Hook in SAML 1 goodness
[java-idp.git] / resources / classpath / schema / shibboleth-2.0-idp-profile-handler.xsd
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <xsd:schema targetNamespace="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
4     xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:service="urn:mace:shibboleth:2.0:services"
5     elementFormDefault="qualified">
6
7     <xsd:include schemaLocation="classpath:/schema/shibboleth-2.0-profile-handler.xsd" />
8
9     <xsd:import namespace="urn:mace:shibboleth:2.0:services"
10         schemaLocation="classpath:/schema/shibboleth-2.0-services.xsd" />
11
12     <xsd:annotation>
13         <xsd:documentation>
14             This schema specifies the configuration options for Shibboleth IdP profile handlers.
15         </xsd:documentation>
16     </xsd:annotation>
17
18     <xsd:complexType name="IdPProfileHandlerManager">
19         <xsd:annotation>
20             <xsd:documentation>Definition for the basic Shibboleth profile handler manager service.</xsd:documentation>
21         </xsd:annotation>
22         <xsd:complexContent>
23             <xsd:extension base="service:ReloadableServiceType" />
24         </xsd:complexContent>
25     </xsd:complexType>
26
27     <xsd:element name="ProfileHandlerGroup">
28         <xsd:annotation>
29             <xsd:documentation>Root of a profile handler configuration file.</xsd:documentation>
30         </xsd:annotation>
31         <xsd:complexType>
32             <xsd:sequence>
33                 <xsd:element name="ErrorHandler" type="ErrorHandlerType" />
34                 <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
35                 <xsd:element name="AuthenticationHandler" type="AuthenticationHandlerType" minOccurs="0"
36                     maxOccurs="unbounded" />
37             </xsd:sequence>
38         </xsd:complexType>
39     </xsd:element>
40
41     <xsd:complexType name="Status">
42         <xsd:annotation>
43             <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
44         </xsd:annotation>
45         <xsd:complexContent>
46             <xsd:extension base="RequestURIMappedProfileHandlerType" />
47         </xsd:complexContent>
48     </xsd:complexType>
49     
50     <xsd:complexType name="SAML2SSO">
51         <xsd:annotation>
52             <xsd:documentation>Configuration type for SAML 2 SSO profile handlers.</xsd:documentation>
53         </xsd:annotation>
54         <xsd:complexContent>
55             <xsd:extension base="SAML2ProfileHandler">
56                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
57                     <xsd:annotation>
58                         <xsd:documentation>
59                             The context relative path to the authentication manager used by this profile handler. This
60                             should match the URL pattern given in the web.xml
61                         </xsd:documentation>
62                     </xsd:annotation>
63                 </xsd:attribute>
64                 <xsd:attribute name="decodingBinding" type="xsd:anyURI"
65                     default="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
66                     <xsd:annotation>
67                         <xsd:documentation>
68                             The URI of the binding used when decoding requests from relying parties.
69                         </xsd:documentation>
70                     </xsd:annotation>
71                 </xsd:attribute>
72                 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
73                     default="shibboleth.SAML2SSOMessageSecurityPolicyFactory">
74                     <xsd:annotation>
75                         <xsd:documentation>
76                             The component ID of the security policy factory to use with the profile handler.
77
78                             This setting should not be changed from its default unless the deployer fully understands
79                             the inter-relationship between IdP components.
80                         </xsd:documentation>
81                     </xsd:annotation>
82                 </xsd:attribute>
83             </xsd:extension>
84         </xsd:complexContent>
85     </xsd:complexType>
86
87     <xsd:complexType name="SAML2AttributeQuery">
88         <xsd:annotation>
89             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
90         </xsd:annotation>
91         <xsd:complexContent>
92             <xsd:extension base="SAML2ProfileHandler">
93                 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
94                     default="shibboleth.SAML2AttributeQueryMessageSecurityPolicyFactory">
95                     <xsd:annotation>
96                         <xsd:documentation>
97                             The component ID of the security policy factory to use with the profile handler.
98
99                             This setting should not be changed from its default unless the deployer fully understands
100                             the inter-relationship between IdP components.
101                         </xsd:documentation>
102                     </xsd:annotation>
103                 </xsd:attribute>
104             </xsd:extension>
105         </xsd:complexContent>
106     </xsd:complexType>
107
108     <xsd:complexType name="SAML2ProfileHandler" abstract="true">
109         <xsd:annotation>
110             <xsd:documentation>Base type for SAML 2 profile handlers.</xsd:documentation>
111         </xsd:annotation>
112         <xsd:complexContent>
113             <xsd:extension base="SAMLProfileHandler" />
114         </xsd:complexContent>
115     </xsd:complexType>
116
117     <xsd:complexType name="ShibbolethSSO">
118         <xsd:annotation>
119             <xsd:documentation>Configuration type for Shibboleth 1 SSO profile handlers.</xsd:documentation>
120         </xsd:annotation>
121         <xsd:complexContent>
122             <xsd:extension base="SAML1ProfileHandler">
123                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
124                     <xsd:annotation>
125                         <xsd:documentation>
126                             The context relative path to the authentication manager used by this profile handler. This
127                             should match the URL pattern given in the web.xml
128                         </xsd:documentation>
129                     </xsd:annotation>
130                 </xsd:attribute>
131             </xsd:extension>
132         </xsd:complexContent>
133     </xsd:complexType>
134     
135     <xsd:complexType name="SAML1AttributeQuery">
136         <xsd:annotation>
137             <xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
138         </xsd:annotation>
139         <xsd:complexContent>
140             <xsd:extension base="SAML1ProfileHandler">
141                 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
142                     default="shibboleth.SAML1AttributeQueryMessageSecurityPolicyFactory">
143                     <xsd:annotation>
144                         <xsd:documentation>
145                             The component ID of the security policy factory to use with the profile handler.
146
147                             This setting should not be changed from its default unless the deployer fully understands
148                             the inter-relationship between IdP components.
149                         </xsd:documentation>
150                     </xsd:annotation>
151                 </xsd:attribute>
152             </xsd:extension>
153         </xsd:complexContent>
154     </xsd:complexType>
155
156     <xsd:complexType name="SAML1ProfileHandler" abstract="true">
157         <xsd:annotation>
158             <xsd:documentation>Base type for SAML 1 profile handlers.</xsd:documentation>
159         </xsd:annotation>
160         <xsd:complexContent>
161             <xsd:extension base="SAMLProfileHandler" />
162         </xsd:complexContent>
163     </xsd:complexType>
164
165     <xsd:complexType name="SAMLProfileHandler" abstract="true">
166         <xsd:annotation>
167             <xsd:documentation>Base type for Shibboleth IdP SAML profile handlers.</xsd:documentation>
168         </xsd:annotation>
169         <xsd:complexContent>
170             <xsd:extension base="IdPProfileHandlerType">
171                 <xsd:attribute name="messageDecoderFactoryId" type="xsd:string"
172                     default="shibboleth.MessageDecoderFactory">
173                     <xsd:annotation>
174                         <xsd:documentation>
175                             The component ID of the message decoder to use with the profile handler.
176
177                             This setting should not be changed from its default unless the deployer fully understands
178                             the inter-relationship between IdP components.
179                         </xsd:documentation>
180                     </xsd:annotation>
181                 </xsd:attribute>
182                 <xsd:attribute name="messageEncoderFactoryId" type="xsd:string"
183                     default="shibboleth.MessageEncoderFactory">
184                     <xsd:annotation>
185                         <xsd:documentation>
186                             The component ID of the message encoder to use with the profile handler.
187
188                             This setting should not be changed from its default unless the deployer fully understands
189                             the inter-relationship between IdP components.
190                         </xsd:documentation>
191                     </xsd:annotation>
192                 </xsd:attribute>
193                 <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
194                     <xsd:annotation>
195                         <xsd:documentation>
196                             The component ID of a generator used to generated things like response and assertion IDs.
197
198                             This setting should not be changed from its default unless the deployer fully understands
199                             the inter-relationship between IdP components.
200                         </xsd:documentation>
201                     </xsd:annotation>
202                 </xsd:attribute>
203             </xsd:extension>
204         </xsd:complexContent>
205     </xsd:complexType>
206
207     <xsd:complexType name="IdPProfileHandlerType" abstract="true">
208         <xsd:annotation>
209             <xsd:documentation>Base type for IdP profile handlers.</xsd:documentation>
210         </xsd:annotation>
211         <xsd:complexContent>
212             <xsd:extension base="ShibbolethProfileHandlerType" />
213         </xsd:complexContent>
214     </xsd:complexType>
215
216     <xsd:complexType name="RemoteUser">
217         <xsd:complexContent>
218             <xsd:extension base="AuthenticationHandlerType">
219                 <xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/RemoteUser">
220                     <xsd:annotation>
221                         <xsd:documentation>
222                             The servlet context path to the
223                             edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet instance
224                             protected by the container or web server.
225                         </xsd:documentation>
226                     </xsd:annotation>
227                 </xsd:attribute>
228             </xsd:extension>
229         </xsd:complexContent>
230     </xsd:complexType>
231
232     <xsd:complexType name="AuthenticationHandlerType" abstract="true">
233         <xsd:annotation>
234             <xsd:documentation>Base type for authentication handler types.</xsd:documentation>
235         </xsd:annotation>
236         <xsd:sequence>
237             <xsd:element name="AuthenticationMethod" type="xsd:string" maxOccurs="unbounded">
238                 <xsd:annotation>
239                     <xsd:documentation>
240                         The authentication methods supported by this handler. In SAML these methods represent the SAML 2
241                         authentication contexts class and declaration reference URIs.
242                     </xsd:documentation>
243                 </xsd:annotation>
244             </xsd:element>
245         </xsd:sequence>
246         <xsd:attribute name="authenticationDuration" type="xsd:positiveInteger" default="30">
247             <xsd:annotation>
248                 <xsd:documentation>
249                     The length of time, in minutes, that an authentication performed by this handler should be
250                     considered active. After which time a user, previously authenticated by this handler, must
251                     re-authenticate in order to assert the authentication method again.
252                 </xsd:documentation>
253             </xsd:annotation>
254         </xsd:attribute>
255     </xsd:complexType>
256
257 </xsd:schema>