Add explicit PreviousSession support
[java-idp.git] / resources / classpath / schema / shibboleth-2.0-idp-profile-handler.xsd
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <xsd:schema targetNamespace="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
4     xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:service="urn:mace:shibboleth:2.0:services"
5     elementFormDefault="qualified">
6
7     <xsd:include schemaLocation="classpath:/schema/shibboleth-2.0-profile-handler.xsd" />
8
9     <xsd:import namespace="urn:mace:shibboleth:2.0:services"
10         schemaLocation="classpath:/schema/shibboleth-2.0-services.xsd" />
11
12     <xsd:annotation>
13         <xsd:documentation>
14             This schema specifies the configuration options for Shibboleth IdP profile handlers.
15         </xsd:documentation>
16     </xsd:annotation>
17
18     <xsd:complexType name="IdPProfileHandlerManager">
19         <xsd:annotation>
20             <xsd:documentation>Definition for the basic Shibboleth profile handler manager service.</xsd:documentation>
21         </xsd:annotation>
22         <xsd:complexContent>
23             <xsd:extension base="service:ReloadableServiceType" />
24         </xsd:complexContent>
25     </xsd:complexType>
26
27     <xsd:element name="ProfileHandlerGroup">
28         <xsd:annotation>
29             <xsd:documentation>Root of a profile handler configuration file.</xsd:documentation>
30         </xsd:annotation>
31         <xsd:complexType>
32             <xsd:sequence>
33                 <xsd:element name="ErrorHandler" type="ErrorHandlerType" />
34                 <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
35                 <xsd:element name="LoginHandler" type="LoginHandlerType" minOccurs="0"
36                     maxOccurs="unbounded" />
37             </xsd:sequence>
38         </xsd:complexType>
39     </xsd:element>
40
41     <xsd:complexType name="Status">
42         <xsd:annotation>
43             <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
44         </xsd:annotation>
45         <xsd:complexContent>
46             <xsd:extension base="RequestURIMappedProfileHandlerType" />
47         </xsd:complexContent>
48     </xsd:complexType>
49     
50     <xsd:complexType name="SAMLMetadata">
51         <xsd:annotation>
52             <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
53         </xsd:annotation>
54         <xsd:complexContent>
55             <xsd:extension base="RequestURIMappedProfileHandlerType">
56                 <xsd:attribute name="metadataFile" type="xsd:string" use="required">
57                     <xsd:annotation>
58                         <xsd:documentation>
59                             Location of the static IdP metadata file.
60                         </xsd:documentation>
61                     </xsd:annotation>
62                 </xsd:attribute>
63             </xsd:extension>
64         </xsd:complexContent>
65     </xsd:complexType>
66
67     <xsd:complexType name="SAML2SSO">
68         <xsd:annotation>
69             <xsd:documentation>Configuration type for SAML 2 SSO profile handlers.</xsd:documentation>
70         </xsd:annotation>
71         <xsd:complexContent>
72             <xsd:extension base="SAML2ProfileHandler">
73                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
74                     <xsd:annotation>
75                         <xsd:documentation>
76                             The context relative path to the authentication manager used by this profile handler. This
77                             should match the URL pattern given in the web.xml
78                         </xsd:documentation>
79                     </xsd:annotation>
80                 </xsd:attribute>
81             </xsd:extension>
82         </xsd:complexContent>
83     </xsd:complexType>
84
85     <xsd:complexType name="SAML2AttributeQuery">
86         <xsd:annotation>
87             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
88         </xsd:annotation>
89         <xsd:complexContent>
90             <xsd:extension base="SAML2ProfileHandler" />
91         </xsd:complexContent>
92     </xsd:complexType>
93     
94     <xsd:complexType name="SAML2ArtifactResolution">
95         <xsd:annotation>
96             <xsd:documentation>Configuration type for SAML 2 artifact resolution profile handlers.</xsd:documentation>
97         </xsd:annotation>
98         <xsd:complexContent>
99             <xsd:extension base="SAML2ProfileHandler">
100                 <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
101                     <xsd:annotation>
102                         <xsd:documentation>
103                             Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact objects.
104                         </xsd:documentation>
105                     </xsd:annotation>
106                 </xsd:attribute>
107             </xsd:extension>
108         </xsd:complexContent>
109     </xsd:complexType>
110
111     <xsd:complexType name="SAML2ProfileHandler" abstract="true">
112         <xsd:annotation>
113             <xsd:documentation>Base type for SAML 2 profile handlers.</xsd:documentation>
114         </xsd:annotation>
115         <xsd:complexContent>
116             <xsd:extension base="SAMLProfileHandler" />
117         </xsd:complexContent>
118     </xsd:complexType>
119
120     <xsd:complexType name="ShibbolethSSO">
121         <xsd:annotation>
122             <xsd:documentation>Configuration type for Shibboleth 1 SSO profile handlers.</xsd:documentation>
123         </xsd:annotation>
124         <xsd:complexContent>
125             <xsd:extension base="SAML1ProfileHandler">
126                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
127                     <xsd:annotation>
128                         <xsd:documentation>
129                             The context relative path to the authentication manager used by this profile handler. This
130                             should match the URL pattern given in the web.xml
131                         </xsd:documentation>
132                     </xsd:annotation>
133                 </xsd:attribute>
134             </xsd:extension>
135         </xsd:complexContent>
136     </xsd:complexType>
137
138     <xsd:complexType name="SAML1AttributeQuery">
139         <xsd:annotation>
140             <xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
141         </xsd:annotation>
142         <xsd:complexContent>
143             <xsd:extension base="SAML1ProfileHandler" />
144         </xsd:complexContent>
145     </xsd:complexType>
146     
147     <xsd:complexType name="SAML1ArtifactResolution">
148         <xsd:annotation>
149             <xsd:documentation>Configuration type for SAML 1 artifact resolution profile handlers.</xsd:documentation>
150         </xsd:annotation>
151         <xsd:complexContent>
152             <xsd:extension base="SAML1ProfileHandler">
153                 <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
154                     <xsd:annotation>
155                         <xsd:documentation>
156                             Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact objects.
157                         </xsd:documentation>
158                     </xsd:annotation>
159                 </xsd:attribute>
160             </xsd:extension>
161         </xsd:complexContent>
162     </xsd:complexType>
163
164     <xsd:complexType name="SAML1ProfileHandler" abstract="true">
165         <xsd:annotation>
166             <xsd:documentation>Base type for SAML 1 profile handlers.</xsd:documentation>
167         </xsd:annotation>
168         <xsd:complexContent>
169             <xsd:extension base="SAMLProfileHandler" />
170         </xsd:complexContent>
171     </xsd:complexType>
172
173     <xsd:complexType name="SAMLProfileHandler" abstract="true">
174         <xsd:annotation>
175             <xsd:documentation>Base type for Shibboleth IdP SAML profile handlers.</xsd:documentation>
176         </xsd:annotation>
177         <xsd:complexContent>
178             <xsd:extension base="IdPProfileHandlerType">
179                 <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
180                     <xsd:annotation>
181                         <xsd:documentation>
182                             The component ID of a generator used to generated things like response and assertion IDs.
183
184                             This setting should not be changed from its default unless the deployer fully understands
185                             the inter-relationship between IdP components.
186                         </xsd:documentation>
187                     </xsd:annotation>
188                 </xsd:attribute>
189                 <xsd:attribute name="inboundBinding" type="xsd:anyURI" use="required">
190                     <xsd:annotation>
191                         <xsd:documentation>
192                             The SAML message binding used by inbound messages.
193                         </xsd:documentation>
194                     </xsd:annotation>
195                 </xsd:attribute>
196                 <xsd:attribute name="outboundBindingEnumeration" >
197                     <xsd:annotation>
198                         <xsd:documentation>
199                             An ordered list of outbound bindings supported by this profile handler. The order provided
200                             establishes the precedence given the bindings such that, from the left to right, the first
201                             binding also supported by the relying party will be used.
202                         </xsd:documentation>
203                     </xsd:annotation>
204                     <xsd:simpleType>
205                         <xsd:list itemType="xsd:anyURI" />
206                     </xsd:simpleType>
207                 </xsd:attribute>
208             </xsd:extension>
209         </xsd:complexContent>
210     </xsd:complexType>
211
212     <xsd:complexType name="IdPProfileHandlerType" abstract="true">
213         <xsd:annotation>
214             <xsd:documentation>Base type for IdP profile handlers.</xsd:documentation>
215         </xsd:annotation>
216         <xsd:complexContent>
217             <xsd:extension base="ShibbolethProfileHandlerType" />
218         </xsd:complexContent>
219     </xsd:complexType>
220     
221     <xsd:complexType name="PreviousSession">
222         <xsd:complexContent>
223             <xsd:extension base="LoginHandlerType">
224                 <xsd:attribute name="servletPath" type="xsd:string">
225                     <xsd:annotation>
226                         <xsd:documentation>
227                             Optional servlet path to which the browser may be redirected.
228                         </xsd:documentation>
229                     </xsd:annotation>
230                 </xsd:attribute>
231                 <xsd:attribute name="reportPreviousSessionAuthnMethod" type="xsd:boolean" default="false">
232                     <xsd:annotation>
233                         <xsd:documentation>
234                             Whether this login handler should report its authentication method as PreviousSession 
235                             or the authentication method requested by the peer.
236                         </xsd:documentation>
237                     </xsd:annotation>
238                 </xsd:attribute>
239                 <xsd:attribute name="supportsPassiveAuthentication" type="xsd:boolean" default="false">
240                     <xsd:annotation>
241                         <xsd:documentation>
242                             Whether this login handler, when redirecting to a servlet, support passives authentication.
243                         </xsd:documentation>
244                     </xsd:annotation>
245                 </xsd:attribute>
246             </xsd:extension>
247         </xsd:complexContent>
248     </xsd:complexType>
249
250     <xsd:complexType name="RemoteUser">
251         <xsd:complexContent>
252             <xsd:extension base="LoginHandlerType">
253                 <xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/RemoteUser">
254                     <xsd:annotation>
255                         <xsd:documentation>
256                             The servlet context path to the
257                             edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet instance
258                             protected by the container or web server.
259                         </xsd:documentation>
260                     </xsd:annotation>
261                 </xsd:attribute>
262             </xsd:extension>
263         </xsd:complexContent>
264     </xsd:complexType>
265
266     <xsd:complexType name="UsernamePassword">
267         <xsd:complexContent>
268             <xsd:extension base="LoginHandlerType">
269                 <xsd:attribute name="jaasConfigurationLocation" type="xsd:anyURI">
270                     <xsd:annotation>
271                         <xsd:documentation>
272                             Location of the JAAS configuration. If this attribute is used it will usually contain a file
273                             URL to a configuration on the local filesystem. However, this attribute need not be used and
274                             this information can be set within the VM in any manner supported by the JVM/container
275                             implementation.
276                         </xsd:documentation>
277                     </xsd:annotation>
278                 </xsd:attribute>
279                 <xsd:attribute name="authenticationServletURL" type="xsd:string" default="/Authn/UserPassword">
280                     <xsd:annotation>
281                         <xsd:documentation>
282                             The servlet context path to the
283                             edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordAuthenticationServlet
284                             that will authenticate the user.
285                         </xsd:documentation>
286                     </xsd:annotation>
287                 </xsd:attribute>
288             </xsd:extension>
289         </xsd:complexContent>
290     </xsd:complexType>
291
292     <xsd:complexType name="LoginHandlerType" abstract="true">
293         <xsd:annotation>
294             <xsd:documentation>Base type for authentication handler types.</xsd:documentation>
295         </xsd:annotation>
296         <xsd:sequence>
297             <xsd:element name="AuthenticationMethod" type="xsd:string" maxOccurs="unbounded">
298                 <xsd:annotation>
299                     <xsd:documentation>
300                         The authentication methods supported by this handler. In SAML these methods represent the SAML 2
301                         authentication contexts class and declaration reference URIs.
302                     </xsd:documentation>
303                 </xsd:annotation>
304             </xsd:element>
305         </xsd:sequence>
306         <xsd:attribute name="authenticationDuration" type="xsd:positiveInteger" default="30">
307             <xsd:annotation>
308                 <xsd:documentation>
309                     The length of time, in minutes, that an authentication performed by this handler should be
310                     considered active. After which time a user, previously authenticated by this handler, must
311                     re-authenticate in order to assert the authentication method again.
312                 </xsd:documentation>
313             </xsd:annotation>
314         </xsd:attribute>
315     </xsd:complexType>
316
317 </xsd:schema>