resources/classpath/schema/shibboleth-2.0-idp-profile-handler.xsd

   1 <?xml version="1.0" encoding="UTF-8"?>
   2
   3 <xsd:schema targetNamespace="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
   4     xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:service="urn:mace:shibboleth:2.0:services"
   5     elementFormDefault="qualified">
   6
   7     <xsd:include schemaLocation="classpath:/schema/shibboleth-2.0-profile-handler.xsd" />
   8
   9     <xsd:import namespace="urn:mace:shibboleth:2.0:services"
  10         schemaLocation="classpath:/schema/shibboleth-2.0-services.xsd" />
  11
  12     <xsd:annotation>
  13         <xsd:documentation>
  14             This schema specifies the configuration options for Shibboleth IdP profile handlers.
  15         </xsd:documentation>
  16     </xsd:annotation>
  17
  18     <xsd:complexType name="IdPProfileHandlerManager">
  19         <xsd:annotation>
  20             <xsd:documentation>Definition for the basic Shibboleth profile handler manager service.</xsd:documentation>
  21         </xsd:annotation>
  22         <xsd:complexContent>
  23             <xsd:extension base="service:ReloadableServiceType" />
  24         </xsd:complexContent>
  25     </xsd:complexType>
  26
  27     <xsd:element name="ProfileHandlerGroup">
  28         <xsd:annotation>
  29             <xsd:documentation>Root of a profile handler configuration file.</xsd:documentation>
  30         </xsd:annotation>
  31         <xsd:complexType>
  32             <xsd:sequence>
  33                 <xsd:element name="ErrorHandler" type="ErrorHandlerType" />
  34                 <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
  35                 <xsd:element name="LoginHandler" type="LoginHandlerType" minOccurs="0"
  36                     maxOccurs="unbounded" />
  37             </xsd:sequence>
  38         </xsd:complexType>
  39     </xsd:element>
  40
  41     <xsd:complexType name="Status">
  42         <xsd:annotation>
  43             <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
  44         </xsd:annotation>
  45         <xsd:complexContent>
  46             <xsd:extension base="RequestURIMappedProfileHandlerType" />
  47         </xsd:complexContent>
  48     </xsd:complexType>
  49
  50     <xsd:complexType name="SAMLMetadata">
  51         <xsd:annotation>
  52             <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
  53         </xsd:annotation>
  54         <xsd:complexContent>
  55             <xsd:extension base="RequestURIMappedProfileHandlerType">
  56                 <xsd:attribute name="metadataFile" type="xsd:string" use="required">
  57                     <xsd:annotation>
  58                         <xsd:documentation>
  59                             Location of the static IdP metadata file.
  60                         </xsd:documentation>
  61                     </xsd:annotation>
  62                 </xsd:attribute>
  63             </xsd:extension>
  64         </xsd:complexContent>
  65     </xsd:complexType>
  66
  67     <xsd:complexType name="SAML2SSO">
  68         <xsd:annotation>
  69             <xsd:documentation>Configuration type for SAML 2 SSO profile handlers.</xsd:documentation>
  70         </xsd:annotation>
  71         <xsd:complexContent>
  72             <xsd:extension base="SAML2ProfileHandler">
  73                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
  74                     <xsd:annotation>
  75                         <xsd:documentation>
  76                             The context relative path to the authentication manager used by this profile handler. This
  77                             should match the URL pattern given in the web.xml
  78                         </xsd:documentation>
  79                     </xsd:annotation>
  80                 </xsd:attribute>
  81             </xsd:extension>
  82         </xsd:complexContent>
  83     </xsd:complexType>
  84
  85     <xsd:complexType name="SAML2AttributeQuery">
  86         <xsd:annotation>
  87             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
  88         </xsd:annotation>
  89         <xsd:complexContent>
  90             <xsd:extension base="SAML2ProfileHandler" />
  91         </xsd:complexContent>
  92     </xsd:complexType>
  93
  94     <xsd:complexType name="SAML2ArtifactResolution">
  95         <xsd:annotation>
  96             <xsd:documentation>Configuration type for SAML 2 artifact resolution profile handlers.</xsd:documentation>
  97         </xsd:annotation>
  98         <xsd:complexContent>
  99             <xsd:extension base="SAML2ProfileHandler">
 100                 <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
 101                     <xsd:annotation>
 102                         <xsd:documentation>
 103                             Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact objects.
 104                         </xsd:documentation>
 105                     </xsd:annotation>
 106                 </xsd:attribute>
 107             </xsd:extension>
 108         </xsd:complexContent>
 109     </xsd:complexType>
 110
 111     <xsd:complexType name="SAML2ProfileHandler" abstract="true">
 112         <xsd:annotation>
 113             <xsd:documentation>Base type for SAML 2 profile handlers.</xsd:documentation>
 114         </xsd:annotation>
 115         <xsd:complexContent>
 116             <xsd:extension base="SAMLProfileHandler" />
 117         </xsd:complexContent>
 118     </xsd:complexType>
 119
 120     <xsd:complexType name="ShibbolethSSO">
 121         <xsd:annotation>
 122             <xsd:documentation>Configuration type for Shibboleth 1 SSO profile handlers.</xsd:documentation>
 123         </xsd:annotation>
 124         <xsd:complexContent>
 125             <xsd:extension base="SAML1ProfileHandler">
 126                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
 127                     <xsd:annotation>
 128                         <xsd:documentation>
 129                             The context relative path to the authentication manager used by this profile handler. This
 130                             should match the URL pattern given in the web.xml
 131                         </xsd:documentation>
 132                     </xsd:annotation>
 133                 </xsd:attribute>
 134             </xsd:extension>
 135         </xsd:complexContent>
 136     </xsd:complexType>
 137
 138     <xsd:complexType name="SAML1AttributeQuery">
 139         <xsd:annotation>
 140             <xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
 141         </xsd:annotation>
 142         <xsd:complexContent>
 143             <xsd:extension base="SAML1ProfileHandler" />
 144         </xsd:complexContent>
 145     </xsd:complexType>
 146
 147     <xsd:complexType name="SAML1ArtifactResolution">
 148         <xsd:annotation>
 149             <xsd:documentation>Configuration type for SAML 1 artifact resolution profile handlers.</xsd:documentation>
 150         </xsd:annotation>
 151         <xsd:complexContent>
 152             <xsd:extension base="SAML1ProfileHandler">
 153                 <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
 154                     <xsd:annotation>
 155                         <xsd:documentation>
 156                             Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact objects.
 157                         </xsd:documentation>
 158                     </xsd:annotation>
 159                 </xsd:attribute>
 160             </xsd:extension>
 161         </xsd:complexContent>
 162     </xsd:complexType>
 163
 164     <xsd:complexType name="SAML1ProfileHandler" abstract="true">
 165         <xsd:annotation>
 166             <xsd:documentation>Base type for SAML 1 profile handlers.</xsd:documentation>
 167         </xsd:annotation>
 168         <xsd:complexContent>
 169             <xsd:extension base="SAMLProfileHandler" />
 170         </xsd:complexContent>
 171     </xsd:complexType>
 172
 173     <xsd:complexType name="SAMLProfileHandler" abstract="true">
 174         <xsd:annotation>
 175             <xsd:documentation>Base type for Shibboleth IdP SAML profile handlers.</xsd:documentation>
 176         </xsd:annotation>
 177         <xsd:complexContent>
 178             <xsd:extension base="IdPProfileHandlerType">
 179                 <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
 180                     <xsd:annotation>
 181                         <xsd:documentation>
 182                             The component ID of a generator used to generated things like response and assertion IDs.
 183
 184                             This setting should not be changed from its default unless the deployer fully understands
 185                             the inter-relationship between IdP components.
 186                         </xsd:documentation>
 187                     </xsd:annotation>
 188                 </xsd:attribute>
 189                 <xsd:attribute name="inboundBinding" type="xsd:anyURI" use="required">
 190                     <xsd:annotation>
 191                         <xsd:documentation>
 192                             The SAML message binding used by inbound messages.
 193                         </xsd:documentation>
 194                     </xsd:annotation>
 195                 </xsd:attribute>
 196                 <xsd:attribute name="outboundBindingEnumeration" >
 197                     <xsd:annotation>
 198                         <xsd:documentation>
 199                             An ordered list of outbound bindings supported by this profile handler. The order provided
 200                             establishes the precedence given the bindings such that, from the left to right, the first
 201                             binding also supported by the relying party will be used.
 202                         </xsd:documentation>
 203                     </xsd:annotation>
 204                     <xsd:simpleType>
 205                         <xsd:list itemType="xsd:anyURI" />
 206                     </xsd:simpleType>
 207                 </xsd:attribute>
 208             </xsd:extension>
 209         </xsd:complexContent>
 210     </xsd:complexType>
 211
 212     <xsd:complexType name="IdPProfileHandlerType" abstract="true">
 213         <xsd:annotation>
 214             <xsd:documentation>Base type for IdP profile handlers.</xsd:documentation>
 215         </xsd:annotation>
 216         <xsd:complexContent>
 217             <xsd:extension base="ShibbolethProfileHandlerType" />
 218         </xsd:complexContent>
 219     </xsd:complexType>
 220
 221     <xsd:complexType name="RemoteUser">
 222         <xsd:complexContent>
 223             <xsd:extension base="LoginHandlerType">
 224                 <xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/RemoteUser">
 225                     <xsd:annotation>
 226                         <xsd:documentation>
 227                             The servlet context path to the
 228                             edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet instance
 229                             protected by the container or web server.
 230                         </xsd:documentation>
 231                     </xsd:annotation>
 232                 </xsd:attribute>
 233             </xsd:extension>
 234         </xsd:complexContent>
 235     </xsd:complexType>
 236
 237     <xsd:complexType name="UsernamePassword">
 238         <xsd:complexContent>
 239             <xsd:extension base="LoginHandlerType">
 240                 <xsd:attribute name="jaasConfigurationLocation" type="xsd:anyURI">
 241                     <xsd:annotation>
 242                         <xsd:documentation>
 243                             Location of the JAAS configuration. If this attribute is used it will usually contain a file
 244                             URL to a configuration on the local filesystem. However, this attribute need not be used and
 245                             this information can be set within the VM in any manner supported by the JVM/container
 246                             implementation.
 247                         </xsd:documentation>
 248                     </xsd:annotation>
 249                 </xsd:attribute>
 250                 <xsd:attribute name="authenticationServletURL" type="xsd:string" default="/Authn/UserPassword">
 251                     <xsd:annotation>
 252                         <xsd:documentation>
 253                             The servlet context path to the
 254                             edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordAuthenticationServlet
 255                             that will authenticate the user.
 256                         </xsd:documentation>
 257                     </xsd:annotation>
 258                 </xsd:attribute>
 259             </xsd:extension>
 260         </xsd:complexContent>
 261     </xsd:complexType>
 262
 263     <xsd:complexType name="LoginHandlerType" abstract="true">
 264         <xsd:annotation>
 265             <xsd:documentation>Base type for authentication handler types.</xsd:documentation>
 266         </xsd:annotation>
 267         <xsd:sequence>
 268             <xsd:element name="AuthenticationMethod" type="xsd:string" maxOccurs="unbounded">
 269                 <xsd:annotation>
 270                     <xsd:documentation>
 271                         The authentication methods supported by this handler. In SAML these methods represent the SAML 2
 272                         authentication contexts class and declaration reference URIs.
 273                     </xsd:documentation>
 274                 </xsd:annotation>
 275             </xsd:element>
 276         </xsd:sequence>
 277         <xsd:attribute name="authenticationDuration" type="xsd:positiveInteger" default="30">
 278             <xsd:annotation>
 279                 <xsd:documentation>
 280                     The length of time, in minutes, that an authentication performed by this handler should be
 281                     considered active. After which time a user, previously authenticated by this handler, must
 282                     re-authenticate in order to assert the authentication method again.
 283                 </xsd:documentation>
 284             </xsd:annotation>
 285         </xsd:attribute>
 286     </xsd:complexType>
 287
 288 </xsd:schema>