1<?xml version="1.0" encoding="UTF-8"?> 2<schema 3 targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol" 4 xmlns="http://www.w3.org/2001/XMLSchema" 5 xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 6 xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 7 xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 8 elementFormDefault="unqualified" 9 attributeFormDefault="unqualified" 10 blockDefault="substitution" 11 version="2.0"> 12 <import namespace="urn:oasis:names:tc:SAML:2.0:assertion" 13 schemaLocation="saml-schema-assertion-2.0.xsd"/> 14 <import namespace="http://www.w3.org/2000/09/xmldsig#" 15 schemaLocation="xmldsig-core-schema.xsd"/> 16 <annotation> 17 <documentation> 18 Document identifier: saml-schema-protocol-2.0 19 Location: http://docs.oasis-open.org/security/saml/v2.0/ 20 Revision history: 21 V1.0 (November, 2002): 22 Initial Standard Schema. 23 V1.1 (September, 2003): 24 Updates within the same V1.0 namespace. 25 V2.0 (March, 2005): 26 New protocol schema based in a SAML V2.0 namespace. 27 </documentation> 28 </annotation> 29 <complexType name="RequestAbstractType" abstract="true"> 30 <sequence> 31 <element ref="saml:Issuer" minOccurs="0"/> 32 <element ref="ds:Signature" minOccurs="0"/> 33 <element ref="samlp:Extensions" minOccurs="0"/> 34 </sequence> 35 <attribute name="ID" type="ID" use="required"/> 36 <attribute name="Version" type="string" use="required"/> 37 <attribute name="IssueInstant" type="dateTime" use="required"/> 38 <attribute name="Destination" type="anyURI" use="optional"/> 39 <attribute name="Consent" type="anyURI" use="optional"/> 40 </complexType> 41 <element name="Extensions" type="samlp:ExtensionsType"/> 42 <complexType name="ExtensionsType"> 43 <sequence> 44 <any namespace="##other" processContents="lax" maxOccurs="unbounded"/> 45 </sequence> 46 </complexType> 47 <complexType name="StatusResponseType"> 48 <sequence> 49 <element ref="saml:Issuer" minOccurs="0"/> 50 <element ref="ds:Signature" minOccurs="0"/> 51 <element ref="samlp:Extensions" minOccurs="0"/> 52 <element ref="samlp:Status"/> 53 </sequence> 54 <attribute name="ID" type="ID" use="required"/> 55 <attribute name="InResponseTo" type="NCName" use="optional"/> 56 <attribute name="Version" type="string" use="required"/> 57 <attribute name="IssueInstant" type="dateTime" use="required"/> 58 <attribute name="Destination" type="anyURI" use="optional"/> 59 <attribute name="Consent" type="anyURI" use="optional"/> 60 </complexType> 61 <element name="Status" type="samlp:StatusType"/> 62 <complexType name="StatusType"> 63 <sequence> 64 <element ref="samlp:StatusCode"/> 65 <element ref="samlp:StatusMessage" minOccurs="0"/> 66 <element ref="samlp:StatusDetail" minOccurs="0"/> 67 </sequence> 68 </complexType> 69 <element name="StatusCode" type="samlp:StatusCodeType"/> 70 <complexType name="StatusCodeType"> 71 <sequence> 72 <element ref="samlp:StatusCode" minOccurs="0"/> 73 </sequence> 74 <attribute name="Value" type="anyURI" use="required"/> 75 </complexType> 76 <element name="StatusMessage" type="string"/> 77 <element name="StatusDetail" type="samlp:StatusDetailType"/> 78 <complexType name="StatusDetailType"> 79 <sequence> 80 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> 81 </sequence> 82 </complexType> 83 <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/> 84 <complexType name="AssertionIDRequestType"> 85 <complexContent> 86 <extension base="samlp:RequestAbstractType"> 87 <sequence> 88 <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/> 89 </sequence> 90 </extension> 91 </complexContent> 92 </complexType> 93 <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/> 94 <complexType name="SubjectQueryAbstractType" abstract="true"> 95 <complexContent> 96 <extension base="samlp:RequestAbstractType"> 97 <sequence> 98 <element ref="saml:Subject"/> 99 </sequence> 100 </extension> 101 </complexContent> 102 </complexType> 103 <element name="AuthnQuery" type="samlp:AuthnQueryType"/> 104 <complexType name="AuthnQueryType"> 105 <complexContent> 106 <extension base="samlp:SubjectQueryAbstractType"> 107 <sequence> 108 <element ref="samlp:RequestedAuthnContext" minOccurs="0"/> 109 </sequence> 110 <attribute name="SessionIndex" type="string" use="optional"/> 111 </extension> 112 </complexContent> 113 </complexType> 114 <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/> 115 <complexType name="RequestedAuthnContextType"> 116 <choice> 117 <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/> 118 <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/> 119 </choice> 120 <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/> 121 </complexType> 122 <simpleType name="AuthnContextComparisonType"> 123 <restriction base="string"> 124 <enumeration value="exact"/> 125 <enumeration value="minimum"/> 126 <enumeration value="maximum"/> 127 <enumeration value="better"/> 128 </restriction> 129 </simpleType> 130 <element name="AttributeQuery" type="samlp:AttributeQueryType"/> 131 <complexType name="AttributeQueryType"> 132 <complexContent> 133 <extension base="samlp:SubjectQueryAbstractType"> 134 <sequence> 135 <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/> 136 </sequence> 137 </extension> 138 </complexContent> 139 </complexType> 140 <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/> 141 <complexType name="AuthzDecisionQueryType"> 142 <complexContent> 143 <extension base="samlp:SubjectQueryAbstractType"> 144 <sequence> 145 <element ref="saml:Action" maxOccurs="unbounded"/> 146 <element ref="saml:Evidence" minOccurs="0"/> 147 </sequence> 148 <attribute name="Resource" type="anyURI" use="required"/> 149 </extension> 150 </complexContent> 151 </complexType> 152 <element name="AuthnRequest" type="samlp:AuthnRequestType"/> 153 <complexType name="AuthnRequestType"> 154 <complexContent> 155 <extension base="samlp:RequestAbstractType"> 156 <sequence> 157 <element ref="saml:Subject" minOccurs="0"/> 158 <element ref="samlp:NameIDPolicy" minOccurs="0"/> 159 <element ref="saml:Conditions" minOccurs="0"/> 160 <element ref="samlp:RequestedAuthnContext" minOccurs="0"/> 161 <element ref="samlp:Scoping" minOccurs="0"/> 162 </sequence> 163 <attribute name="ForceAuthn" type="boolean" use="optional"/> 164 <attribute name="IsPassive" type="boolean" use="optional"/> 165 <attribute name="ProtocolBinding" type="anyURI" use="optional"/> 166 <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/> 167 <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/> 168 <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/> 169 <attribute name="ProviderName" type="string" use="optional"/> 170 </extension> 171 </complexContent> 172 </complexType> 173 <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/> 174 <complexType name="NameIDPolicyType"> 175 <attribute name="Format" type="anyURI" use="optional"/> 176 <attribute name="SPNameQualifier" type="string" use="optional"/> 177 <attribute name="AllowCreate" type="boolean" use="optional"/> 178 </complexType> 179 <element name="Scoping" type="samlp:ScopingType"/> 180 <complexType name="ScopingType"> 181 <sequence> 182 <element ref="samlp:IDPList" minOccurs="0"/> 183 <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/> 184 </sequence> 185 <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/> 186 </complexType> 187 <element name="RequesterID" type="anyURI"/> 188 <element name="IDPList" type="samlp:IDPListType"/> 189 <complexType name="IDPListType"> 190 <sequence> 191 <element ref="samlp:IDPEntry" maxOccurs="unbounded"/> 192 <element ref="samlp:GetComplete" minOccurs="0"/> 193 </sequence> 194 </complexType> 195 <element name="IDPEntry" type="samlp:IDPEntryType"/> 196 <complexType name="IDPEntryType"> 197 <attribute name="ProviderID" type="anyURI" use="required"/> 198 <attribute name="Name" type="string" use="optional"/> 199 <attribute name="Loc" type="anyURI" use="optional"/> 200 </complexType> 201 <element name="GetComplete" type="anyURI"/> 202 <element name="Response" type="samlp:ResponseType"/> 203 <complexType name="ResponseType"> 204 <complexContent> 205 <extension base="samlp:StatusResponseType"> 206 <choice minOccurs="0" maxOccurs="unbounded"> 207 <element ref="saml:Assertion"/> 208 <element ref="saml:EncryptedAssertion"/> 209 </choice> 210 </extension> 211 </complexContent> 212 </complexType> 213 <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/> 214 <complexType name="ArtifactResolveType"> 215 <complexContent> 216 <extension base="samlp:RequestAbstractType"> 217 <sequence> 218 <element ref="samlp:Artifact"/> 219 </sequence> 220 </extension> 221 </complexContent> 222 </complexType> 223 <element name="Artifact" type="string"/> 224 <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/> 225 <complexType name="ArtifactResponseType"> 226 <complexContent> 227 <extension base="samlp:StatusResponseType"> 228 <sequence> 229 <any namespace="##any" processContents="lax" minOccurs="0"/> 230 </sequence> 231 </extension> 232 </complexContent> 233 </complexType> 234 <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/> 235 <complexType name="ManageNameIDRequestType"> 236 <complexContent> 237 <extension base="samlp:RequestAbstractType"> 238 <sequence> 239 <choice> 240 <element ref="saml:NameID"/> 241 <element ref="saml:EncryptedID"/> 242 </choice> 243 <choice> 244 <element ref="samlp:NewID"/> 245 <element ref="samlp:NewEncryptedID"/> 246 <element ref="samlp:Terminate"/> 247 </choice> 248 </sequence> 249 </extension> 250 </complexContent> 251 </complexType> 252 <element name="NewID" type="string"/> 253 <element name="NewEncryptedID" type="saml:EncryptedElementType"/> 254 <element name="Terminate" type="samlp:TerminateType"/> 255 <complexType name="TerminateType"/> 256 <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/> 257 <element name="LogoutRequest" type="samlp:LogoutRequestType"/> 258 <complexType name="LogoutRequestType"> 259 <complexContent> 260 <extension base="samlp:RequestAbstractType"> 261 <sequence> 262 <choice> 263 <element ref="saml:BaseID"/> 264 <element ref="saml:NameID"/> 265 <element ref="saml:EncryptedID"/> 266 </choice> 267 <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/> 268 </sequence> 269 <attribute name="Reason" type="string" use="optional"/> 270 <attribute name="NotOnOrAfter" type="dateTime" use="optional"/> 271 </extension> 272 </complexContent> 273 </complexType> 274 <element name="SessionIndex" type="string"/> 275 <element name="LogoutResponse" type="samlp:StatusResponseType"/> 276 <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/> 277 <complexType name="NameIDMappingRequestType"> 278 <complexContent> 279 <extension base="samlp:RequestAbstractType"> 280 <sequence> 281 <choice> 282 <element ref="saml:BaseID"/> 283 <element ref="saml:NameID"/> 284 <element ref="saml:EncryptedID"/> 285 </choice> 286 <element ref="samlp:NameIDPolicy"/> 287 </sequence> 288 </extension> 289 </complexContent> 290 </complexType> 291 <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/> 292 <complexType name="NameIDMappingResponseType"> 293 <complexContent> 294 <extension base="samlp:StatusResponseType"> 295 <choice> 296 <element ref="saml:NameID"/> 297 <element ref="saml:EncryptedID"/> 298 </choice> 299 </extension> 300 </complexContent> 301 </complexType> 302</schema> 303