SAML Assertion XML Schemas

The XML schemas in this section specify the structure and elements that Oracle Utilities expects in the SAML assertions for both the single and multiple account implementations.

XML Schema for Single Account SSO

Copy

<?xml version="1.0" encoding="UTF-8" ?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
    id="sso_user_properties"
    elementFormDefault="qualified"
    version="v0.1.0">
    <xs:annotation>
        <xs:documentation xml:lang="en">
        </xs:documentation>
    </xs:annotation>
    <xs:element name="property">
        <xs:annotation>
            <xs:documentation xml:lang="en">
                An arbitrary property.
            </xs:documentation>
        </xs:annotation>
        <xs:complexType>
            <xs:sequence>
                <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
                <xs:element name="value" type="xs:string" minOccurs="1" maxOccurs="1"/>
            </xs:sequence>
        </xs:complexType>
    </xs:element>
    <xs:element name="error" type="xs:string">
        <xs:annotation>
            <xs:documentation xml:lang="en">
                If there was a problem providing a valid response, this should be set to contain an explanation of the problem.
            </xs:documentation>
        </xs:annotation>
    </xs:element>
    <xs:element name="sso_user_properties">
        <xs:annotation>
            <xs:documentation xml:lang="en">
                Root element.
            </xs:documentation>
        </xs:annotation>
        <xs:complexType>
            <xs:choice>
                <xs:sequence>
                    <xs:element ref="property" minOccurs="1" maxOccurs="unbounded"/>
                </xs:sequence>
                <xs:element ref="error" />
            </xs:choice>
        </xs:complexType>
    </xs:element>
</xs:schema>

XML Schema for Multiple Account SSO

Copy

<?xml version="1.0" encoding="UTF-8" ?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
    id="authorized_accounts"
    elementFormDefault="qualified"
    version="v0.1.0">
    <xs:annotation>
        <xs:documentation xml:lang="en">
            This describes the expected response to an Oracle Utilities multiple account sso request.  The main purpose of this is to provide additional authorization information about the user who has been authenticated. The current version of this schema provides for a list of accounts (in the domain of the utility company) to which the authenticated user should have access.  Preferably, the response should provide an "initial account" representing the account that the user should see upon successful completion of authentication and authorization.
        </xs:documentation>
    </xs:annotation>
 
    <xs:element name="user">
        <xs:annotation>
            <xs:documentation xml:lang="en">
                Information about the user.
            </xs:documentation>
        </xs:annotation>
        <xs:complexType>
            <xs:sequence>
                <xs:element name="display_name" type="xs:string" />
                <xs:element name="language_preference" type="xs:string" minOccurs="0" maxOccurs="1"/>
            </xs:sequence>
        </xs:complexType>
    </xs:element>
 
    <xs:element name="account">
        <xs:annotation>
            <xs:documentation xml:lang="en">
               An account (in the domain of the utility company) that the user should have access to.
            </xs:documentation>
        </xs:annotation>
        <xs:complexType>
            <xs:sequence>
                <xs:element name="name" type="xs:string" />
            </xs:sequence>
            <xs:attribute name="id" type="xs:NMTOKEN" use="required" />
        </xs:complexType>
    </xs:element>
 
    <xs:element name="accounts">
        <xs:annotation>
            <xs:documentation xml:lang="en">
                A list of accounts
            </xs:documentation>
        </xs:annotation>
        <xs:complexType>
            <xs:sequence>
                <xs:element ref="account" minOccurs="1" maxOccurs="unbounded"/>
            </xs:sequence>
        </xs:complexType>
    </xs:element>
 
    <xs:element name="error" type="xs:string">
        <xs:annotation>
            <xs:documentation xml:lang="en">
                If there was a problem providing a valid response, this should be set to contain an explanation of the problem
            </xs:documentation>
        </xs:annotation>
    </xs:element>
 
    <xs:element name="initial_account">
        <xs:annotation>
            <xs:documentation xml:lang="en">
                The initial account the user should be viewing after SSO has completed.
            </xs:documentation>
        </xs:annotation>
        <xs:complexType>
            <xs:attribute name="id" type="xs:NMTOKEN" use="required" />
        </xs:complexType>
    </xs:element>
 
    <xs:element name="authorized_accounts">
        <xs:annotation>
            <xs:documentation xml:lang="en">
                Root element.
            </xs:documentation>
        </xs:annotation>
        <xs:complexType>
            <xs:choice>
                <xs:sequence>
                    <xs:element ref="user" minOccurs="0" maxOccurs="1"/>
                    <xs:element ref="initial_account" minOccurs="0" maxOccurs="1"/>
                    <xs:element ref="accounts" minOccurs="1" maxOccurs="1"/>
                </xs:sequence>
                <xs:element ref="error" />
            </xs:choice>
        </xs:complexType>
    </xs:element>
</xs:schema>