<schema

targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<import namespace="http://www.w3.org/2000/09/xmldsig#"
    schemaLocation="xmldsig-core-schema.xsd"/>
<import namespace="http://www.w3.org/2001/04/xmlenc#"
    schemaLocation="xenc-schema.xsd"/>
<import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
    schemaLocation="saml-schema-assertion-2.0.xsd"/>
<import namespace="http://www.w3.org/XML/1998/namespace"
    schemaLocation="xml.xsd"/>
<annotation>
    <documentation>
        Document identifier: saml-schema-metadata-2.0
        Location: http://docs.oasis-open.org/security/saml/v2.0/
        Revision history:
          V2.0 (March, 2005):
            Schema for SAML metadata, first published in SAML 2.0.
    </documentation>
</annotation>

<simpleType name="entityIDType">
    <restriction base="anyURI">
        <maxLength value="1024"/>
    </restriction>
</simpleType>
<complexType name="localizedNameType">
    <simpleContent>
        <extension base="string">
            <attribute ref="xml:lang" use="required"/>
        </extension>
    </simpleContent>
</complexType>
<complexType name="localizedURIType">
    <simpleContent>
        <extension base="anyURI">
            <attribute ref="xml:lang" use="required"/>
        </extension>
    </simpleContent>
</complexType>

<element name="Extensions" type="md:ExtensionsType"/>
<complexType final="#all" name="ExtensionsType">
    <sequence>
        <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
    </sequence>
</complexType>

<complexType name="EndpointType">
    <sequence>
        <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
    </sequence>
    <attribute name="Binding" type="anyURI" use="required"/>
    <attribute name="Location" type="anyURI" use="required"/>
    <attribute name="ResponseLocation" type="anyURI" use="optional"/>
    <anyAttribute namespace="##other" processContents="lax"/>
</complexType>

<complexType name="IndexedEndpointType">
    <complexContent>
        <extension base="md:EndpointType">
            <attribute name="index" type="unsignedShort" use="required"/>
            <attribute name="isDefault" type="boolean" use="optional"/>
        </extension>
    </complexContent>
</complexType>

<element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/>
<complexType name="EntitiesDescriptorType">
    <sequence>
        <element ref="ds:Signature" minOccurs="0"/>
        <element ref="md:Extensions" minOccurs="0"/>
        <choice minOccurs="1" maxOccurs="unbounded">
            <element ref="md:EntityDescriptor"/>
            <element ref="md:EntitiesDescriptor"/>
        </choice>
    </sequence>
    <attribute name="validUntil" type="dateTime" use="optional"/>
    <attribute name="cacheDuration" type="duration" use="optional"/>
    <attribute name="ID" type="ID" use="optional"/>
    <attribute name="Name" type="string" use="optional"/>
</complexType>

<element name="EntityDescriptor" type="md:EntityDescriptorType"/>
<complexType name="EntityDescriptorType">
    <sequence>
        <element ref="ds:Signature" minOccurs="0"/>
        <element ref="md:Extensions" minOccurs="0"/>
        <choice>
            <choice maxOccurs="unbounded">
                <element ref="md:RoleDescriptor"/>
                <element ref="md:IDPSSODescriptor"/>
                <element ref="md:SPSSODescriptor"/>
                <element ref="md:AuthnAuthorityDescriptor"/>
                <element ref="md:AttributeAuthorityDescriptor"/>
                <element ref="md:PDPDescriptor"/>
            </choice>
            <element ref="md:AffiliationDescriptor"/>
        </choice>
        <element ref="md:Organization" minOccurs="0"/>
        <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
        <element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/>
    </sequence>
    <attribute name="entityID" type="md:entityIDType" use="required"/>
    <attribute name="validUntil" type="dateTime" use="optional"/>
    <attribute name="cacheDuration" type="duration" use="optional"/>
    <attribute name="ID" type="ID" use="optional"/>
    <anyAttribute namespace="##other" processContents="lax"/>
</complexType>

<element name="Organization" type="md:OrganizationType"/>
<complexType name="OrganizationType">
    <sequence>
        <element ref="md:Extensions" minOccurs="0"/>
        <element ref="md:OrganizationName" maxOccurs="unbounded"/>
        <element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/>
        <element ref="md:OrganizationURL" maxOccurs="unbounded"/>
    </sequence>
    <anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="OrganizationName" type="md:localizedNameType"/>
<element name="OrganizationDisplayName" type="md:localizedNameType"/>
<element name="OrganizationURL" type="md:localizedURIType"/>
<element name="ContactPerson" type="md:ContactType"/>
<complexType name="ContactType">
    <sequence>
        <element ref="md:Extensions" minOccurs="0"/>
        <element ref="md:Company" minOccurs="0"/>
        <element ref="md:GivenName" minOccurs="0"/>
        <element ref="md:SurName" minOccurs="0"/>
        <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/>
        <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/>
    </sequence>
    <attribute name="contactType" type="md:ContactTypeType" use="required"/>
    <anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="Company" type="string"/>
<element name="GivenName" type="string"/>
<element name="SurName" type="string"/>
<element name="EmailAddress" type="anyURI"/>
<element name="TelephoneNumber" type="string"/>
<simpleType name="ContactTypeType">
    <restriction base="string">
        <enumeration value="technical"/>
        <enumeration value="support"/>
        <enumeration value="administrative"/>
        <enumeration value="billing"/>
        <enumeration value="other"/>
    </restriction>
</simpleType>

<element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/>
<complexType name="AdditionalMetadataLocationType">
    <simpleContent>
        <extension base="anyURI">
            <attribute name="namespace" type="anyURI" use="required"/>
        </extension>
    </simpleContent>
</complexType>

<element name="RoleDescriptor" type="md:RoleDescriptorType"/>
<complexType name="RoleDescriptorType" abstract="true">
    <sequence>
        <element ref="ds:Signature" minOccurs="0"/>
        <element ref="md:Extensions" minOccurs="0"/>
        <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
        <element ref="md:Organization" minOccurs="0"/>
        <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
    </sequence>
    <attribute name="ID" type="ID" use="optional"/>
    <attribute name="validUntil" type="dateTime" use="optional"/>
    <attribute name="cacheDuration" type="duration" use="optional"/>
    <attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/>
    <attribute name="errorURL" type="anyURI" use="optional"/>
    <anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<simpleType name="anyURIListType">
    <list itemType="anyURI"/>
</simpleType>

<element name="KeyDescriptor" type="md:KeyDescriptorType"/>
<complexType name="KeyDescriptorType">
    <sequence>
        <element ref="ds:KeyInfo"/>
        <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>
    </sequence>
    <attribute name="use" type="md:KeyTypes" use="optional"/>
</complexType>
<simpleType name="KeyTypes">
    <restriction base="string">
        <enumeration value="encryption"/>
        <enumeration value="signing"/>
    </restriction>
</simpleType>
<element name="EncryptionMethod" type="xenc:EncryptionMethodType"/>

<complexType name="SSODescriptorType" abstract="true">
    <complexContent>
        <extension base="md:RoleDescriptorType">
            <sequence>
                <element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/>
                <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>
                <element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/>
                <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
            </sequence>
        </extension>
    </complexContent>
</complexType>
<element name="ArtifactResolutionService" type="md:IndexedEndpointType"/>
<element name="SingleLogoutService" type="md:EndpointType"/>
<element name="ManageNameIDService" type="md:EndpointType"/>
<element name="NameIDFormat" type="anyURI"/>

<element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/>
<complexType name="IDPSSODescriptorType">
    <complexContent>
        <extension base="md:SSODescriptorType">
            <sequence>
                <element ref="md:SingleSignOnService" maxOccurs="unbounded"/>
                <element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>
                <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
                <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
                <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
            </sequence>
            <attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>
        </extension>
    </complexContent>
</complexType>
<element name="SingleSignOnService" type="md:EndpointType"/>
<element name="NameIDMappingService" type="md:EndpointType"/>
<element name="AssertionIDRequestService" type="md:EndpointType"/>
<element name="AttributeProfile" type="anyURI"/>

<element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>
<complexType name="SPSSODescriptorType">
    <complexContent>
        <extension base="md:SSODescriptorType">
            <sequence>
                <element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>
                <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
            </sequence>
            <attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>
            <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
        </extension>
    </complexContent>
</complexType>
<element name="AssertionConsumerService" type="md:IndexedEndpointType"/>
<element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>
<complexType name="AttributeConsumingServiceType">
    <sequence>
        <element ref="md:ServiceName" maxOccurs="unbounded"/>
        <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>
        <element ref="md:RequestedAttribute" maxOccurs="unbounded"/>
    </sequence>
    <attribute name="index" type="unsignedShort" use="required"/>
    <attribute name="isDefault" type="boolean" use="optional"/>
</complexType>
<element name="ServiceName" type="md:localizedNameType"/>
<element name="ServiceDescription" type="md:localizedNameType"/>
<element name="RequestedAttribute" type="md:RequestedAttributeType"/>
<complexType name="RequestedAttributeType">
    <complexContent>
        <extension base="saml:AttributeType">
            <attribute name="isRequired" type="boolean" use="optional"/>
        </extension>
    </complexContent>
</complexType>

<element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>
<complexType name="AuthnAuthorityDescriptorType">
    <complexContent>
        <extension base="md:RoleDescriptorType">
            <sequence>
                <element ref="md:AuthnQueryService" maxOccurs="unbounded"/>
                <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
                <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
            </sequence>
        </extension>
    </complexContent>
</complexType>
<element name="AuthnQueryService" type="md:EndpointType"/>

<element name="PDPDescriptor" type="md:PDPDescriptorType"/>
<complexType name="PDPDescriptorType">
    <complexContent>
        <extension base="md:RoleDescriptorType">
            <sequence>
                <element ref="md:AuthzService" maxOccurs="unbounded"/>
                <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
                <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
            </sequence>
        </extension>
    </complexContent>
</complexType>
<element name="AuthzService" type="md:EndpointType"/>

<element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/>
<complexType name="AttributeAuthorityDescriptorType">
    <complexContent>
        <extension base="md:RoleDescriptorType">
            <sequence>
                <element ref="md:AttributeService" maxOccurs="unbounded"/>
                <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
                <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
                <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
                <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
            </sequence>
        </extension>
    </complexContent>
</complexType>
<element name="AttributeService" type="md:EndpointType"/>

<element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>
<complexType name="AffiliationDescriptorType">
    <sequence>
        <element ref="ds:Signature" minOccurs="0"/>
        <element ref="md:Extensions" minOccurs="0"/>
        <element ref="md:AffiliateMember" maxOccurs="unbounded"/>
        <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
    </sequence>
    <attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/>
    <attribute name="validUntil" type="dateTime" use="optional"/>
    <attribute name="cacheDuration" type="duration" use="optional"/>
    <attribute name="ID" type="ID" use="optional"/>
    <anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="AffiliateMember" type="md:entityIDType"/>

</schema>