More work on authentication handlers; should be complete now except for testing
[java-idp.git] / resources / classpath / schema / shibboleth-2.0-idp-profile-handler.xsd
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <xsd:schema targetNamespace="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
4     xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:service="urn:mace:shibboleth:2.0:services"
5     elementFormDefault="qualified">
6
7     <xsd:include schemaLocation="classpath:/schema/shibboleth-2.0-profile-handler.xsd" />
8
9     <xsd:import namespace="urn:mace:shibboleth:2.0:services"
10         schemaLocation="classpath:/schema/shibboleth-2.0-services.xsd" />
11
12     <xsd:annotation>
13         <xsd:documentation>
14             This schema specifies the configuration options for Shibboleth IdP profile handlers.
15         </xsd:documentation>
16     </xsd:annotation>
17
18     <xsd:complexType name="IdPProfileHandlerManager">
19         <xsd:annotation>
20             <xsd:documentation>Definition for the basic Shibboleth profile handler manager service.</xsd:documentation>
21         </xsd:annotation>
22         <xsd:complexContent>
23             <xsd:extension base="service:ReloadableServiceType" />
24         </xsd:complexContent>
25     </xsd:complexType>
26
27     <xsd:element name="ProfileHandlerGroup">
28         <xsd:annotation>
29             <xsd:documentation>Root of a profile handler configuration file.</xsd:documentation>
30         </xsd:annotation>
31         <xsd:complexType>
32             <xsd:sequence>
33                 <xsd:element name="ErrorHandler" type="ErrorHandlerType" />
34                 <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
35                 <xsd:element name="AuthenticationHandler" type="AuthenticationHandlerType" minOccurs="0"
36                     maxOccurs="unbounded" />
37             </xsd:sequence>
38         </xsd:complexType>
39     </xsd:element>
40
41     <xsd:complexType name="Status">
42         <xsd:annotation>
43             <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
44         </xsd:annotation>
45         <xsd:complexContent>
46             <xsd:extension base="RequestURIMappedProfileHandlerType" />
47         </xsd:complexContent>
48     </xsd:complexType>
49
50     <xsd:complexType name="SAML2SSO">
51         <xsd:annotation>
52             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
53         </xsd:annotation>
54         <xsd:complexContent>
55             <xsd:extension base="SAML2ProfileHandler">
56                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnManager">
57                     <xsd:annotation>
58                         <xsd:documentation>
59                             The context relative path to the authentication manager used by this profile handler. This
60                             should match the URL pattern given in the web.xml
61                         </xsd:documentation>
62                     </xsd:annotation>
63                 </xsd:attribute>
64                 <xsd:attribute name="decodingBinding" type="xsd:anyURI"
65                     default="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
66                     <xsd:annotation>
67                         <xsd:documentation>
68                             The URI of the binding used when decoding requests from relying parties.
69                         </xsd:documentation>
70                     </xsd:annotation>
71                 </xsd:attribute>
72                 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
73                     default="shibboleth.SAML2SSOMessageSecurityPolicyFactory">
74                     <xsd:annotation>
75                         <xsd:documentation>
76                             The component ID of the security policy factory to use with the profile handler.
77
78                             This setting should not be changed from its default unless the deployer fully understands
79                             the inter-relationship between IdP components.
80                         </xsd:documentation>
81                     </xsd:annotation>
82                 </xsd:attribute>
83             </xsd:extension>
84         </xsd:complexContent>
85     </xsd:complexType>
86
87     <xsd:complexType name="SAML2AttributeQuery">
88         <xsd:annotation>
89             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
90         </xsd:annotation>
91         <xsd:complexContent>
92             <xsd:extension base="SAML2ProfileHandler">
93                 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
94                     default="shibboleth.SAML2AttributeQueryMessageSecurityPolicyFactory">
95                     <xsd:annotation>
96                         <xsd:documentation>
97                             The component ID of the security policy factory to use with the profile handler.
98
99                             This setting should not be changed from its default unless the deployer fully understands
100                             the inter-relationship between IdP components.
101                         </xsd:documentation>
102                     </xsd:annotation>
103                 </xsd:attribute>
104             </xsd:extension>
105         </xsd:complexContent>
106     </xsd:complexType>
107
108     <xsd:complexType name="SAML2ProfileHandler" abstract="true">
109         <xsd:annotation>
110             <xsd:documentation>Base type for SAML 2 profile handlers.</xsd:documentation>
111         </xsd:annotation>
112         <xsd:complexContent>
113             <xsd:extension base="SAMLProfileHandler" />
114         </xsd:complexContent>
115     </xsd:complexType>
116
117     <xsd:complexType name="SAML1AttributeQuery">
118         <xsd:annotation>
119             <xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
120         </xsd:annotation>
121         <xsd:complexContent>
122             <xsd:extension base="SAML1ProfileHandler" />
123         </xsd:complexContent>
124     </xsd:complexType>
125
126     <xsd:complexType name="SAML1ProfileHandler" abstract="true">
127         <xsd:annotation>
128             <xsd:documentation>Base type for SAML 1 profile handlers.</xsd:documentation>
129         </xsd:annotation>
130         <xsd:complexContent>
131             <xsd:extension base="SAMLProfileHandler" />
132         </xsd:complexContent>
133     </xsd:complexType>
134
135     <xsd:complexType name="SAMLProfileHandler" abstract="true">
136         <xsd:annotation>
137             <xsd:documentation>Base type for Shibboleth IdP SAML profile handlers.</xsd:documentation>
138         </xsd:annotation>
139         <xsd:complexContent>
140             <xsd:extension base="IdPProfileHandlerType">
141                 <xsd:attribute name="messageDecoderFactoryId" type="xsd:string"
142                     default="shibboleth.MessageDecoderFactory">
143                     <xsd:annotation>
144                         <xsd:documentation>
145                             The component ID of the message decoder to use with the profile handler.
146
147                             This setting should not be changed from its default unless the deployer fully understands
148                             the inter-relationship between IdP components.
149                         </xsd:documentation>
150                     </xsd:annotation>
151                 </xsd:attribute>
152                 <xsd:attribute name="messageEncoderFactoryId" type="xsd:string"
153                     default="shibboleth.MessageEncoderFactory">
154                     <xsd:annotation>
155                         <xsd:documentation>
156                             The component ID of the message encoder to use with the profile handler.
157
158                             This setting should not be changed from its default unless the deployer fully understands
159                             the inter-relationship between IdP components.
160                         </xsd:documentation>
161                     </xsd:annotation>
162                 </xsd:attribute>
163                 <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
164                     <xsd:annotation>
165                         <xsd:documentation>
166                             The component ID of a generator used to generated things like response and assertion IDs.
167
168                             This setting should not be changed from its default unless the deployer fully understands
169                             the inter-relationship between IdP components.
170                         </xsd:documentation>
171                     </xsd:annotation>
172                 </xsd:attribute>
173             </xsd:extension>
174         </xsd:complexContent>
175     </xsd:complexType>
176
177     <xsd:complexType name="IdPProfileHandlerType" abstract="true">
178         <xsd:annotation>
179             <xsd:documentation>Base type for IdP profile handlers.</xsd:documentation>
180         </xsd:annotation>
181         <xsd:complexContent>
182             <xsd:extension base="ShibbolethProfileHandlerType" />
183         </xsd:complexContent>
184     </xsd:complexType>
185
186     <xsd:complexType name="RemoteUser">
187         <xsd:complexContent>
188             <xsd:extension base="AuthenticationHandlerType">
189                 <xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/RemoteUser">
190                     <xsd:annotation>
191                         <xsd:documentation>
192                             The servlet context path to the
193                             edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet instance
194                             protected by the container or web server.
195                         </xsd:documentation>
196                     </xsd:annotation>
197                 </xsd:attribute>
198             </xsd:extension>
199         </xsd:complexContent>
200     </xsd:complexType>
201
202     <xsd:complexType name="AuthenticationHandlerType" abstract="true">
203         <xsd:annotation>
204             <xsd:documentation>Base type for authentication handler types.</xsd:documentation>
205         </xsd:annotation>
206         <xsd:sequence>
207             <xsd:element name="AuthenticationMethod" type="xsd:string" maxOccurs="unbounded">
208                 <xsd:annotation>
209                     <xsd:documentation>
210                         The authentication methods supported by this handler. In SAML these methods represent the SAML 2
211                         authentication contexts class and declaration reference URIs.
212                     </xsd:documentation>
213                 </xsd:annotation>
214             </xsd:element>
215         </xsd:sequence>
216         <xsd:attribute name="authenticationDuration" type="xsd:positiveInteger" default="30">
217             <xsd:annotation>
218                 <xsd:documentation>
219                     The length of time, in minutes, that an authentication performed by this handler should be
220                     considered active. After which time a user, previously authenticated by this handler, must
221                     re-authenticate in order to assert the authentication method again.
222                 </xsd:documentation>
223             </xsd:annotation>
224         </xsd:attribute>
225     </xsd:complexType>
226
227 </xsd:schema>