Add support for an explicit set of outgoing bindings
[java-idp.git] / resources / classpath / schema / shibboleth-2.0-idp-profile-handler.xsd
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <xsd:schema targetNamespace="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
4     xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:service="urn:mace:shibboleth:2.0:services"
5     elementFormDefault="qualified">
6
7     <xsd:include schemaLocation="classpath:/schema/shibboleth-2.0-profile-handler.xsd" />
8
9     <xsd:import namespace="urn:mace:shibboleth:2.0:services"
10         schemaLocation="classpath:/schema/shibboleth-2.0-services.xsd" />
11
12     <xsd:annotation>
13         <xsd:documentation>
14             This schema specifies the configuration options for Shibboleth IdP profile handlers.
15         </xsd:documentation>
16     </xsd:annotation>
17
18     <xsd:complexType name="IdPProfileHandlerManager">
19         <xsd:annotation>
20             <xsd:documentation>Definition for the basic Shibboleth profile handler manager service.</xsd:documentation>
21         </xsd:annotation>
22         <xsd:complexContent>
23             <xsd:extension base="service:ReloadableServiceType" />
24         </xsd:complexContent>
25     </xsd:complexType>
26
27     <xsd:element name="ProfileHandlerGroup">
28         <xsd:annotation>
29             <xsd:documentation>Root of a profile handler configuration file.</xsd:documentation>
30         </xsd:annotation>
31         <xsd:complexType>
32             <xsd:sequence>
33                 <xsd:element name="ErrorHandler" type="ErrorHandlerType" />
34                 <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
35                 <xsd:element name="AuthenticationHandler" type="AuthenticationHandlerType" minOccurs="0"
36                     maxOccurs="unbounded" />
37             </xsd:sequence>
38         </xsd:complexType>
39     </xsd:element>
40
41     <xsd:complexType name="Status">
42         <xsd:annotation>
43             <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
44         </xsd:annotation>
45         <xsd:complexContent>
46             <xsd:extension base="RequestURIMappedProfileHandlerType" />
47         </xsd:complexContent>
48     </xsd:complexType>
49     
50     <xsd:complexType name="SAML2SSO">
51         <xsd:annotation>
52             <xsd:documentation>Configuration type for SAML 2 SSO profile handlers.</xsd:documentation>
53         </xsd:annotation>
54         <xsd:complexContent>
55             <xsd:extension base="SAML2ProfileHandler">
56                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
57                     <xsd:annotation>
58                         <xsd:documentation>
59                             The context relative path to the authentication manager used by this profile handler. This
60                             should match the URL pattern given in the web.xml
61                         </xsd:documentation>
62                     </xsd:annotation>
63                 </xsd:attribute>
64                 <xsd:attribute name="decodingBinding" type="xsd:anyURI"
65                     default="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
66                     <xsd:annotation>
67                         <xsd:documentation>
68                             The URI of the binding used when decoding requests from relying parties.
69                         </xsd:documentation>
70                     </xsd:annotation>
71                 </xsd:attribute>
72                 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
73                     default="shibboleth.SAML2SSOMessageSecurityPolicyFactory">
74                     <xsd:annotation>
75                         <xsd:documentation>
76                             The component ID of the security policy factory to use with the profile handler.
77
78                             This setting should not be changed from its default unless the deployer fully understands
79                             the inter-relationship between IdP components.
80                         </xsd:documentation>
81                     </xsd:annotation>
82                 </xsd:attribute>
83                 <xsd:attribute name="outboundBindingEnumeration" default="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
84                     <xsd:annotation>
85                         <xsd:documentation>
86                             An ordered list of outbound bindings supported by this profile handler.  The order
87                             provided establishs the precedence given the bindings such that, from the left to right, 
88                             the first binding also supported by the relying party will be used.
89                         </xsd:documentation>
90                     </xsd:annotation>
91                     <xsd:simpleType>
92                         <xsd:list itemType="xsd:anyURI"/>
93                     </xsd:simpleType>
94                 </xsd:attribute>
95             </xsd:extension>
96         </xsd:complexContent>
97     </xsd:complexType>
98
99     <xsd:complexType name="SAML2AttributeQuery">
100         <xsd:annotation>
101             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
102         </xsd:annotation>
103         <xsd:complexContent>
104             <xsd:extension base="SAML2ProfileHandler">
105                 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
106                     default="shibboleth.SAML2AttributeQueryMessageSecurityPolicyFactory">
107                     <xsd:annotation>
108                         <xsd:documentation>
109                             The component ID of the security policy factory to use with the profile handler.
110
111                             This setting should not be changed from its default unless the deployer fully understands
112                             the inter-relationship between IdP components.
113                         </xsd:documentation>
114                     </xsd:annotation>
115                 </xsd:attribute>
116             </xsd:extension>
117         </xsd:complexContent>
118     </xsd:complexType>
119
120     <xsd:complexType name="SAML2ProfileHandler" abstract="true">
121         <xsd:annotation>
122             <xsd:documentation>Base type for SAML 2 profile handlers.</xsd:documentation>
123         </xsd:annotation>
124         <xsd:complexContent>
125             <xsd:extension base="SAMLProfileHandler" />
126         </xsd:complexContent>
127     </xsd:complexType>
128
129     <xsd:complexType name="ShibbolethSSO">
130         <xsd:annotation>
131             <xsd:documentation>Configuration type for Shibboleth 1 SSO profile handlers.</xsd:documentation>
132         </xsd:annotation>
133         <xsd:complexContent>
134             <xsd:extension base="SAML1ProfileHandler">
135                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
136                     <xsd:annotation>
137                         <xsd:documentation>
138                             The context relative path to the authentication manager used by this profile handler. This
139                             should match the URL pattern given in the web.xml
140                         </xsd:documentation>
141                     </xsd:annotation>
142                 </xsd:attribute>
143                 <xsd:attribute name="outboundBindingEnumeration" default="urn:oasis:names:tc:SAML:1.0:profiles:browser-post">
144                     <xsd:annotation>
145                         <xsd:documentation>
146                             An ordered list of outbound bindings supported by this profile handler.  The order
147                             provided establishs the precedence given the bindings such that, from the left to right, 
148                             the first binding also supported by the relying party will be used.
149                         </xsd:documentation>
150                     </xsd:annotation>
151                     <xsd:simpleType>
152                         <xsd:list itemType="xsd:anyURI"/>
153                     </xsd:simpleType>
154                 </xsd:attribute>
155             </xsd:extension>
156         </xsd:complexContent>
157     </xsd:complexType>
158     
159     <xsd:complexType name="SAML1AttributeQuery">
160         <xsd:annotation>
161             <xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
162         </xsd:annotation>
163         <xsd:complexContent>
164             <xsd:extension base="SAML1ProfileHandler">
165                 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
166                     default="shibboleth.SAML1AttributeQueryMessageSecurityPolicyFactory">
167                     <xsd:annotation>
168                         <xsd:documentation>
169                             The component ID of the security policy factory to use with the profile handler.
170
171                             This setting should not be changed from its default unless the deployer fully understands
172                             the inter-relationship between IdP components.
173                         </xsd:documentation>
174                     </xsd:annotation>
175                 </xsd:attribute>
176             </xsd:extension>
177         </xsd:complexContent>
178     </xsd:complexType>
179
180     <xsd:complexType name="SAML1ProfileHandler" abstract="true">
181         <xsd:annotation>
182             <xsd:documentation>Base type for SAML 1 profile handlers.</xsd:documentation>
183         </xsd:annotation>
184         <xsd:complexContent>
185             <xsd:extension base="SAMLProfileHandler" />
186         </xsd:complexContent>
187     </xsd:complexType>
188
189     <xsd:complexType name="SAMLProfileHandler" abstract="true">
190         <xsd:annotation>
191             <xsd:documentation>Base type for Shibboleth IdP SAML profile handlers.</xsd:documentation>
192         </xsd:annotation>
193         <xsd:complexContent>
194             <xsd:extension base="IdPProfileHandlerType">
195                 <xsd:attribute name="messageDecoderFactoryId" type="xsd:string"
196                     default="shibboleth.MessageDecoderFactory">
197                     <xsd:annotation>
198                         <xsd:documentation>
199                             The component ID of the message decoder to use with the profile handler.
200
201                             This setting should not be changed from its default unless the deployer fully understands
202                             the inter-relationship between IdP components.
203                         </xsd:documentation>
204                     </xsd:annotation>
205                 </xsd:attribute>
206                 <xsd:attribute name="messageEncoderFactoryId" type="xsd:string"
207                     default="shibboleth.MessageEncoderFactory">
208                     <xsd:annotation>
209                         <xsd:documentation>
210                             The component ID of the message encoder to use with the profile handler.
211
212                             This setting should not be changed from its default unless the deployer fully understands
213                             the inter-relationship between IdP components.
214                         </xsd:documentation>
215                     </xsd:annotation>
216                 </xsd:attribute>
217                 <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
218                     <xsd:annotation>
219                         <xsd:documentation>
220                             The component ID of a generator used to generated things like response and assertion IDs.
221
222                             This setting should not be changed from its default unless the deployer fully understands
223                             the inter-relationship between IdP components.
224                         </xsd:documentation>
225                     </xsd:annotation>
226                 </xsd:attribute>
227             </xsd:extension>
228         </xsd:complexContent>
229     </xsd:complexType>
230
231     <xsd:complexType name="IdPProfileHandlerType" abstract="true">
232         <xsd:annotation>
233             <xsd:documentation>Base type for IdP profile handlers.</xsd:documentation>
234         </xsd:annotation>
235         <xsd:complexContent>
236             <xsd:extension base="ShibbolethProfileHandlerType" />
237         </xsd:complexContent>
238     </xsd:complexType>
239
240     <xsd:complexType name="RemoteUser">
241         <xsd:complexContent>
242             <xsd:extension base="AuthenticationHandlerType">
243                 <xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/RemoteUser">
244                     <xsd:annotation>
245                         <xsd:documentation>
246                             The servlet context path to the
247                             edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet instance
248                             protected by the container or web server.
249                         </xsd:documentation>
250                     </xsd:annotation>
251                 </xsd:attribute>
252             </xsd:extension>
253         </xsd:complexContent>
254     </xsd:complexType>
255
256     <xsd:complexType name="AuthenticationHandlerType" abstract="true">
257         <xsd:annotation>
258             <xsd:documentation>Base type for authentication handler types.</xsd:documentation>
259         </xsd:annotation>
260         <xsd:sequence>
261             <xsd:element name="AuthenticationMethod" type="xsd:string" maxOccurs="unbounded">
262                 <xsd:annotation>
263                     <xsd:documentation>
264                         The authentication methods supported by this handler. In SAML these methods represent the SAML 2
265                         authentication contexts class and declaration reference URIs.
266                     </xsd:documentation>
267                 </xsd:annotation>
268             </xsd:element>
269         </xsd:sequence>
270         <xsd:attribute name="authenticationDuration" type="xsd:positiveInteger" default="30">
271             <xsd:annotation>
272                 <xsd:documentation>
273                     The length of time, in minutes, that an authentication performed by this handler should be
274                     considered active. After which time a user, previously authenticated by this handler, must
275                     re-authenticate in order to assert the authentication method again.
276                 </xsd:documentation>
277             </xsd:annotation>
278         </xsd:attribute>
279     </xsd:complexType>
280
281 </xsd:schema>