/usr/share/xml/shibboleth/shibboleth-2.0-afp-mf-saml.xsd is in shibboleth-sp2-schemas 2.4.3+dfsg-2ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 | <?xml version="1.0" encoding="UTF-8"?>
<schema targetNamespace="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml" xmlns:afp="urn:mace:shibboleth:2.0:afp" version="2.0">
<import namespace="urn:mace:shibboleth:2.0:afp" schemaLocation="classpath:/schema/shibboleth-2.0-afp.xsd" />
<annotation>
<documentation>
A set of SAML specific match functions. These match functions only operate against a SAMLFilterContext.
</documentation>
</annotation>
<complexType name="AttributeRequesterInEntityGroup">
<annotation>
<documentation>
A match function that evaluates to true if the attribute requester is found in metadata and is a member
of the given entity group.
</documentation>
</annotation>
<complexContent>
<extension base="saml:EntityGroupMatchType" />
</complexContent>
</complexType>
<complexType name="AttributeIssuerInEntityGroup">
<annotation>
<documentation>
A match function that evaluates to true if the attribute issuer is found in metadata and is a member
of the given entity group.
</documentation>
</annotation>
<complexContent>
<extension base="saml:EntityGroupMatchType" />
</complexContent>
</complexType>
<complexType name="EntityGroupMatchType" abstract="true">
<complexContent>
<extension base="afp:MatchFunctorType">
<attribute name="groupID" type="string" use="required">
<annotation>
<documentation>The entity group ID that an entity must be in.</documentation>
</annotation>
</attribute>
</extension>
</complexContent>
</complexType>
<complexType name="AttributeScopeMatchesShibMDScope">
<annotation>
<documentation>
A match function that ensures that an attribute value's scope matches a scope given in metadata for the entity or role.
</documentation>
</annotation>
<complexContent>
<extension base="afp:MatchFunctorType" />
</complexContent>
</complexType>
<complexType name="NameIDQualifierString">
<annotation>
<documentation>
A match function that ensures that a NameID-valued attribute's qualifier(s), if set, match particular values.
</documentation>
</annotation>
<complexContent>
<extension base="afp:MatchFunctorType">
<attribute name="attributeID" type="string">
<annotation>
<documentation>
The ID of the attribute whose qualifiers should be matched. If no attribute ID is specified the
ID of the containing attribute rule is assumed.
</documentation>
</annotation>
</attribute>
<attribute name="NameQualifier" type="string">
<annotation>
<documentation>
A value to require in the NameQualifier field, or if omitted, require that it match the issuing IdP's entityID.
</documentation>
</annotation>
</attribute>
<attribute name="SPNameQualifier" type="string">
<annotation>
<documentation>
A value to require in the SPNameQualifier field, or if omitted, require that it match the SP's entityID.
</documentation>
</annotation>
</attribute>
</extension>
</complexContent>
</complexType>
</schema>
|