1
<?xml version="1.0" encoding="UTF-8"?>
3
targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
4
xmlns="http://www.w3.org/2001/XMLSchema"
5
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
6
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
7
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
8
elementFormDefault="unqualified"
9
attributeFormDefault="unqualified"
10
blockDefault="substitution"
12
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
13
schemaLocation="saml-schema-assertion-2.0.xsd"/>
14
<import namespace="http://www.w3.org/2000/09/xmldsig#"
15
schemaLocation="xmldsig-core-schema.xsd"/>
18
Document identifier: saml-schema-protocol-2.0
19
Location: http://docs.oasis-open.org/security/saml/v2.0/
21
V1.0 (November, 2002):
22
Initial Standard Schema.
23
V1.1 (September, 2003):
24
Updates within the same V1.0 namespace.
26
New protocol schema based in a SAML V2.0 namespace.
29
<complexType name="RequestAbstractType" abstract="true">
31
<element ref="saml:Issuer" minOccurs="0"/>
32
<element ref="ds:Signature" minOccurs="0"/>
33
<element ref="samlp:Extensions" minOccurs="0"/>
35
<attribute name="ID" type="ID" use="required"/>
36
<attribute name="Version" type="string" use="required"/>
37
<attribute name="IssueInstant" type="dateTime" use="required"/>
38
<attribute name="Destination" type="anyURI" use="optional"/>
39
<attribute name="Consent" type="anyURI" use="optional"/>
41
<element name="Extensions" type="samlp:ExtensionsType"/>
42
<complexType name="ExtensionsType">
44
<any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
47
<complexType name="StatusResponseType">
49
<element ref="saml:Issuer" minOccurs="0"/>
50
<element ref="ds:Signature" minOccurs="0"/>
51
<element ref="samlp:Extensions" minOccurs="0"/>
52
<element ref="samlp:Status"/>
54
<attribute name="ID" type="ID" use="required"/>
55
<attribute name="InResponseTo" type="NCName" use="optional"/>
56
<attribute name="Version" type="string" use="required"/>
57
<attribute name="IssueInstant" type="dateTime" use="required"/>
58
<attribute name="Destination" type="anyURI" use="optional"/>
59
<attribute name="Consent" type="anyURI" use="optional"/>
61
<element name="Status" type="samlp:StatusType"/>
62
<complexType name="StatusType">
64
<element ref="samlp:StatusCode"/>
65
<element ref="samlp:StatusMessage" minOccurs="0"/>
66
<element ref="samlp:StatusDetail" minOccurs="0"/>
69
<element name="StatusCode" type="samlp:StatusCodeType"/>
70
<complexType name="StatusCodeType">
72
<element ref="samlp:StatusCode" minOccurs="0"/>
74
<attribute name="Value" type="anyURI" use="required"/>
76
<element name="StatusMessage" type="string"/>
77
<element name="StatusDetail" type="samlp:StatusDetailType"/>
78
<complexType name="StatusDetailType">
80
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
83
<element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
84
<complexType name="AssertionIDRequestType">
86
<extension base="samlp:RequestAbstractType">
88
<element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
93
<element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
94
<complexType name="SubjectQueryAbstractType" abstract="true">
96
<extension base="samlp:RequestAbstractType">
98
<element ref="saml:Subject"/>
103
<element name="AuthnQuery" type="samlp:AuthnQueryType"/>
104
<complexType name="AuthnQueryType">
106
<extension base="samlp:SubjectQueryAbstractType">
108
<element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
110
<attribute name="SessionIndex" type="string" use="optional"/>
114
<element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
115
<complexType name="RequestedAuthnContextType">
117
<element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
118
<element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
120
<attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
122
<simpleType name="AuthnContextComparisonType">
123
<restriction base="string">
124
<enumeration value="exact"/>
125
<enumeration value="minimum"/>
126
<enumeration value="maximum"/>
127
<enumeration value="better"/>
130
<element name="AttributeQuery" type="samlp:AttributeQueryType"/>
131
<complexType name="AttributeQueryType">
133
<extension base="samlp:SubjectQueryAbstractType">
135
<element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
140
<element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
141
<complexType name="AuthzDecisionQueryType">
143
<extension base="samlp:SubjectQueryAbstractType">
145
<element ref="saml:Action" maxOccurs="unbounded"/>
146
<element ref="saml:Evidence" minOccurs="0"/>
148
<attribute name="Resource" type="anyURI" use="required"/>
152
<element name="AuthnRequest" type="samlp:AuthnRequestType"/>
153
<complexType name="AuthnRequestType">
155
<extension base="samlp:RequestAbstractType">
157
<element ref="saml:Subject" minOccurs="0"/>
158
<element ref="samlp:NameIDPolicy" minOccurs="0"/>
159
<element ref="saml:Conditions" minOccurs="0"/>
160
<element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
161
<element ref="samlp:Scoping" minOccurs="0"/>
163
<attribute name="ForceAuthn" type="boolean" use="optional"/>
164
<attribute name="IsPassive" type="boolean" use="optional"/>
165
<attribute name="ProtocolBinding" type="anyURI" use="optional"/>
166
<attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
167
<attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
168
<attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
169
<attribute name="ProviderName" type="string" use="optional"/>
173
<element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
174
<complexType name="NameIDPolicyType">
175
<attribute name="Format" type="anyURI" use="optional"/>
176
<attribute name="SPNameQualifier" type="string" use="optional"/>
177
<attribute name="AllowCreate" type="boolean" use="optional"/>
179
<element name="Scoping" type="samlp:ScopingType"/>
180
<complexType name="ScopingType">
182
<element ref="samlp:IDPList" minOccurs="0"/>
183
<element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
185
<attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
187
<element name="RequesterID" type="anyURI"/>
188
<element name="IDPList" type="samlp:IDPListType"/>
189
<complexType name="IDPListType">
191
<element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
192
<element ref="samlp:GetComplete" minOccurs="0"/>
195
<element name="IDPEntry" type="samlp:IDPEntryType"/>
196
<complexType name="IDPEntryType">
197
<attribute name="ProviderID" type="anyURI" use="required"/>
198
<attribute name="Name" type="string" use="optional"/>
199
<attribute name="Loc" type="anyURI" use="optional"/>
201
<element name="GetComplete" type="anyURI"/>
202
<element name="Response" type="samlp:ResponseType"/>
203
<complexType name="ResponseType">
205
<extension base="samlp:StatusResponseType">
206
<choice minOccurs="0" maxOccurs="unbounded">
207
<element ref="saml:Assertion"/>
208
<element ref="saml:EncryptedAssertion"/>
213
<element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
214
<complexType name="ArtifactResolveType">
216
<extension base="samlp:RequestAbstractType">
218
<element ref="samlp:Artifact"/>
223
<element name="Artifact" type="string"/>
224
<element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
225
<complexType name="ArtifactResponseType">
227
<extension base="samlp:StatusResponseType">
229
<any namespace="##any" processContents="lax" minOccurs="0"/>
234
<element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
235
<complexType name="ManageNameIDRequestType">
237
<extension base="samlp:RequestAbstractType">
240
<element ref="saml:NameID"/>
241
<element ref="saml:EncryptedID"/>
244
<element ref="samlp:NewID"/>
245
<element ref="samlp:NewEncryptedID"/>
246
<element ref="samlp:Terminate"/>
252
<element name="NewID" type="string"/>
253
<element name="NewEncryptedID" type="saml:EncryptedElementType"/>
254
<element name="Terminate" type="samlp:TerminateType"/>
255
<complexType name="TerminateType"/>
256
<element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
257
<element name="LogoutRequest" type="samlp:LogoutRequestType"/>
258
<complexType name="LogoutRequestType">
260
<extension base="samlp:RequestAbstractType">
263
<element ref="saml:BaseID"/>
264
<element ref="saml:NameID"/>
265
<element ref="saml:EncryptedID"/>
267
<element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
269
<attribute name="Reason" type="string" use="optional"/>
270
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
274
<element name="SessionIndex" type="string"/>
275
<element name="LogoutResponse" type="samlp:StatusResponseType"/>
276
<element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
277
<complexType name="NameIDMappingRequestType">
279
<extension base="samlp:RequestAbstractType">
282
<element ref="saml:BaseID"/>
283
<element ref="saml:NameID"/>
284
<element ref="saml:EncryptedID"/>
286
<element ref="samlp:NameIDPolicy"/>
291
<element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
292
<complexType name="NameIDMappingResponseType">
294
<extension base="samlp:StatusResponseType">
296
<element ref="saml:NameID"/>
297
<element ref="saml:EncryptedID"/>