This file is indexed.

/usr/share/arc/schema/SAMLTokenSH.xsd is in libarccommon3v5 5.3.0~rc1-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<?xml version="1.0" encoding="UTF-8"?>
<xsd:schema
   xmlns:xt="http://www.nordugrid.org/schemas/samltokensh/2009/08"
   xmlns:xsd="http://www.w3.org/2001/XMLSchema"
   targetNamespace="http://www.nordugrid.org/schemas/samltokensh/2009/08"
   elementFormDefault="qualified"
   attributeFormDefault="unqualified">

  <!-- This schema defines elements which are accepted by SAMLToken
       SecHandler. See mcc.xsd for general information about SecHandler
       elements. SAMLTokenSH plugin is expected to be used to collect 
       Security Attributes for messages comming to service and to form 
       proper SAML Token SOAP Header for client's outgoing messages.
       When client needs to contact some 3rd-party authority to get back
       a SAML assertion (compliant to the hold-of-key subject confirmation 
       method), by authenticating through TLS; and then uses this SAML 
       assertion to protect the SOAP message that will be sent to the 
       service side -->

  <xsd:element name="Process" type="xt:ProcessType"/>
  <xsd:simpleType name="ProcessType">
    <xsd:annotation>
        <xsd:documentation xml:lang="en">
          This element defines either SAML Token is extracted
          from SOAP header or generated using other configuration elements.
          Type of the processing of SAML Token to
          SOAP message: extract or generate.
          It is needed for both client and service side.
          Default is none.
        </xsd:documentation>
    </xsd:annotation>
    <xsd:restriction base="xsd:string">
      <xsd:enumeration value="extract"/>
      <xsd:enumeration value="generate"/>
    </xsd:restriction>
  </xsd:simpleType>

  <xsd:element name="KeyPath" type="xsd:string">
    <xsd:annotation>
        <xsd:documentation xml:lang="en">
          The location of private key which is used to sign the
          SOAP message, only needed by the client side.
          Default is none.
        </xsd:documentation>
    </xsd:annotation>
  </xsd:element>

  <xsd:element name="CertificatePath" type="xsd:string">
    <xsd:annotation>
        <xsd:documentation xml:lang="en">
          The location of certificate, the public key parsed from 
          certificate is used to be as one part of SAML Token:
          <Assertion><Subject><SubjectConfirmation><SubjectConfirmationData><KeyInfo><KeyValue>
            public key
          </KeyValue></KeyInfo></SubjectConfirmationData></SubjectConfirmation></Subject></Assertion>
          Only needed by the client side.
          Default is none.
        </xsd:documentation>
    </xsd:annotation>
  </xsd:element>

  <xsd:element name="CACertificatePath" type="xsd:string">
    <xsd:annotation>
        <xsd:documentation xml:lang="en">
          The location of the file of trusted CA certificate, the
          certificate is used for verifying the signature to SOAP message.
          Needed by client and service side.
          Default is none.
        </xsd:documentation>
    </xsd:annotation>
  </xsd:element>

  <xsd:element name="CACertificatesDir" type="xsd:string" default="/etc/grid-security/certificates">
    <xsd:annotation>
        <xsd:documentation xml:lang="en">
          The location of the directory that contains trusted CA certificates,
          the certificates are used for verifying the signature to SOAP message.
          Needed by client and service side.
          Default is "/etc/grid-security/certificates".
        </xsd:documentation>
    </xsd:annotation>
  </xsd:element>

  <xsd:element name="AAService" type="xsd:string">
    <xsd:annotation>
        <xsd:documentation xml:lang="en">
          Endpoint of the attribute authority service.
          AA (attribute authority) service is an external third-party service
          that is used for authenticate the requestor(client) and signing 
          SAML Token with requestor's attributes embedded.
          Needed by client side.
          Default is none.
        </xsd:documentation>
    </xsd:annotation>
  </xsd:element>

</xsd:schema>