1 <?xml version="1.0" encoding="UTF-8"?>
3 <xsd:schema targetNamespace="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
4 xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:service="urn:mace:shibboleth:2.0:services"
5 elementFormDefault="qualified">
7 <xsd:include schemaLocation="classpath:/schema/shibboleth-2.0-profile-handler.xsd" />
9 <xsd:import namespace="urn:mace:shibboleth:2.0:services"
10 schemaLocation="classpath:/schema/shibboleth-2.0-services.xsd" />
14 This schema specifies the configuration options for Shibboleth IdP profile handlers.
18 <xsd:complexType name="IdPProfileHandlerManager">
20 <xsd:documentation>Definition for the basic Shibboleth profile handler manager service.</xsd:documentation>
23 <xsd:extension base="service:ReloadableServiceType" />
27 <xsd:element name="ProfileHandlerGroup">
29 <xsd:documentation>Root of a profile handler configuration file.</xsd:documentation>
33 <xsd:element name="ErrorHandler" type="ErrorHandlerType" />
34 <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
35 <xsd:element name="AuthenticationHandler" type="AuthenticationHandlerType" minOccurs="0"
36 maxOccurs="unbounded" />
41 <xsd:complexType name="Status">
43 <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
46 <xsd:extension base="RequestURIMappedProfileHandlerType" />
50 <xsd:complexType name="SAML2SSO">
52 <xsd:documentation>Configuration type for SAML 2 SSO profile handlers.</xsd:documentation>
55 <xsd:extension base="SAML2ProfileHandler">
56 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
59 The context relative path to the authentication manager used by this profile handler. This
60 should match the URL pattern given in the web.xml
64 <xsd:attribute name="decodingBinding" type="xsd:anyURI"
65 default="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
68 The URI of the binding used when decoding requests from relying parties.
72 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
73 default="shibboleth.SAML2SSOMessageSecurityPolicyFactory">
76 The component ID of the security policy factory to use with the profile handler.
78 This setting should not be changed from its default unless the deployer fully understands
79 the inter-relationship between IdP components.
83 <xsd:attribute name="outboundBindingEnumeration" default="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
86 An ordered list of outbound bindings supported by this profile handler. The order
87 provided establishs the precedence given the bindings such that, from the left to right,
88 the first binding also supported by the relying party will be used.
92 <xsd:list itemType="xsd:anyURI"/>
99 <xsd:complexType name="SAML2AttributeQuery">
101 <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
104 <xsd:extension base="SAML2ProfileHandler">
105 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
106 default="shibboleth.SAML2AttributeQueryMessageSecurityPolicyFactory">
109 The component ID of the security policy factory to use with the profile handler.
111 This setting should not be changed from its default unless the deployer fully understands
112 the inter-relationship between IdP components.
117 </xsd:complexContent>
120 <xsd:complexType name="SAML2ProfileHandler" abstract="true">
122 <xsd:documentation>Base type for SAML 2 profile handlers.</xsd:documentation>
125 <xsd:extension base="SAMLProfileHandler" />
126 </xsd:complexContent>
129 <xsd:complexType name="ShibbolethSSO">
131 <xsd:documentation>Configuration type for Shibboleth 1 SSO profile handlers.</xsd:documentation>
134 <xsd:extension base="SAML1ProfileHandler">
135 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
138 The context relative path to the authentication manager used by this profile handler. This
139 should match the URL pattern given in the web.xml
143 <xsd:attribute name="outboundBindingEnumeration" default="urn:oasis:names:tc:SAML:1.0:profiles:browser-post">
146 An ordered list of outbound bindings supported by this profile handler. The order
147 provided establishs the precedence given the bindings such that, from the left to right,
148 the first binding also supported by the relying party will be used.
152 <xsd:list itemType="xsd:anyURI"/>
156 </xsd:complexContent>
159 <xsd:complexType name="SAML1AttributeQuery">
161 <xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
164 <xsd:extension base="SAML1ProfileHandler">
165 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
166 default="shibboleth.SAML1AttributeQueryMessageSecurityPolicyFactory">
169 The component ID of the security policy factory to use with the profile handler.
171 This setting should not be changed from its default unless the deployer fully understands
172 the inter-relationship between IdP components.
177 </xsd:complexContent>
180 <xsd:complexType name="SAML1ProfileHandler" abstract="true">
182 <xsd:documentation>Base type for SAML 1 profile handlers.</xsd:documentation>
185 <xsd:extension base="SAMLProfileHandler" />
186 </xsd:complexContent>
189 <xsd:complexType name="SAMLProfileHandler" abstract="true">
191 <xsd:documentation>Base type for Shibboleth IdP SAML profile handlers.</xsd:documentation>
194 <xsd:extension base="IdPProfileHandlerType">
195 <xsd:attribute name="messageDecoderFactoryId" type="xsd:string"
196 default="shibboleth.MessageDecoderFactory">
199 The component ID of the message decoder to use with the profile handler.
201 This setting should not be changed from its default unless the deployer fully understands
202 the inter-relationship between IdP components.
206 <xsd:attribute name="messageEncoderFactoryId" type="xsd:string"
207 default="shibboleth.MessageEncoderFactory">
210 The component ID of the message encoder to use with the profile handler.
212 This setting should not be changed from its default unless the deployer fully understands
213 the inter-relationship between IdP components.
217 <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
220 The component ID of a generator used to generated things like response and assertion IDs.
222 This setting should not be changed from its default unless the deployer fully understands
223 the inter-relationship between IdP components.
228 </xsd:complexContent>
231 <xsd:complexType name="IdPProfileHandlerType" abstract="true">
233 <xsd:documentation>Base type for IdP profile handlers.</xsd:documentation>
236 <xsd:extension base="ShibbolethProfileHandlerType" />
237 </xsd:complexContent>
240 <xsd:complexType name="RemoteUser">
242 <xsd:extension base="AuthenticationHandlerType">
243 <xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/RemoteUser">
246 The servlet context path to the
247 edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet instance
248 protected by the container or web server.
253 </xsd:complexContent>
256 <xsd:complexType name="AuthenticationHandlerType" abstract="true">
258 <xsd:documentation>Base type for authentication handler types.</xsd:documentation>
261 <xsd:element name="AuthenticationMethod" type="xsd:string" maxOccurs="unbounded">
264 The authentication methods supported by this handler. In SAML these methods represent the SAML 2
265 authentication contexts class and declaration reference URIs.
270 <xsd:attribute name="authenticationDuration" type="xsd:positiveInteger" default="30">
273 The length of time, in minutes, that an authentication performed by this handler should be
274 considered active. After which time a user, previously authenticated by this handler, must
275 re-authenticate in order to assert the authentication method again.
projects / java-idp.git / blob