← Back to branch summary

~roadmr/canonical-identity-provider/u2f-db-fields

« back to all changes in this revision

Viewing changes to saml-schema-xsd/saml-schema-protocol-2.0.xsd

  • Committer: Daniel Manrique
  • Date: 2017-11-06 18:02:22 UTC
  • mto: This revision was merged to the branch mainline in revision 1585.
  • Revision ID: roadmr@ubuntu.com-20171106180222-2ztzun9fm04gf4cm
Validate produced SAML responses against the SAML XSD.

With this commit, the tests actually fail because we *are* producing invalid
SAML.

This will be fixed in a subsequent commit (though the fix may involve a
newer version of django-saml2-idp)

Show diffs side-by-side

added added

removed removed

Lines of Context:
saml-schema-xsd/saml-schema-protocol-2.0.xsd
 
1
<?xml version="1.0" encoding="UTF-8"?>
 
2
<schema
 
3
    targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
 
4
    xmlns="http://www.w3.org/2001/XMLSchema"
 
5
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
 
6
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
 
7
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
 
8
    elementFormDefault="unqualified"
 
9
    attributeFormDefault="unqualified"
 
10
    blockDefault="substitution"
 
11
    version="2.0">
 
12
    <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
 
13
        schemaLocation="saml-schema-assertion-2.0.xsd"/>
 
14
    <import namespace="http://www.w3.org/2000/09/xmldsig#"
 
15
        schemaLocation="xmldsig-core-schema.xsd"/>
 
16
    <annotation>
 
17
        <documentation>
 
18
            Document identifier: saml-schema-protocol-2.0
 
19
            Location: http://docs.oasis-open.org/security/saml/v2.0/
 
20
            Revision history:
 
21
            V1.0 (November, 2002):
 
22
              Initial Standard Schema.
 
23
            V1.1 (September, 2003):
 
24
              Updates within the same V1.0 namespace.
 
25
            V2.0 (March, 2005):
 
26
              New protocol schema based in a SAML V2.0 namespace.
 
27
     </documentation>
 
28
    </annotation>
 
29
    <complexType name="RequestAbstractType" abstract="true">
 
30
        <sequence>
 
31
            <element ref="saml:Issuer" minOccurs="0"/>
 
32
            <element ref="ds:Signature" minOccurs="0"/>
 
33
            <element ref="samlp:Extensions" minOccurs="0"/>
 
34
        </sequence>
 
35
        <attribute name="ID" type="ID" use="required"/>
 
36
        <attribute name="Version" type="string" use="required"/>
 
37
        <attribute name="IssueInstant" type="dateTime" use="required"/>
 
38
        <attribute name="Destination" type="anyURI" use="optional"/>
 
39
        <attribute name="Consent" type="anyURI" use="optional"/>
 
40
    </complexType>
 
41
    <element name="Extensions" type="samlp:ExtensionsType"/>
 
42
    <complexType name="ExtensionsType">
 
43
        <sequence>
 
44
            <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
 
45
        </sequence>
 
46
    </complexType>
 
47
    <complexType name="StatusResponseType">
 
48
        <sequence>
 
49
            <element ref="saml:Issuer" minOccurs="0"/>
 
50
            <element ref="ds:Signature" minOccurs="0"/>
 
51
            <element ref="samlp:Extensions" minOccurs="0"/>
 
52
            <element ref="samlp:Status"/>
 
53
        </sequence>
 
54
        <attribute name="ID" type="ID" use="required"/>
 
55
        <attribute name="InResponseTo" type="NCName" use="optional"/>
 
56
        <attribute name="Version" type="string" use="required"/>
 
57
        <attribute name="IssueInstant" type="dateTime" use="required"/>
 
58
        <attribute name="Destination" type="anyURI" use="optional"/>
 
59
        <attribute name="Consent" type="anyURI" use="optional"/>
 
60
    </complexType>
 
61
    <element name="Status" type="samlp:StatusType"/>
 
62
    <complexType name="StatusType">
 
63
        <sequence>
 
64
            <element ref="samlp:StatusCode"/>
 
65
            <element ref="samlp:StatusMessage" minOccurs="0"/>
 
66
            <element ref="samlp:StatusDetail" minOccurs="0"/>
 
67
        </sequence>
 
68
    </complexType>
 
69
    <element name="StatusCode" type="samlp:StatusCodeType"/>
 
70
    <complexType name="StatusCodeType">
 
71
        <sequence>
 
72
            <element ref="samlp:StatusCode" minOccurs="0"/>
 
73
        </sequence>
 
74
        <attribute name="Value" type="anyURI" use="required"/>
 
75
    </complexType>
 
76
    <element name="StatusMessage" type="string"/>
 
77
    <element name="StatusDetail" type="samlp:StatusDetailType"/>
 
78
    <complexType name="StatusDetailType">
 
79
        <sequence>
 
80
            <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 
81
        </sequence>
 
82
    </complexType>
 
83
    <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
 
84
    <complexType name="AssertionIDRequestType">
 
85
        <complexContent>
 
86
            <extension base="samlp:RequestAbstractType">
 
87
                <sequence>
 
88
                    <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
 
89
                </sequence>
 
90
            </extension>
 
91
        </complexContent>
 
92
    </complexType>
 
93
    <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
 
94
    <complexType name="SubjectQueryAbstractType" abstract="true">
 
95
        <complexContent>
 
96
            <extension base="samlp:RequestAbstractType">
 
97
                <sequence>
 
98
                    <element ref="saml:Subject"/>
 
99
                </sequence>
 
100
            </extension>
 
101
        </complexContent>
 
102
    </complexType>
 
103
    <element name="AuthnQuery" type="samlp:AuthnQueryType"/>
 
104
    <complexType name="AuthnQueryType">
 
105
        <complexContent>
 
106
            <extension base="samlp:SubjectQueryAbstractType">
 
107
                <sequence>
 
108
                    <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
 
109
                </sequence>
 
110
                <attribute name="SessionIndex" type="string" use="optional"/>
 
111
            </extension>
 
112
        </complexContent>
 
113
    </complexType>
 
114
    <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
 
115
    <complexType name="RequestedAuthnContextType">
 
116
        <choice>
 
117
            <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
 
118
            <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
 
119
        </choice>
 
120
        <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
 
121
    </complexType>
 
122
    <simpleType name="AuthnContextComparisonType">
 
123
        <restriction base="string">
 
124
            <enumeration value="exact"/>
 
125
            <enumeration value="minimum"/>
 
126
            <enumeration value="maximum"/>
 
127
            <enumeration value="better"/>
 
128
        </restriction>
 
129
    </simpleType>
 
130
    <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
 
131
    <complexType name="AttributeQueryType">
 
132
        <complexContent>
 
133
            <extension base="samlp:SubjectQueryAbstractType">
 
134
                <sequence>
 
135
                    <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
 
136
                </sequence>
 
137
            </extension>
 
138
        </complexContent>
 
139
    </complexType>
 
140
    <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
 
141
    <complexType name="AuthzDecisionQueryType">
 
142
        <complexContent>
 
143
            <extension base="samlp:SubjectQueryAbstractType">
 
144
                <sequence>
 
145
                    <element ref="saml:Action" maxOccurs="unbounded"/>
 
146
                    <element ref="saml:Evidence" minOccurs="0"/>
 
147
                </sequence>
 
148
                <attribute name="Resource" type="anyURI" use="required"/>
 
149
            </extension>
 
150
        </complexContent>
 
151
    </complexType>
 
152
    <element name="AuthnRequest" type="samlp:AuthnRequestType"/>
 
153
    <complexType name="AuthnRequestType">
 
154
        <complexContent>
 
155
            <extension base="samlp:RequestAbstractType">
 
156
                <sequence>
 
157
                    <element ref="saml:Subject" minOccurs="0"/>
 
158
                    <element ref="samlp:NameIDPolicy" minOccurs="0"/>
 
159
                    <element ref="saml:Conditions" minOccurs="0"/>
 
160
                    <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
 
161
                    <element ref="samlp:Scoping" minOccurs="0"/>
 
162
                </sequence>
 
163
                <attribute name="ForceAuthn" type="boolean" use="optional"/>
 
164
                <attribute name="IsPassive" type="boolean" use="optional"/>
 
165
                <attribute name="ProtocolBinding" type="anyURI" use="optional"/>
 
166
                <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
 
167
                <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
 
168
                <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
 
169
                <attribute name="ProviderName" type="string" use="optional"/>
 
170
            </extension>
 
171
        </complexContent>
 
172
    </complexType>
 
173
    <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
 
174
    <complexType name="NameIDPolicyType">
 
175
        <attribute name="Format" type="anyURI" use="optional"/>
 
176
        <attribute name="SPNameQualifier" type="string" use="optional"/>
 
177
        <attribute name="AllowCreate" type="boolean" use="optional"/>
 
178
    </complexType>
 
179
    <element name="Scoping" type="samlp:ScopingType"/>
 
180
    <complexType name="ScopingType">
 
181
        <sequence>
 
182
            <element ref="samlp:IDPList" minOccurs="0"/>
 
183
            <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
 
184
        </sequence>
 
185
        <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
 
186
    </complexType>
 
187
    <element name="RequesterID" type="anyURI"/>
 
188
    <element name="IDPList" type="samlp:IDPListType"/>
 
189
    <complexType name="IDPListType">
 
190
        <sequence>
 
191
            <element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
 
192
            <element ref="samlp:GetComplete" minOccurs="0"/>
 
193
        </sequence>
 
194
    </complexType>
 
195
    <element name="IDPEntry" type="samlp:IDPEntryType"/>
 
196
    <complexType name="IDPEntryType">
 
197
        <attribute name="ProviderID" type="anyURI" use="required"/>
 
198
        <attribute name="Name" type="string" use="optional"/>
 
199
        <attribute name="Loc" type="anyURI" use="optional"/>
 
200
    </complexType>
 
201
    <element name="GetComplete" type="anyURI"/>
 
202
    <element name="Response" type="samlp:ResponseType"/>
 
203
    <complexType name="ResponseType">
 
204
        <complexContent>
 
205
            <extension base="samlp:StatusResponseType">
 
206
                <choice minOccurs="0" maxOccurs="unbounded">
 
207
                    <element ref="saml:Assertion"/>
 
208
                    <element ref="saml:EncryptedAssertion"/>
 
209
                </choice>
 
210
            </extension>
 
211
        </complexContent>
 
212
    </complexType>
 
213
    <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
 
214
    <complexType name="ArtifactResolveType">
 
215
        <complexContent>
 
216
            <extension base="samlp:RequestAbstractType">
 
217
                <sequence>
 
218
                    <element ref="samlp:Artifact"/>
 
219
                </sequence>
 
220
            </extension>
 
221
        </complexContent>
 
222
    </complexType>
 
223
    <element name="Artifact" type="string"/>
 
224
    <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
 
225
    <complexType name="ArtifactResponseType">
 
226
        <complexContent>
 
227
            <extension base="samlp:StatusResponseType">
 
228
                <sequence>
 
229
                    <any namespace="##any" processContents="lax" minOccurs="0"/>
 
230
                </sequence>
 
231
            </extension>
 
232
        </complexContent>
 
233
    </complexType>
 
234
    <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
 
235
    <complexType name="ManageNameIDRequestType">
 
236
        <complexContent>
 
237
            <extension base="samlp:RequestAbstractType">
 
238
                <sequence>
 
239
                    <choice>
 
240
                        <element ref="saml:NameID"/>
 
241
                        <element ref="saml:EncryptedID"/>
 
242
                    </choice>
 
243
                    <choice>
 
244
                        <element ref="samlp:NewID"/>
 
245
                        <element ref="samlp:NewEncryptedID"/>
 
246
                        <element ref="samlp:Terminate"/>
 
247
                    </choice>
 
248
                </sequence>
 
249
            </extension>
 
250
        </complexContent>
 
251
    </complexType>
 
252
    <element name="NewID" type="string"/>
 
253
    <element name="NewEncryptedID" type="saml:EncryptedElementType"/>
 
254
    <element name="Terminate" type="samlp:TerminateType"/>
 
255
    <complexType name="TerminateType"/>
 
256
    <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
 
257
    <element name="LogoutRequest" type="samlp:LogoutRequestType"/>
 
258
    <complexType name="LogoutRequestType">
 
259
        <complexContent>
 
260
            <extension base="samlp:RequestAbstractType">
 
261
                <sequence>
 
262
                    <choice>
 
263
                        <element ref="saml:BaseID"/>
 
264
                        <element ref="saml:NameID"/>
 
265
                        <element ref="saml:EncryptedID"/>
 
266
                    </choice>
 
267
                    <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
 
268
                </sequence>
 
269
                <attribute name="Reason" type="string" use="optional"/>
 
270
                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
 
271
            </extension>
 
272
        </complexContent>
 
273
    </complexType>
 
274
    <element name="SessionIndex" type="string"/>
 
275
    <element name="LogoutResponse" type="samlp:StatusResponseType"/>
 
276
    <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
 
277
    <complexType name="NameIDMappingRequestType">
 
278
        <complexContent>
 
279
            <extension base="samlp:RequestAbstractType">
 
280
                <sequence>
 
281
                    <choice>
 
282
                        <element ref="saml:BaseID"/>
 
283
                        <element ref="saml:NameID"/>
 
284
                        <element ref="saml:EncryptedID"/>
 
285
                    </choice>
 
286
                    <element ref="samlp:NameIDPolicy"/>
 
287
                </sequence>
 
288
            </extension>
 
289
        </complexContent>
 
290
    </complexType>
 
291
    <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
 
292
    <complexType name="NameIDMappingResponseType">
 
293
        <complexContent>
 
294
            <extension base="samlp:StatusResponseType">
 
295
                <choice>
 
296
                    <element ref="saml:NameID"/>
 
297
                    <element ref="saml:EncryptedID"/>
 
298
                </choice>
 
299
            </extension>
 
300
        </complexContent>
 
301
    </complexType>
 
302
</schema>