<schema

targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
    schemaLocation="saml-schema-assertion-2.0.xsd"/>
<import namespace="http://www.w3.org/2000/09/xmldsig#"
    schemaLocation="xmldsig-core-schema.xsd"/>
<annotation>
    <documentation>
        Document identifier: saml-schema-protocol-2.0
        Location: http://docs.oasis-open.org/security/saml/v2.0/
        Revision history:
        V1.0 (November, 2002):
          Initial Standard Schema.
        V1.1 (September, 2003):
          Updates within the same V1.0 namespace.
        V2.0 (March, 2005):
          New protocol schema based in a SAML V2.0 namespace.
 </documentation>
</annotation>
<complexType name="RequestAbstractType" abstract="true">
    <sequence>
        <element ref="saml:Issuer" minOccurs="0"/>
        <element ref="ds:Signature" minOccurs="0"/>
        <element ref="samlp:Extensions" minOccurs="0"/>
    </sequence>
    <attribute name="ID" type="ID" use="required"/>
    <attribute name="Version" type="string" use="required"/>
    <attribute name="IssueInstant" type="dateTime" use="required"/>
    <attribute name="Destination" type="anyURI" use="optional"/>
    <attribute name="Consent" type="anyURI" use="optional"/>
</complexType>
<element name="Extensions" type="samlp:ExtensionsType"/>
<complexType name="ExtensionsType">
    <sequence>
        <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
    </sequence>
</complexType>
<complexType name="StatusResponseType">
    <sequence>
        <element ref="saml:Issuer" minOccurs="0"/>
        <element ref="ds:Signature" minOccurs="0"/>
        <element ref="samlp:Extensions" minOccurs="0"/>
        <element ref="samlp:Status"/>
    </sequence>
    <attribute name="ID" type="ID" use="required"/>
    <attribute name="InResponseTo" type="NCName" use="optional"/>
    <attribute name="Version" type="string" use="required"/>
    <attribute name="IssueInstant" type="dateTime" use="required"/>
    <attribute name="Destination" type="anyURI" use="optional"/>
    <attribute name="Consent" type="anyURI" use="optional"/>
</complexType>
<element name="Status" type="samlp:StatusType"/>
<complexType name="StatusType">
    <sequence>
        <element ref="samlp:StatusCode"/>
        <element ref="samlp:StatusMessage" minOccurs="0"/>
        <element ref="samlp:StatusDetail" minOccurs="0"/>
    </sequence>
</complexType>
<element name="StatusCode" type="samlp:StatusCodeType"/>
<complexType name="StatusCodeType">
    <sequence>
        <element ref="samlp:StatusCode" minOccurs="0"/>
    </sequence>
    <attribute name="Value" type="anyURI" use="required"/>
</complexType>
<element name="StatusMessage" type="string"/>
<element name="StatusDetail" type="samlp:StatusDetailType"/>
<complexType name="StatusDetailType">
    <sequence>
        <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
    </sequence>
</complexType>
<element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
<complexType name="AssertionIDRequestType">
    <complexContent>
        <extension base="samlp:RequestAbstractType">
            <sequence>
                <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
            </sequence>
        </extension>
    </complexContent>
</complexType>
<element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
<complexType name="SubjectQueryAbstractType" abstract="true">
    <complexContent>
        <extension base="samlp:RequestAbstractType">
            <sequence>
                <element ref="saml:Subject"/>
            </sequence>
        </extension>
    </complexContent>
</complexType>
<element name="AuthnQuery" type="samlp:AuthnQueryType"/>
<complexType name="AuthnQueryType">
    <complexContent>
        <extension base="samlp:SubjectQueryAbstractType">
            <sequence>
                <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
            </sequence>
            <attribute name="SessionIndex" type="string" use="optional"/>
        </extension>
    </complexContent>
</complexType>
<element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
<complexType name="RequestedAuthnContextType">
    <choice>
        <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
        <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
    </choice>
    <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
</complexType>
<simpleType name="AuthnContextComparisonType">
    <restriction base="string">
        <enumeration value="exact"/>
        <enumeration value="minimum"/>
        <enumeration value="maximum"/>
        <enumeration value="better"/>
    </restriction>
</simpleType>
<element name="AttributeQuery" type="samlp:AttributeQueryType"/>
<complexType name="AttributeQueryType">
    <complexContent>
        <extension base="samlp:SubjectQueryAbstractType">
            <sequence>
                <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
            </sequence>
        </extension>
    </complexContent>
</complexType>
<element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
<complexType name="AuthzDecisionQueryType">
    <complexContent>
        <extension base="samlp:SubjectQueryAbstractType">
            <sequence>
                <element ref="saml:Action" maxOccurs="unbounded"/>
                <element ref="saml:Evidence" minOccurs="0"/>
            </sequence>
            <attribute name="Resource" type="anyURI" use="required"/>
        </extension>
    </complexContent>
</complexType>
<element name="AuthnRequest" type="samlp:AuthnRequestType"/>
<complexType name="AuthnRequestType">
    <complexContent>
        <extension base="samlp:RequestAbstractType">
            <sequence>
                <element ref="saml:Subject" minOccurs="0"/>
                <element ref="samlp:NameIDPolicy" minOccurs="0"/>
                <element ref="saml:Conditions" minOccurs="0"/>
                <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
                <element ref="samlp:Scoping" minOccurs="0"/>
            </sequence>
            <attribute name="ForceAuthn" type="boolean" use="optional"/>
            <attribute name="IsPassive" type="boolean" use="optional"/>
            <attribute name="ProtocolBinding" type="anyURI" use="optional"/>
            <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
            <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
            <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
            <attribute name="ProviderName" type="string" use="optional"/>
        </extension>
    </complexContent>
</complexType>
<element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
<complexType name="NameIDPolicyType">
    <attribute name="Format" type="anyURI" use="optional"/>
    <attribute name="SPNameQualifier" type="string" use="optional"/>
    <attribute name="AllowCreate" type="boolean" use="optional"/>
</complexType>
<element name="Scoping" type="samlp:ScopingType"/>
<complexType name="ScopingType">
    <sequence>
        <element ref="samlp:IDPList" minOccurs="0"/>
        <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
    </sequence>
    <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
</complexType>
<element name="RequesterID" type="anyURI"/>
<element name="IDPList" type="samlp:IDPListType"/>
<complexType name="IDPListType">
    <sequence>
        <element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
        <element ref="samlp:GetComplete" minOccurs="0"/>
    </sequence>
</complexType>
<element name="IDPEntry" type="samlp:IDPEntryType"/>
<complexType name="IDPEntryType">
    <attribute name="ProviderID" type="anyURI" use="required"/>
    <attribute name="Name" type="string" use="optional"/>
    <attribute name="Loc" type="anyURI" use="optional"/>
</complexType>
<element name="GetComplete" type="anyURI"/>
<element name="Response" type="samlp:ResponseType"/>
<complexType name="ResponseType">
    <complexContent>
        <extension base="samlp:StatusResponseType">
            <choice minOccurs="0" maxOccurs="unbounded">
                <element ref="saml:Assertion"/>
                <element ref="saml:EncryptedAssertion"/>
            </choice>
        </extension>
    </complexContent>
</complexType>
<element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
<complexType name="ArtifactResolveType">
    <complexContent>
        <extension base="samlp:RequestAbstractType">
            <sequence>
                <element ref="samlp:Artifact"/>
            </sequence>
        </extension>
    </complexContent>
</complexType>
<element name="Artifact" type="string"/>
<element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
<complexType name="ArtifactResponseType">
    <complexContent>
        <extension base="samlp:StatusResponseType">
            <sequence>
                <any namespace="##any" processContents="lax" minOccurs="0"/>
            </sequence>
        </extension>
    </complexContent>
</complexType>
<element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
<complexType name="ManageNameIDRequestType">
    <complexContent>
        <extension base="samlp:RequestAbstractType">
            <sequence>
                <choice>
                    <element ref="saml:NameID"/>
                    <element ref="saml:EncryptedID"/>
                </choice>
                <choice>
                    <element ref="samlp:NewID"/>
                    <element ref="samlp:NewEncryptedID"/>
                    <element ref="samlp:Terminate"/>
                </choice>
            </sequence>
        </extension>
    </complexContent>
</complexType>
<element name="NewID" type="string"/>
<element name="NewEncryptedID" type="saml:EncryptedElementType"/>
<element name="Terminate" type="samlp:TerminateType"/>
<complexType name="TerminateType"/>
<element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
<element name="LogoutRequest" type="samlp:LogoutRequestType"/>
<complexType name="LogoutRequestType">
    <complexContent>
        <extension base="samlp:RequestAbstractType">
            <sequence>
                <choice>
                    <element ref="saml:BaseID"/>
                    <element ref="saml:NameID"/>
                    <element ref="saml:EncryptedID"/>
                </choice>
                <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
            </sequence>
            <attribute name="Reason" type="string" use="optional"/>
            <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
        </extension>
    </complexContent>
</complexType>
<element name="SessionIndex" type="string"/>
<element name="LogoutResponse" type="samlp:StatusResponseType"/>
<element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
<complexType name="NameIDMappingRequestType">
    <complexContent>
        <extension base="samlp:RequestAbstractType">
            <sequence>
                <choice>
                    <element ref="saml:BaseID"/>
                    <element ref="saml:NameID"/>
                    <element ref="saml:EncryptedID"/>
                </choice>
                <element ref="samlp:NameIDPolicy"/>
            </sequence>
        </extension>
    </complexContent>
</complexType>
<element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
<complexType name="NameIDMappingResponseType">
    <complexContent>
        <extension base="samlp:StatusResponseType">
            <choice>
                <element ref="saml:NameID"/>
                <element ref="saml:EncryptedID"/>
            </choice>
        </extension>
    </complexContent>
</complexType>

</schema>