1<?xml version="1.0" encoding="UTF-8"?> 2<schema 3 targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata" 4 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" 5 xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 6 xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" 7 xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 8 xmlns="http://www.w3.org/2001/XMLSchema" 9 elementFormDefault="unqualified" 10 attributeFormDefault="unqualified" 11 blockDefault="substitution" 12 version="2.0"> 13 <import namespace="http://www.w3.org/2000/09/xmldsig#" 14 schemaLocation="xmldsig-core-schema.xsd"/> 15 <import namespace="http://www.w3.org/2001/04/xmlenc#" 16 schemaLocation="xenc-schema.xsd"/> 17 <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" 18 schemaLocation="saml-schema-assertion-2.0.xsd"/> 19 <import namespace="http://www.w3.org/XML/1998/namespace" 20 schemaLocation="xml.xsd"/> 21 <annotation> 22 <documentation> 23 Document identifier: saml-schema-metadata-2.0 24 Location: http://docs.oasis-open.org/security/saml/v2.0/ 25 Revision history: 26 V2.0 (March, 2005): 27 Schema for SAML metadata, first published in SAML 2.0. 28 </documentation> 29 </annotation> 30 31 <simpleType name="entityIDType"> 32 <restriction base="anyURI"> 33 <maxLength value="1024"/> 34 </restriction> 35 </simpleType> 36 <complexType name="localizedNameType"> 37 <simpleContent> 38 <extension base="string"> 39 <attribute ref="xml:lang" use="required"/> 40 </extension> 41 </simpleContent> 42 </complexType> 43 <complexType name="localizedURIType"> 44 <simpleContent> 45 <extension base="anyURI"> 46 <attribute ref="xml:lang" use="required"/> 47 </extension> 48 </simpleContent> 49 </complexType> 50 51 <element name="Extensions" type="md:ExtensionsType"/> 52 <complexType final="#all" name="ExtensionsType"> 53 <sequence> 54 <any namespace="##other" processContents="lax" maxOccurs="unbounded"/> 55 </sequence> 56 </complexType> 57 58 <complexType name="EndpointType"> 59 <sequence> 60 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> 61 </sequence> 62 <attribute name="Binding" type="anyURI" use="required"/> 63 <attribute name="Location" type="anyURI" use="required"/> 64 <attribute name="ResponseLocation" type="anyURI" use="optional"/> 65 <anyAttribute namespace="##other" processContents="lax"/> 66 </complexType> 67 68 <complexType name="IndexedEndpointType"> 69 <complexContent> 70 <extension base="md:EndpointType"> 71 <attribute name="index" type="unsignedShort" use="required"/> 72 <attribute name="isDefault" type="boolean" use="optional"/> 73 </extension> 74 </complexContent> 75 </complexType> 76 77 <element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/> 78 <complexType name="EntitiesDescriptorType"> 79 <sequence> 80 <element ref="ds:Signature" minOccurs="0"/> 81 <element ref="md:Extensions" minOccurs="0"/> 82 <choice minOccurs="1" maxOccurs="unbounded"> 83 <element ref="md:EntityDescriptor"/> 84 <element ref="md:EntitiesDescriptor"/> 85 </choice> 86 </sequence> 87 <attribute name="validUntil" type="dateTime" use="optional"/> 88 <attribute name="cacheDuration" type="duration" use="optional"/> 89 <attribute name="ID" type="ID" use="optional"/> 90 <attribute name="Name" type="string" use="optional"/> 91 </complexType> 92 93 <element name="EntityDescriptor" type="md:EntityDescriptorType"/> 94 <complexType name="EntityDescriptorType"> 95 <sequence> 96 <element ref="ds:Signature" minOccurs="0"/> 97 <element ref="md:Extensions" minOccurs="0"/> 98 <choice> 99 <choice maxOccurs="unbounded"> 100 <element ref="md:RoleDescriptor"/> 101 <element ref="md:IDPSSODescriptor"/> 102 <element ref="md:SPSSODescriptor"/> 103 <element ref="md:AuthnAuthorityDescriptor"/> 104 <element ref="md:AttributeAuthorityDescriptor"/> 105 <element ref="md:PDPDescriptor"/> 106 </choice> 107 <element ref="md:AffiliationDescriptor"/> 108 </choice> 109 <element ref="md:Organization" minOccurs="0"/> 110 <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/> 111 <element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/> 112 </sequence> 113 <attribute name="entityID" type="md:entityIDType" use="required"/> 114 <attribute name="validUntil" type="dateTime" use="optional"/> 115 <attribute name="cacheDuration" type="duration" use="optional"/> 116 <attribute name="ID" type="ID" use="optional"/> 117 <anyAttribute namespace="##other" processContents="lax"/> 118 </complexType> 119 120 <element name="Organization" type="md:OrganizationType"/> 121 <complexType name="OrganizationType"> 122 <sequence> 123 <element ref="md:Extensions" minOccurs="0"/> 124 <element ref="md:OrganizationName" maxOccurs="unbounded"/> 125 <element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/> 126 <element ref="md:OrganizationURL" maxOccurs="unbounded"/> 127 </sequence> 128 <anyAttribute namespace="##other" processContents="lax"/> 129 </complexType> 130 <element name="OrganizationName" type="md:localizedNameType"/> 131 <element name="OrganizationDisplayName" type="md:localizedNameType"/> 132 <element name="OrganizationURL" type="md:localizedURIType"/> 133 <element name="ContactPerson" type="md:ContactType"/> 134 <complexType name="ContactType"> 135 <sequence> 136 <element ref="md:Extensions" minOccurs="0"/> 137 <element ref="md:Company" minOccurs="0"/> 138 <element ref="md:GivenName" minOccurs="0"/> 139 <element ref="md:SurName" minOccurs="0"/> 140 <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/> 141 <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/> 142 </sequence> 143 <attribute name="contactType" type="md:ContactTypeType" use="required"/> 144 <anyAttribute namespace="##other" processContents="lax"/> 145 </complexType> 146 <element name="Company" type="string"/> 147 <element name="GivenName" type="string"/> 148 <element name="SurName" type="string"/> 149 <element name="EmailAddress" type="anyURI"/> 150 <element name="TelephoneNumber" type="string"/> 151 <simpleType name="ContactTypeType"> 152 <restriction base="string"> 153 <enumeration value="technical"/> 154 <enumeration value="support"/> 155 <enumeration value="administrative"/> 156 <enumeration value="billing"/> 157 <enumeration value="other"/> 158 </restriction> 159 </simpleType> 160 161 <element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/> 162 <complexType name="AdditionalMetadataLocationType"> 163 <simpleContent> 164 <extension base="anyURI"> 165 <attribute name="namespace" type="anyURI" use="required"/> 166 </extension> 167 </simpleContent> 168 </complexType> 169 170 <element name="RoleDescriptor" type="md:RoleDescriptorType"/> 171 <complexType name="RoleDescriptorType" abstract="true"> 172 <sequence> 173 <element ref="ds:Signature" minOccurs="0"/> 174 <element ref="md:Extensions" minOccurs="0"/> 175 <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/> 176 <element ref="md:Organization" minOccurs="0"/> 177 <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/> 178 </sequence> 179 <attribute name="ID" type="ID" use="optional"/> 180 <attribute name="validUntil" type="dateTime" use="optional"/> 181 <attribute name="cacheDuration" type="duration" use="optional"/> 182 <attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/> 183 <attribute name="errorURL" type="anyURI" use="optional"/> 184 <anyAttribute namespace="##other" processContents="lax"/> 185 </complexType> 186 <simpleType name="anyURIListType"> 187 <list itemType="anyURI"/> 188 </simpleType> 189 190 <element name="KeyDescriptor" type="md:KeyDescriptorType"/> 191 <complexType name="KeyDescriptorType"> 192 <sequence> 193 <element ref="ds:KeyInfo"/> 194 <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/> 195 </sequence> 196 <attribute name="use" type="md:KeyTypes" use="optional"/> 197 </complexType> 198 <simpleType name="KeyTypes"> 199 <restriction base="string"> 200 <enumeration value="encryption"/> 201 <enumeration value="signing"/> 202 </restriction> 203 </simpleType> 204 <element name="EncryptionMethod" type="xenc:EncryptionMethodType"/> 205 206 <complexType name="SSODescriptorType" abstract="true"> 207 <complexContent> 208 <extension base="md:RoleDescriptorType"> 209 <sequence> 210 <element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/> 211 <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/> 212 <element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/> 213 <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> 214 </sequence> 215 </extension> 216 </complexContent> 217 </complexType> 218 <element name="ArtifactResolutionService" type="md:IndexedEndpointType"/> 219 <element name="SingleLogoutService" type="md:EndpointType"/> 220 <element name="ManageNameIDService" type="md:EndpointType"/> 221 <element name="NameIDFormat" type="anyURI"/> 222 223 <element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/> 224 <complexType name="IDPSSODescriptorType"> 225 <complexContent> 226 <extension base="md:SSODescriptorType"> 227 <sequence> 228 <element ref="md:SingleSignOnService" maxOccurs="unbounded"/> 229 <element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/> 230 <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> 231 <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/> 232 <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/> 233 </sequence> 234 <attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/> 235 </extension> 236 </complexContent> 237 </complexType> 238 <element name="SingleSignOnService" type="md:EndpointType"/> 239 <element name="NameIDMappingService" type="md:EndpointType"/> 240 <element name="AssertionIDRequestService" type="md:EndpointType"/> 241 <element name="AttributeProfile" type="anyURI"/> 242 243 <element name="SPSSODescriptor" type="md:SPSSODescriptorType"/> 244 <complexType name="SPSSODescriptorType"> 245 <complexContent> 246 <extension base="md:SSODescriptorType"> 247 <sequence> 248 <element ref="md:AssertionConsumerService" maxOccurs="unbounded"/> 249 <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/> 250 </sequence> 251 <attribute name="AuthnRequestsSigned" type="boolean" use="optional"/> 252 <attribute name="WantAssertionsSigned" type="boolean" use="optional"/> 253 </extension> 254 </complexContent> 255 </complexType> 256 <element name="AssertionConsumerService" type="md:IndexedEndpointType"/> 257 <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/> 258 <complexType name="AttributeConsumingServiceType"> 259 <sequence> 260 <element ref="md:ServiceName" maxOccurs="unbounded"/> 261 <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/> 262 <element ref="md:RequestedAttribute" maxOccurs="unbounded"/> 263 </sequence> 264 <attribute name="index" type="unsignedShort" use="required"/> 265 <attribute name="isDefault" type="boolean" use="optional"/> 266 </complexType> 267 <element name="ServiceName" type="md:localizedNameType"/> 268 <element name="ServiceDescription" type="md:localizedNameType"/> 269 <element name="RequestedAttribute" type="md:RequestedAttributeType"/> 270 <complexType name="RequestedAttributeType"> 271 <complexContent> 272 <extension base="saml:AttributeType"> 273 <attribute name="isRequired" type="boolean" use="optional"/> 274 </extension> 275 </complexContent> 276 </complexType> 277 278 <element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/> 279 <complexType name="AuthnAuthorityDescriptorType"> 280 <complexContent> 281 <extension base="md:RoleDescriptorType"> 282 <sequence> 283 <element ref="md:AuthnQueryService" maxOccurs="unbounded"/> 284 <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> 285 <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> 286 </sequence> 287 </extension> 288 </complexContent> 289 </complexType> 290 <element name="AuthnQueryService" type="md:EndpointType"/> 291 292 <element name="PDPDescriptor" type="md:PDPDescriptorType"/> 293 <complexType name="PDPDescriptorType"> 294 <complexContent> 295 <extension base="md:RoleDescriptorType"> 296 <sequence> 297 <element ref="md:AuthzService" maxOccurs="unbounded"/> 298 <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> 299 <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> 300 </sequence> 301 </extension> 302 </complexContent> 303 </complexType> 304 <element name="AuthzService" type="md:EndpointType"/> 305 306 <element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/> 307 <complexType name="AttributeAuthorityDescriptorType"> 308 <complexContent> 309 <extension base="md:RoleDescriptorType"> 310 <sequence> 311 <element ref="md:AttributeService" maxOccurs="unbounded"/> 312 <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/> 313 <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/> 314 <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/> 315 <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/> 316 </sequence> 317 </extension> 318 </complexContent> 319 </complexType> 320 <element name="AttributeService" type="md:EndpointType"/> 321 322 <element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/> 323 <complexType name="AffiliationDescriptorType"> 324 <sequence> 325 <element ref="ds:Signature" minOccurs="0"/> 326 <element ref="md:Extensions" minOccurs="0"/> 327 <element ref="md:AffiliateMember" maxOccurs="unbounded"/> 328 </sequence> 329 <attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/> 330 <attribute name="validUntil" type="dateTime" use="optional"/> 331 <attribute name="cacheDuration" type="duration" use="optional"/> 332 <attribute name="ID" type="ID" use="optional"/> 333 <anyAttribute namespace="##other" processContents="lax"/> 334 </complexType> 335 <element name="AffiliateMember" type="md:entityIDType"/> 336</schema> 337