resources/classpath/schema/shibboleth-2.0-idp-profile-handler.xsd

   1 <?xml version="1.0" encoding="UTF-8"?>
   2
   3 <xsd:schema targetNamespace="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
   4     xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:service="urn:mace:shibboleth:2.0:services"
   5     elementFormDefault="qualified">
   6
   7     <xsd:include schemaLocation="classpath:/schema/shibboleth-2.0-profile-handler.xsd" />
   8
   9     <xsd:import namespace="urn:mace:shibboleth:2.0:services"
  10         schemaLocation="classpath:/schema/shibboleth-2.0-services.xsd" />
  11
  12     <xsd:annotation>
  13         <xsd:documentation>
  14             This schema specifies the configuration options for Shibboleth IdP profile handlers.
  15         </xsd:documentation>
  16     </xsd:annotation>
  17
  18     <xsd:complexType name="IdPProfileHandlerManager">
  19         <xsd:annotation>
  20             <xsd:documentation>Definition for the basic Shibboleth profile handler manager service.</xsd:documentation>
  21         </xsd:annotation>
  22         <xsd:complexContent>
  23             <xsd:extension base="service:ReloadableServiceType" />
  24         </xsd:complexContent>
  25     </xsd:complexType>
  26
  27     <xsd:element name="ProfileHandlerGroup">
  28         <xsd:annotation>
  29             <xsd:documentation>Root of a profile handler configuration file.</xsd:documentation>
  30         </xsd:annotation>
  31         <xsd:complexType>
  32             <xsd:sequence>
  33                 <xsd:element name="ErrorHandler" type="ErrorHandlerType" />
  34                 <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
  35                 <xsd:element name="AuthenticationHandler" type="AuthenticationHandlerType" minOccurs="0"
  36                     maxOccurs="unbounded" />
  37             </xsd:sequence>
  38         </xsd:complexType>
  39     </xsd:element>
  40
  41     <xsd:complexType name="Status">
  42         <xsd:annotation>
  43             <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
  44         </xsd:annotation>
  45         <xsd:complexContent>
  46             <xsd:extension base="RequestURIMappedProfileHandlerType" />
  47         </xsd:complexContent>
  48     </xsd:complexType>
  49
  50     <xsd:complexType name="SAML2SSO">
  51         <xsd:annotation>
  52             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
  53         </xsd:annotation>
  54         <xsd:complexContent>
  55             <xsd:extension base="SAML2ProfileHandler">
  56                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnManager">
  57                     <xsd:annotation>
  58                         <xsd:documentation>
  59                             The context relative path to the authentication manager used by this profile handler. This
  60                             should match the URL pattern given in the web.xml
  61                         </xsd:documentation>
  62                     </xsd:annotation>
  63                 </xsd:attribute>
  64                 <xsd:attribute name="decodingBinding" type="xsd:anyURI"
  65                     default="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
  66                     <xsd:annotation>
  67                         <xsd:documentation>
  68                             The URI of the binding used when decoding requests from relying parties.
  69                         </xsd:documentation>
  70                     </xsd:annotation>
  71                 </xsd:attribute>
  72                 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
  73                     default="shibboleth.SAML2SSOMessageSecurityPolicyFactory">
  74                     <xsd:annotation>
  75                         <xsd:documentation>
  76                             The component ID of the security policy factory to use with the profile handler.
  77
  78                             This setting should not be changed from its default unless the deployer fully understands
  79                             the inter-relationship between IdP components.
  80                         </xsd:documentation>
  81                     </xsd:annotation>
  82                 </xsd:attribute>
  83             </xsd:extension>
  84         </xsd:complexContent>
  85     </xsd:complexType>
  86
  87     <xsd:complexType name="SAML2AttributeQuery">
  88         <xsd:annotation>
  89             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
  90         </xsd:annotation>
  91         <xsd:complexContent>
  92             <xsd:extension base="SAML2ProfileHandler">
  93                 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
  94                     default="shibboleth.SAML2AttributeQueryMessageSecurityPolicyFactory">
  95                     <xsd:annotation>
  96                         <xsd:documentation>
  97                             The component ID of the security policy factory to use with the profile handler.
  98
  99                             This setting should not be changed from its default unless the deployer fully understands
 100                             the inter-relationship between IdP components.
 101                         </xsd:documentation>
 102                     </xsd:annotation>
 103                 </xsd:attribute>
 104             </xsd:extension>
 105         </xsd:complexContent>
 106     </xsd:complexType>
 107
 108     <xsd:complexType name="SAML2ProfileHandler" abstract="true">
 109         <xsd:annotation>
 110             <xsd:documentation>Base type for SAML 2 profile handlers.</xsd:documentation>
 111         </xsd:annotation>
 112         <xsd:complexContent>
 113             <xsd:extension base="SAMLProfileHandler" />
 114         </xsd:complexContent>
 115     </xsd:complexType>
 116
 117     <xsd:complexType name="SAML1AttributeQuery">
 118         <xsd:annotation>
 119             <xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
 120         </xsd:annotation>
 121         <xsd:complexContent>
 122             <xsd:extension base="SAML1ProfileHandler" />
 123         </xsd:complexContent>
 124     </xsd:complexType>
 125
 126     <xsd:complexType name="SAML1ProfileHandler" abstract="true">
 127         <xsd:annotation>
 128             <xsd:documentation>Base type for SAML 1 profile handlers.</xsd:documentation>
 129         </xsd:annotation>
 130         <xsd:complexContent>
 131             <xsd:extension base="SAMLProfileHandler" />
 132         </xsd:complexContent>
 133     </xsd:complexType>
 134
 135     <xsd:complexType name="SAMLProfileHandler" abstract="true">
 136         <xsd:annotation>
 137             <xsd:documentation>Base type for Shibboleth IdP SAML profile handlers.</xsd:documentation>
 138         </xsd:annotation>
 139         <xsd:complexContent>
 140             <xsd:extension base="IdPProfileHandlerType">
 141                 <xsd:attribute name="messageDecoderFactoryId" type="xsd:string"
 142                     default="shibboleth.MessageDecoderFactory">
 143                     <xsd:annotation>
 144                         <xsd:documentation>
 145                             The component ID of the message decoder to use with the profile handler.
 146
 147                             This setting should not be changed from its default unless the deployer fully understands
 148                             the inter-relationship between IdP components.
 149                         </xsd:documentation>
 150                     </xsd:annotation>
 151                 </xsd:attribute>
 152                 <xsd:attribute name="messageEncoderFactoryId" type="xsd:string"
 153                     default="shibboleth.MessageEncoderFactory">
 154                     <xsd:annotation>
 155                         <xsd:documentation>
 156                             The component ID of the message encoder to use with the profile handler.
 157
 158                             This setting should not be changed from its default unless the deployer fully understands
 159                             the inter-relationship between IdP components.
 160                         </xsd:documentation>
 161                     </xsd:annotation>
 162                 </xsd:attribute>
 163                 <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
 164                     <xsd:annotation>
 165                         <xsd:documentation>
 166                             The component ID of a generator used to generated things like response and assertion IDs.
 167
 168                             This setting should not be changed from its default unless the deployer fully understands
 169                             the inter-relationship between IdP components.
 170                         </xsd:documentation>
 171                     </xsd:annotation>
 172                 </xsd:attribute>
 173             </xsd:extension>
 174         </xsd:complexContent>
 175     </xsd:complexType>
 176
 177     <xsd:complexType name="IdPProfileHandlerType" abstract="true">
 178         <xsd:annotation>
 179             <xsd:documentation>Base type for IdP profile handlers.</xsd:documentation>
 180         </xsd:annotation>
 181         <xsd:complexContent>
 182             <xsd:extension base="ShibbolethProfileHandlerType" />
 183         </xsd:complexContent>
 184     </xsd:complexType>
 185
 186     <xsd:complexType name="RemoteUser">
 187         <xsd:complexContent>
 188             <xsd:extension base="AuthenticationHandlerType">
 189                 <xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/RemoteUser">
 190                     <xsd:annotation>
 191                         <xsd:documentation>
 192                             The servlet context path to the
 193                             edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet instance
 194                             protected by the container or web server.
 195                         </xsd:documentation>
 196                     </xsd:annotation>
 197                 </xsd:attribute>
 198             </xsd:extension>
 199         </xsd:complexContent>
 200     </xsd:complexType>
 201
 202     <xsd:complexType name="AuthenticationHandlerType" abstract="true">
 203         <xsd:annotation>
 204             <xsd:documentation>Base type for authentication handler types.</xsd:documentation>
 205         </xsd:annotation>
 206         <xsd:sequence>
 207             <xsd:element name="AuthenticationMethod" type="xsd:string" maxOccurs="unbounded">
 208                 <xsd:annotation>
 209                     <xsd:documentation>
 210                         The authentication methods supported by this handler. In SAML these methods represent the SAML 2
 211                         authentication contexts class and declaration reference URIs.
 212                     </xsd:documentation>
 213                 </xsd:annotation>
 214             </xsd:element>
 215         </xsd:sequence>
 216         <xsd:attribute name="authenticationDuration" type="xsd:positiveInteger" default="30">
 217             <xsd:annotation>
 218                 <xsd:documentation>
 219                     The length of time, in minutes, that an authentication performed by this handler should be
 220                     considered active. After which time a user, previously authenticated by this handler, must
 221                     re-authenticate in order to assert the authentication method again.
 222                 </xsd:documentation>
 223             </xsd:annotation>
 224         </xsd:attribute>
 225     </xsd:complexType>
 226
 227 </xsd:schema>