 </simpleType>
34 <complexType name="localizedNameType">
35 <simpleContent>
36 <extension base="string">
37 <attribute ref="xml:lang" use="required"/>
38 </extension>
39 </simpleContent>
40 </complexType>
41 <complexType name="localizedURIType">
42 <simpleContent>
43 <extension base="anyURI">
44 <attribute ref="xml:lang" use="required"/>
45 </extension>
46 </simpleContent>
47 </complexType>
48
49 <element name="Extensions" type="md:ExtensionsType"/>
50 <complexType final="#all" name="ExtensionsType">
51 <sequence>
52 <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
53 </sequence>
54 </complexType>
55
56 <complexType name="EndpointType">
57 <sequence>
58 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
59 </sequence>
60 <attribute name="Binding" type="anyURI" use="required"/>
61 <attribute name="Location" type="anyURI" use="required"/>
62 <attribute name="ResponseLocation" type="anyURI" use="optional"/>
63 <anyAttribute namespace="##other" processContents="lax"/>
64 </complexType>
65
66 <complexType name="IndexedEndpointType">
67 <complexContent>
68 <extension base="md:EndpointType">
69 <attribute name="index" type="unsignedShort" use="required"/>
70 <attribute name="isDefault" type="boolean" use="optional"/>
71 </extension>
72 </complexContent>
73 </complexType>
74
75 <element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/>
76 <complexType name="EntitiesDescriptorType">
77 <sequence>
78 <element ref="ds:Signature" minOccurs="0"/>
79 <element ref="md:Extensions" minOccurs="0"/>
80 <choice minOccurs="1" maxOccurs="unbounded">
81 <element ref="md:EntityDescriptor"/>
82 <element ref="md:EntitiesDescriptor"/>
83 </choice>
84 </sequence>
85 <attribute name="validUntil" type="dateTime" use="optional"/>
86 <attribute name="cacheDuration" type="duration" use="optional"/>
87 <attribute name="ID" type="ID" use="optional"/>
88 <attribute name="Name" type="string" use="optional"/>
89 </complexType>
90
91 <element name="EntityDescriptor" type="md:EntityDescriptorType"/>
92 <complexType name="EntityDescriptorType">
93 <sequence>
94 <element ref="ds:Signature" minOccurs="0"/>
95 <element ref="md:Extensions" minOccurs="0"/>
96 <choice>
97 <choice maxOccurs="unbounded">
98 <element ref="md:RoleDescriptor"/>
99 <element ref="md:IDPSSODescriptor"/>
100 <element ref="md:SPSSODescriptor"/>
101 <element ref="md:AuthnAuthorityDescriptor"/>
102 <element ref="md:AttributeAuthorityDescriptor"/>
103 <element ref="md:PDPDescriptor"/>
104 </choice>
105 <element ref="md:AffiliationDescriptor"/>
106 </choice>
107 <element ref="md:Organization" minOccurs="0"/>
108 <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
109 <element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/>
110 </sequence>
111 <attribute name="entityID" type="md:entityIDType" use="required"/>
112 <attribute name="validUntil" type="dateTime" use="optional"/>
113 <attribute name="cacheDuration" type="duration" use="optional"/>
114 <attribute name="ID" type="ID" use="optional"/>
115 <anyAttribute namespace="##other" processContents="lax"/>
116 </complexType>
117
118 <element name="Organization" type="md:OrganizationType"/>
119 <complexType name="OrganizationType">
120 <sequence>
121 <element ref="md:Extensions" minOccurs="0"/>
122 <element ref="md:OrganizationName" maxOccurs="unbounded"/>
123 <element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/>
124 <element ref="md:OrganizationURL" maxOccurs="unbounded"/>
125 </sequence>
126 <anyAttribute namespace="##other" processContents="lax"/>
127 </complexType>
128 <element name="OrganizationName" type="md:localizedNameType"/>
129 <element name="OrganizationDisplayName" type="md:localizedNameType"/>
130 <element name="OrganizationURL" type="md:localizedURIType"/>
131 <element name="ContactPerson" type="md:ContactType"/>
132 <complexType name="ContactType">
133 <sequence>
134 <element ref="md:Extensions" minOccurs="0"/>
135 <element ref="md:Company" minOccurs="0"/>
136 <element ref="md:GivenName" minOccurs="0"/>
137 <element ref="md:SurName" minOccurs="0"/>
138 <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/>
139 <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/>
140 </sequence>
141 <attribute name="contactType" type="md:ContactTypeType" use="required"/>
142 <anyAttribute namespace="##other" processContents="lax"/>
143 </complexType>
144 <element name="Company" type="string"/>
145 <element name="GivenName" type="string"/>
146 <element name="SurName" type="string"/>
147 <element name="EmailAddress" type="anyURI"/>
148 <element name="TelephoneNumber" type="string"/>
149 <simpleType name="ContactTypeType">
150 <restriction base="string">
151 <enumeration value="technical"/>
152 <enumeration value="support"/>
153 <enumeration value="administrative"/>
154 <enumeration value="billing"/>
155 <enumeration value="other"/>
156 </restriction>
157 </simpleType>
158
159 <element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/>
160 <complexType name="AdditionalMetadataLocationType">
161 <simpleContent>
162 <extension base="anyURI">
163 <attribute name="namespace" type="anyURI" use="required"/>
164 </extension>
165 </simpleContent>
166 </complexType>
167
168 <element name="RoleDescriptor" type="md:RoleDescriptorType"/>
169 <complexType name="RoleDescriptorType" abstract="true">
170 <sequence>
171 <element ref="ds:Signature" minOccurs="0"/>
172 <element ref="md:Extensions" minOccurs="0"/>
173 <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
174 <element ref="md:Organization" minOccurs="0"/>
175 <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
176 </sequence>
177 <attribute name="ID" type="ID" use="optional"/>
178 <attribute name="validUntil" type="dateTime" use="optional"/>
179 <attribute name="cacheDuration" type="duration" use="optional"/>
180 <attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/>
181 <attribute name="errorURL" type="anyURI" use="optional"/>
182 <anyAttribute namespace="##other" processContents="lax"/>
183 </complexType>
184 <simpleType name="anyURIListType">
185 <list itemType="anyURI"/>
186 </simpleType>
187
188 <element name="KeyDescriptor" type="md:KeyDescriptorType"/>
189 <complexType name="KeyDescriptorType">
190 <sequence>
191 <element ref="ds:KeyInfo"/>
192 <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>
193 </sequence>
194 <attribute name="use" type="md:KeyTypes" use="optional"/>
195 </complexType>
196 <simpleType name="KeyTypes">
197 <restriction base="string">
198 <enumeration value="encryption"/>
199 <enumeration value="signing"/>
200 </restriction>
201 </simpleType>
202 <element name="EncryptionMethod" type="xenc:EncryptionMethodType"/>
203
204 <complexType name="SSODescriptorType" abstract="true">
205 <complexContent>
206 <extension base="md:RoleDescriptorType">
207 <sequence>
208 <element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/>
209 <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>
210 <element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/>
211 <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
212 </sequence>
213 </extension>
214 </complexContent>
215 </complexType>
216 <element name="ArtifactResolutionService" type="md:IndexedEndpointType"/>
217 <element name="SingleLogoutService" type="md:EndpointType"/>
218 <element name="ManageNameIDService" type="md:EndpointType"/>
219 <element name="NameIDFormat" type="anyURI"/>
220
221 <element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/>
222 <complexType name="IDPSSODescriptorType">
223 <complexContent>
224 <extension base="md:SSODescriptorType">
225 <sequence>
226 <element ref="md:SingleSignOnService" maxOccurs="unbounded"/>
227 <element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>
228 <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
229 <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
230 <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
231 </sequence>
232 <attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>
233 </extension>
234 </complexContent>
235 </complexType>
236 <element name="SingleSignOnService" type="md:EndpointType"/>
237 <element name="NameIDMappingService" type="md:EndpointType"/>
238 <element name="AssertionIDRequestService" type="md:EndpointType"/>
239 <element name="AttributeProfile" type="anyURI"/>
240
241 <element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>
242 <complexType name="SPSSODescriptorType">
243 <complexContent>
244 <extension base="md:SSODescriptorType">
245 <sequence>
246 <element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>
247 <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
248 </sequence>
249 <attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>
250 <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
251 </extension>
252 </complexContent>
253 </complexType>
254 <element name="AssertionConsumerService" type="md:IndexedEndpointType"/>
255 <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>
256 <complexType name="AttributeConsumingServiceType">
257 <sequence>
258 <element ref="md:ServiceName" maxOccurs="unbounded"/>
259 <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>
260 <element ref="md:RequestedAttribute" maxOccurs="unbounded"/>
261 </sequence>
262 <attribute name="index" type="unsignedShort" use="required"/>
263 <attribute name="isDefault" type="boolean" use="optional"/>
264 </complexType>
265 <element name="ServiceName" type="md:localizedNameType"/>
266 <element name="ServiceDescription" type="md:localizedNameType"/>
267 <element name="RequestedAttribute" type="md:RequestedAttributeType"/>
268 <complexType name="RequestedAttributeType">
269 <complexContent>
270 <extension base="saml:AttributeType">
271 <attribute name="isRequired" type="boolean" use="optional"/>
272 </extension>
273 </complexContent>
274 </complexType>
275
276 <element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>
277 <complexType name="AuthnAuthorityDescriptorType">
278 <complexContent>
279 <extension base="md:RoleDescriptorType">
280 <sequence>
281 <element ref="md:AuthnQueryService" maxOccurs="unbounded"/>
282 <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
283 <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
284 </sequence>
285 </extension>
286 </complexContent>
287 </complexType>
288 <element name="AuthnQueryService" type="md:EndpointType"/>
289
290 <element name="PDPDescriptor" type="md:PDPDescriptorType"/>
291 <complexType name="PDPDescriptorType">
292 <complexContent>
293 <extension base="md:RoleDescriptorType">
294 <sequence>
295 <element ref="md:AuthzService" maxOccurs="unbounded"/>
296 <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
297 <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
298 </sequence>
299 </extension>
300 </complexContent>
301 </complexType>
302 <element name="AuthzService" type="md:EndpointType"/>
303
304 <element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/>
305 <complexType name="AttributeAuthorityDescriptorType">
306 <complexContent>
307 <extension base="md:RoleDescriptorType">
308 <sequence>
309 <element ref="md:AttributeService" maxOccurs="unbounded"/>
310 <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
311 <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
312 <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
313 <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
314 </sequence>
315 </extension>
316 </complexContent>
317 </complexType>
318 <element name="AttributeService" type="md:EndpointType"/>
319
320 <element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>
321 <complexType name="AffiliationDescriptorType">
322 <sequence>
323 <element ref="ds:Signature" minOccurs="0"/>
324 <element ref="md:Extensions" minOccurs="0"/>
325 <element ref="md:AffiliateMember" maxOccurs="unbounded"/>
326 <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
327 </sequence>
328 <attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/>
329 <attribute name="validUntil" type="dateTime" use="optional"/>
330 <attribute name="cacheDuration" type="duration" use="optional"/>
331 <attribute name="ID" type="ID" use="optional"/>
332 <anyAttribute namespace="##other" processContents="lax"/>
333 </complexType>
334 <element name="AffiliateMember" type="md:entityIDType"/>
335</schema>