115 lines
4.1 KiB
Plaintext
115 lines
4.1 KiB
Plaintext
#
|
|
# OpenLDAP Schema file
|
|
# for univention-saml package
|
|
#
|
|
|
|
attributetype ( 1.3.6.1.4.1.10176.4200.1.2
|
|
NAME 'SAMLServiceProviderIdentifier'
|
|
DESC 'Unique service provider identifier'
|
|
EQUALITY caseExactIA5Match
|
|
SUBSTR caseExactIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
attributetype ( 1.3.6.1.4.1.10176.4200.1.3
|
|
NAME 'AssertionConsumerService'
|
|
DESC 'The URL of the AssertionConsumerService endpoint for this SP'
|
|
EQUALITY caseExactIA5Match
|
|
SUBSTR caseExactIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
attributetype ( 1.3.6.1.4.1.10176.4200.1.4
|
|
NAME 'NameIDFormat'
|
|
DESC 'The NameIDFormat this SP should receive'
|
|
EQUALITY caseExactIA5Match
|
|
SUBSTR caseExactIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
attributetype ( 1.3.6.1.4.1.10176.4200.1.5
|
|
NAME 'simplesamlNameIDAttribute'
|
|
DESC 'The name of the attribute which should be used as the value of the NameID'
|
|
EQUALITY caseExactIA5Match
|
|
SUBSTR caseExactIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
attributetype ( 1.3.6.1.4.1.10176.4200.1.6
|
|
NAME 'simplesamlAttributes'
|
|
DESC 'Whether the SP should receive any attributes from the IdP'
|
|
EQUALITY caseExactIA5Match
|
|
SUBSTR caseExactIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
attributetype ( 1.3.6.1.4.1.10176.4200.1.7
|
|
NAME 'simplesamlLDAPattributes'
|
|
DESC 'A list of attributes the service provider will receive'
|
|
EQUALITY caseExactIA5Match
|
|
SUBSTR caseExactIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
attributetype ( 1.3.6.1.4.1.10176.4200.1.8
|
|
NAME 'serviceproviderdescription'
|
|
DESC 'A description of this service provider that can be shown to users'
|
|
EQUALITY caseExactIA5Match
|
|
SUBSTR caseExactIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
attributetype ( 1.3.6.1.4.1.10176.4200.1.9
|
|
NAME 'serviceProviderOrganizationName'
|
|
DESC 'The name of the organization responsible for the service provider that can be shown to users'
|
|
EQUALITY caseExactIA5Match
|
|
SUBSTR caseExactIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
attributetype ( 1.3.6.1.4.1.10176.4200.1.10
|
|
NAME 'privacypolicyURL'
|
|
DESC 'An absolute URL for the service providers privacy policy'
|
|
EQUALITY caseExactIA5Match
|
|
SUBSTR caseExactIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
attributetype ( 1.3.6.1.4.1.10176.4200.1.11
|
|
NAME 'attributesNameFormat'
|
|
DESC 'Which value will be set in the format field of attribute statements'
|
|
EQUALITY caseExactIA5Match
|
|
SUBSTR caseExactIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
attributetype ( 1.3.6.1.4.1.10176.4200.1.12
|
|
NAME 'singleLogoutService'
|
|
DESC 'The URL of the SingleLogoutService endpoint for this service provider'
|
|
EQUALITY caseExactIA5Match
|
|
SUBSTR caseExactIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
attributetype ( 1.3.6.1.4.1.10176.4200.1.13
|
|
NAME 'isServiceProviderActivated'
|
|
DESC 'True if this service provider is activated and its configuration is written'
|
|
SINGLE-VALUE
|
|
EQUALITY booleanMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
|
|
|
|
attributetype ( 1.3.6.1.4.1.10176.4200.1.14
|
|
NAME 'serviceProviderMetadata'
|
|
DESC 'The raw XML metadata for this service provider entry'
|
|
EQUALITY caseExactIA5Match
|
|
SUBSTR caseExactIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
objectclass ( 1.3.6.1.4.1.10176.4200.1.1 NAME 'univentionSAMLServiceProvider' SUP top STRUCTURAL
|
|
DESC 'univention simplesamlphp service provider'
|
|
MAY ( NameIDFormat $ simplesamlNameIDAttribute $ simplesamlAttributes $ simplesamlLDAPattributes $ serviceproviderdescription $ serviceProviderOrganizationName $ privacypolicyURL $ attributesNameFormat $ singleLogoutService $ serviceProviderMetadata )
|
|
MUST ( isServiceProviderActivated $ SAMLServiceProviderIdentifier $ AssertionConsumerService )
|
|
)
|
|
|
|
attributetype ( 1.3.6.1.4.1.10176.4200.2.2
|
|
NAME 'enabledServiceProviderIdentifier'
|
|
DESC 'A service provider the user is enabled to use'
|
|
EQUALITY caseExactIA5Match
|
|
SUBSTR caseExactIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
objectclass ( 1.3.6.1.4.1.10176.4200.2.1 NAME 'univentionSAMLEnabled' SUP top AUXILIARY
|
|
DESC 'The user is enabled to use SAML service providers'
|
|
MAY ( enabledServiceProviderIdentifier )
|
|
)
|
|
|