marloncdomenech

Hi,

Here is how I solved the problem.

In English: http://stackoverflow.com/questions/21835166/how-to-restrict-the-xsd-of-saml-2-0-authentication-context

In Portuguese: http://pt.stackoverflow.com/questions/6175/como-restringir-o-xsd-do-authentication-context-do-saml-2-0

I have been trying to find a solution to my problem is the last 10 days, and I found nothing. So, I am trying to restrict the Authentication Context XML Schema Definition of SAML 2.0. The XSD document is accessible at http://docs.oasis-open.org/security/saml/v2.0/saml-schema-authn-context-types-2.0.xsd.

The part that I am trying to restrict is the one related to this part of the XSD document:

<xs:complexType name="PasswordType">  <xs:sequence>    <xs:element ref="Length" minOccurs="0"/>    <xs:element ref="Alphabet" minOccurs="0"/>    <xs:element ref="Generation" minOccurs="0"/>    <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>  </xs:sequence>  <xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/></xs:complexType><xs:element name="RestrictedPassword" type="RestrictedPasswordType"/><xs:complexType name="RestrictedPasswordType">  <xs:complexContent>    <xs:restriction base="PasswordType">      <xs:sequence>        <xs:element name="Length" type="RestrictedLengthType" minOccurs="1"/>        <xs:element ref="Generation" minOccurs="0"/>        <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>      </xs:sequence>      <xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/>    </xs:restriction>  </xs:complexContent></xs:complexType> 

Well, I do not know how to restrict the RestrictedPassword complex Type. Below is my XSD, that tries to restrict the original XSD document.

<?xml version="1.0" encoding="UTF-8"?><xs:schema version="2.0"    targetNamespace="urn:m:SAML:2.0:ac:classes:K"    xmlns:xs="http://www.w3.org/2001/XMLSchema"    xmlns="urn:m:SAML:2.0:ac:classes:K"     finalDefault="extension"    blockDefault="substitution">  <xs:redefine schemaLocation="http://docs.oasis-open.org/security/saml/v2.0/saml-schema-authn-context-types-2.0.xsd">     <xs:complexType name="RestrictedPasswordType">      <xs:complexContent>        <xs:restriction base="RestrictedPasswordType">          <xs:sequence>            <xs:element ref="Length" minOccurs="0"/>            <xs:element ref="Generation"/>            <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>          </xs:sequence>          <xs:attribute name="ExternalVerification" type="xs:anyURI" use="optional"/>        </xs:restriction>      </xs:complexContent>    </xs:complexType>  </xs:redefine> </xs:schema> 

When I try to validate this XSD in this tool http://www.utilities-online.info/xsdvalidation/#.UwJAzK69h31 it returns me an error, that I do not know how to fix.

Any help is welcome.

Thanks!

Domenech, Marlon