resources/classpath/schema/shibboleth-2.0-idp-profile-handler.xsd

   1 <?xml version="1.0" encoding="UTF-8"?>
   2
   3 <xsd:schema targetNamespace="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
   4     xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:service="urn:mace:shibboleth:2.0:services"
   5     elementFormDefault="qualified">
   6
   7     <xsd:include schemaLocation="classpath:/schema/shibboleth-2.0-profile-handler.xsd" />
   8
   9     <xsd:import namespace="urn:mace:shibboleth:2.0:services"
  10         schemaLocation="classpath:/schema/shibboleth-2.0-services.xsd" />
  11
  12     <xsd:annotation>
  13         <xsd:documentation>
  14             This schema specifies the configuration options for Shibboleth IdP profile handlers.
  15         </xsd:documentation>
  16     </xsd:annotation>
  17
  18     <xsd:complexType name="IdPProfileHandlerManager">
  19         <xsd:annotation>
  20             <xsd:documentation>Definition for the basic Shibboleth profile handler manager service.</xsd:documentation>
  21         </xsd:annotation>
  22         <xsd:complexContent>
  23             <xsd:extension base="service:ReloadableServiceType" />
  24         </xsd:complexContent>
  25     </xsd:complexType>
  26
  27     <xsd:element name="ProfileHandlerGroup">
  28         <xsd:annotation>
  29             <xsd:documentation>Root of a profile handler configuration file.</xsd:documentation>
  30         </xsd:annotation>
  31         <xsd:complexType>
  32             <xsd:sequence>
  33                 <xsd:element name="ErrorHandler" type="ErrorHandlerType" />
  34                 <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
  35                 <xsd:element name="LoginHandler" type="LoginHandlerType" minOccurs="0"
  36                     maxOccurs="unbounded" />
  37             </xsd:sequence>
  38         </xsd:complexType>
  39     </xsd:element>
  40
  41     <xsd:complexType name="Status">
  42         <xsd:annotation>
  43             <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
  44         </xsd:annotation>
  45         <xsd:complexContent>
  46             <xsd:extension base="RequestURIMappedProfileHandlerType" />
  47         </xsd:complexContent>
  48     </xsd:complexType>
  49
  50     <xsd:complexType name="SAML2SSO">
  51         <xsd:annotation>
  52             <xsd:documentation>Configuration type for SAML 2 SSO profile handlers.</xsd:documentation>
  53         </xsd:annotation>
  54         <xsd:complexContent>
  55             <xsd:extension base="SAML2ProfileHandler">
  56                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
  57                     <xsd:annotation>
  58                         <xsd:documentation>
  59                             The context relative path to the authentication manager used by this profile handler. This
  60                             should match the URL pattern given in the web.xml
  61                         </xsd:documentation>
  62                     </xsd:annotation>
  63                 </xsd:attribute>
  64             </xsd:extension>
  65         </xsd:complexContent>
  66     </xsd:complexType>
  67
  68     <xsd:complexType name="SAML2AttributeQuery">
  69         <xsd:annotation>
  70             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
  71         </xsd:annotation>
  72         <xsd:complexContent>
  73             <xsd:extension base="SAML2ProfileHandler" />
  74         </xsd:complexContent>
  75     </xsd:complexType>
  76
  77     <xsd:complexType name="SAML2ArtifactResolution">
  78         <xsd:annotation>
  79             <xsd:documentation>Configuration type for SAML 2 artifact resolution profile handlers.</xsd:documentation>
  80         </xsd:annotation>
  81         <xsd:complexContent>
  82             <xsd:extension base="SAML2ProfileHandler">
  83                 <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
  84                     <xsd:annotation>
  85                         <xsd:documentation>
  86                             Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact objects.
  87                         </xsd:documentation>
  88                     </xsd:annotation>
  89                 </xsd:attribute>
  90             </xsd:extension>
  91         </xsd:complexContent>
  92     </xsd:complexType>
  93
  94     <xsd:complexType name="SAML2ProfileHandler" abstract="true">
  95         <xsd:annotation>
  96             <xsd:documentation>Base type for SAML 2 profile handlers.</xsd:documentation>
  97         </xsd:annotation>
  98         <xsd:complexContent>
  99             <xsd:extension base="SAMLProfileHandler" />
 100         </xsd:complexContent>
 101     </xsd:complexType>
 102
 103     <xsd:complexType name="ShibbolethSSO">
 104         <xsd:annotation>
 105             <xsd:documentation>Configuration type for Shibboleth 1 SSO profile handlers.</xsd:documentation>
 106         </xsd:annotation>
 107         <xsd:complexContent>
 108             <xsd:extension base="SAML1ProfileHandler">
 109                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
 110                     <xsd:annotation>
 111                         <xsd:documentation>
 112                             The context relative path to the authentication manager used by this profile handler. This
 113                             should match the URL pattern given in the web.xml
 114                         </xsd:documentation>
 115                     </xsd:annotation>
 116                 </xsd:attribute>
 117             </xsd:extension>
 118         </xsd:complexContent>
 119     </xsd:complexType>
 120
 121     <xsd:complexType name="SAML1AttributeQuery">
 122         <xsd:annotation>
 123             <xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
 124         </xsd:annotation>
 125         <xsd:complexContent>
 126             <xsd:extension base="SAML1ProfileHandler" />
 127         </xsd:complexContent>
 128     </xsd:complexType>
 129
 130     <xsd:complexType name="SAML1ArtifactResolution">
 131         <xsd:annotation>
 132             <xsd:documentation>Configuration type for SAML 1 artifact resolution profile handlers.</xsd:documentation>
 133         </xsd:annotation>
 134         <xsd:complexContent>
 135             <xsd:extension base="SAML1ProfileHandler">
 136                 <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
 137                     <xsd:annotation>
 138                         <xsd:documentation>
 139                             Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact objects.
 140                         </xsd:documentation>
 141                     </xsd:annotation>
 142                 </xsd:attribute>
 143             </xsd:extension>
 144         </xsd:complexContent>
 145     </xsd:complexType>
 146
 147     <xsd:complexType name="SAML1ProfileHandler" abstract="true">
 148         <xsd:annotation>
 149             <xsd:documentation>Base type for SAML 1 profile handlers.</xsd:documentation>
 150         </xsd:annotation>
 151         <xsd:complexContent>
 152             <xsd:extension base="SAMLProfileHandler" />
 153         </xsd:complexContent>
 154     </xsd:complexType>
 155
 156     <xsd:complexType name="SAMLProfileHandler" abstract="true">
 157         <xsd:annotation>
 158             <xsd:documentation>Base type for Shibboleth IdP SAML profile handlers.</xsd:documentation>
 159         </xsd:annotation>
 160         <xsd:complexContent>
 161             <xsd:extension base="IdPProfileHandlerType">
 162                 <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
 163                     <xsd:annotation>
 164                         <xsd:documentation>
 165                             The component ID of a generator used to generated things like response and assertion IDs.
 166
 167                             This setting should not be changed from its default unless the deployer fully understands
 168                             the inter-relationship between IdP components.
 169                         </xsd:documentation>
 170                     </xsd:annotation>
 171                 </xsd:attribute>
 172                 <xsd:attribute name="inboundBinding" type="xsd:anyURI" use="required">
 173                     <xsd:annotation>
 174                         <xsd:documentation>
 175                             The SAML message binding used by inbound messages.
 176                         </xsd:documentation>
 177                     </xsd:annotation>
 178                 </xsd:attribute>
 179                 <xsd:attribute name="outboundBindingEnumeration" >
 180                     <xsd:annotation>
 181                         <xsd:documentation>
 182                             An ordered list of outbound bindings supported by this profile handler. The order provided
 183                             establishes the precedence given the bindings such that, from the left to right, the first
 184                             binding also supported by the relying party will be used.
 185                         </xsd:documentation>
 186                     </xsd:annotation>
 187                     <xsd:simpleType>
 188                         <xsd:list itemType="xsd:anyURI" />
 189                     </xsd:simpleType>
 190                 </xsd:attribute>
 191             </xsd:extension>
 192         </xsd:complexContent>
 193     </xsd:complexType>
 194
 195     <xsd:complexType name="IdPProfileHandlerType" abstract="true">
 196         <xsd:annotation>
 197             <xsd:documentation>Base type for IdP profile handlers.</xsd:documentation>
 198         </xsd:annotation>
 199         <xsd:complexContent>
 200             <xsd:extension base="ShibbolethProfileHandlerType" />
 201         </xsd:complexContent>
 202     </xsd:complexType>
 203
 204     <xsd:complexType name="RemoteUser">
 205         <xsd:complexContent>
 206             <xsd:extension base="LoginHandlerType">
 207                 <xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/RemoteUser">
 208                     <xsd:annotation>
 209                         <xsd:documentation>
 210                             The servlet context path to the
 211                             edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet instance
 212                             protected by the container or web server.
 213                         </xsd:documentation>
 214                     </xsd:annotation>
 215                 </xsd:attribute>
 216             </xsd:extension>
 217         </xsd:complexContent>
 218     </xsd:complexType>
 219
 220     <xsd:complexType name="UsernamePassword">
 221         <xsd:complexContent>
 222             <xsd:extension base="LoginHandlerType">
 223                 <xsd:attribute name="jaasConfigurationLocation" type="xsd:anyURI">
 224                     <xsd:annotation>
 225                         <xsd:documentation>
 226                             Location of the JAAS configuration. If this attribute is used it will usually contain a file
 227                             URL to a configuration on the local filesystem. However, this attribute need not be used and
 228                             this information can be set within the VM in any manner supported by the JVM/container
 229                             implementation.
 230                         </xsd:documentation>
 231                     </xsd:annotation>
 232                 </xsd:attribute>
 233                 <xsd:attribute name="authenticationServletURL" type="xsd:string" default="/Authn/UserPassword">
 234                     <xsd:annotation>
 235                         <xsd:documentation>
 236                             The servlet context path to the
 237                             edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordAuthenticationServlet
 238                             that will authenticate the user.
 239                         </xsd:documentation>
 240                     </xsd:annotation>
 241                 </xsd:attribute>
 242             </xsd:extension>
 243         </xsd:complexContent>
 244     </xsd:complexType>
 245
 246     <xsd:complexType name="LoginHandlerType" abstract="true">
 247         <xsd:annotation>
 248             <xsd:documentation>Base type for authentication handler types.</xsd:documentation>
 249         </xsd:annotation>
 250         <xsd:sequence>
 251             <xsd:element name="AuthenticationMethod" type="xsd:string" maxOccurs="unbounded">
 252                 <xsd:annotation>
 253                     <xsd:documentation>
 254                         The authentication methods supported by this handler. In SAML these methods represent the SAML 2
 255                         authentication contexts class and declaration reference URIs.
 256                     </xsd:documentation>
 257                 </xsd:annotation>
 258             </xsd:element>
 259         </xsd:sequence>
 260         <xsd:attribute name="authenticationDuration" type="xsd:positiveInteger" default="30">
 261             <xsd:annotation>
 262                 <xsd:documentation>
 263                     The length of time, in minutes, that an authentication performed by this handler should be
 264                     considered active. After which time a user, previously authenticated by this handler, must
 265                     re-authenticate in order to assert the authentication method again.
 266                 </xsd:documentation>
 267             </xsd:annotation>
 268         </xsd:attribute>
 269     </xsd:complexType>
 270
 271 </xsd:schema>