Add in SAML 1 and 2 Artifact resolution profile handler configuration and add to...
[java-idp.git] / resources / classpath / schema / shibboleth-2.0-idp-profile-handler.xsd
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <xsd:schema targetNamespace="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
4     xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:service="urn:mace:shibboleth:2.0:services"
5     elementFormDefault="qualified">
6
7     <xsd:include schemaLocation="classpath:/schema/shibboleth-2.0-profile-handler.xsd" />
8
9     <xsd:import namespace="urn:mace:shibboleth:2.0:services"
10         schemaLocation="classpath:/schema/shibboleth-2.0-services.xsd" />
11
12     <xsd:annotation>
13         <xsd:documentation>
14             This schema specifies the configuration options for Shibboleth IdP profile handlers.
15         </xsd:documentation>
16     </xsd:annotation>
17
18     <xsd:complexType name="IdPProfileHandlerManager">
19         <xsd:annotation>
20             <xsd:documentation>Definition for the basic Shibboleth profile handler manager service.</xsd:documentation>
21         </xsd:annotation>
22         <xsd:complexContent>
23             <xsd:extension base="service:ReloadableServiceType" />
24         </xsd:complexContent>
25     </xsd:complexType>
26
27     <xsd:element name="ProfileHandlerGroup">
28         <xsd:annotation>
29             <xsd:documentation>Root of a profile handler configuration file.</xsd:documentation>
30         </xsd:annotation>
31         <xsd:complexType>
32             <xsd:sequence>
33                 <xsd:element name="ErrorHandler" type="ErrorHandlerType" />
34                 <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
35                 <xsd:element name="LoginHandler" type="LoginHandlerType" minOccurs="0"
36                     maxOccurs="unbounded" />
37             </xsd:sequence>
38         </xsd:complexType>
39     </xsd:element>
40
41     <xsd:complexType name="Status">
42         <xsd:annotation>
43             <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
44         </xsd:annotation>
45         <xsd:complexContent>
46             <xsd:extension base="RequestURIMappedProfileHandlerType" />
47         </xsd:complexContent>
48     </xsd:complexType>
49
50     <xsd:complexType name="SAML2SSO">
51         <xsd:annotation>
52             <xsd:documentation>Configuration type for SAML 2 SSO profile handlers.</xsd:documentation>
53         </xsd:annotation>
54         <xsd:complexContent>
55             <xsd:extension base="SAML2ProfileHandler">
56                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
57                     <xsd:annotation>
58                         <xsd:documentation>
59                             The context relative path to the authentication manager used by this profile handler. This
60                             should match the URL pattern given in the web.xml
61                         </xsd:documentation>
62                     </xsd:annotation>
63                 </xsd:attribute>
64             </xsd:extension>
65         </xsd:complexContent>
66     </xsd:complexType>
67
68     <xsd:complexType name="SAML2AttributeQuery">
69         <xsd:annotation>
70             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
71         </xsd:annotation>
72         <xsd:complexContent>
73             <xsd:extension base="SAML2ProfileHandler" />
74         </xsd:complexContent>
75     </xsd:complexType>
76     
77     <xsd:complexType name="SAML2ArtifactResolution">
78         <xsd:annotation>
79             <xsd:documentation>Configuration type for SAML 2 artifact resolution profile handlers.</xsd:documentation>
80         </xsd:annotation>
81         <xsd:complexContent>
82             <xsd:extension base="SAML2ProfileHandler">
83                 <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
84                     <xsd:annotation>
85                         <xsd:documentation>
86                             Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact objects.
87                         </xsd:documentation>
88                     </xsd:annotation>
89                 </xsd:attribute>
90             </xsd:extension>
91         </xsd:complexContent>
92     </xsd:complexType>
93
94     <xsd:complexType name="SAML2ProfileHandler" abstract="true">
95         <xsd:annotation>
96             <xsd:documentation>Base type for SAML 2 profile handlers.</xsd:documentation>
97         </xsd:annotation>
98         <xsd:complexContent>
99             <xsd:extension base="SAMLProfileHandler" />
100         </xsd:complexContent>
101     </xsd:complexType>
102
103     <xsd:complexType name="ShibbolethSSO">
104         <xsd:annotation>
105             <xsd:documentation>Configuration type for Shibboleth 1 SSO profile handlers.</xsd:documentation>
106         </xsd:annotation>
107         <xsd:complexContent>
108             <xsd:extension base="SAML1ProfileHandler">
109                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
110                     <xsd:annotation>
111                         <xsd:documentation>
112                             The context relative path to the authentication manager used by this profile handler. This
113                             should match the URL pattern given in the web.xml
114                         </xsd:documentation>
115                     </xsd:annotation>
116                 </xsd:attribute>
117             </xsd:extension>
118         </xsd:complexContent>
119     </xsd:complexType>
120
121     <xsd:complexType name="SAML1AttributeQuery">
122         <xsd:annotation>
123             <xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
124         </xsd:annotation>
125         <xsd:complexContent>
126             <xsd:extension base="SAML1ProfileHandler" />
127         </xsd:complexContent>
128     </xsd:complexType>
129     
130     <xsd:complexType name="SAML1ArtifactResolution">
131         <xsd:annotation>
132             <xsd:documentation>Configuration type for SAML 1 artifact resolution profile handlers.</xsd:documentation>
133         </xsd:annotation>
134         <xsd:complexContent>
135             <xsd:extension base="SAML1ProfileHandler">
136                 <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
137                     <xsd:annotation>
138                         <xsd:documentation>
139                             Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact objects.
140                         </xsd:documentation>
141                     </xsd:annotation>
142                 </xsd:attribute>
143             </xsd:extension>
144         </xsd:complexContent>
145     </xsd:complexType>
146
147     <xsd:complexType name="SAML1ProfileHandler" abstract="true">
148         <xsd:annotation>
149             <xsd:documentation>Base type for SAML 1 profile handlers.</xsd:documentation>
150         </xsd:annotation>
151         <xsd:complexContent>
152             <xsd:extension base="SAMLProfileHandler" />
153         </xsd:complexContent>
154     </xsd:complexType>
155
156     <xsd:complexType name="SAMLProfileHandler" abstract="true">
157         <xsd:annotation>
158             <xsd:documentation>Base type for Shibboleth IdP SAML profile handlers.</xsd:documentation>
159         </xsd:annotation>
160         <xsd:complexContent>
161             <xsd:extension base="IdPProfileHandlerType">
162                 <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
163                     <xsd:annotation>
164                         <xsd:documentation>
165                             The component ID of a generator used to generated things like response and assertion IDs.
166
167                             This setting should not be changed from its default unless the deployer fully understands
168                             the inter-relationship between IdP components.
169                         </xsd:documentation>
170                     </xsd:annotation>
171                 </xsd:attribute>
172                 <xsd:attribute name="inboundBinding" type="xsd:anyURI" use="required">
173                     <xsd:annotation>
174                         <xsd:documentation>
175                             The SAML message binding used by inbound messages.
176                         </xsd:documentation>
177                     </xsd:annotation>
178                 </xsd:attribute>
179                 <xsd:attribute name="outboundBindingEnumeration" >
180                     <xsd:annotation>
181                         <xsd:documentation>
182                             An ordered list of outbound bindings supported by this profile handler. The order provided
183                             establishes the precedence given the bindings such that, from the left to right, the first
184                             binding also supported by the relying party will be used.
185                         </xsd:documentation>
186                     </xsd:annotation>
187                     <xsd:simpleType>
188                         <xsd:list itemType="xsd:anyURI" />
189                     </xsd:simpleType>
190                 </xsd:attribute>
191             </xsd:extension>
192         </xsd:complexContent>
193     </xsd:complexType>
194
195     <xsd:complexType name="IdPProfileHandlerType" abstract="true">
196         <xsd:annotation>
197             <xsd:documentation>Base type for IdP profile handlers.</xsd:documentation>
198         </xsd:annotation>
199         <xsd:complexContent>
200             <xsd:extension base="ShibbolethProfileHandlerType" />
201         </xsd:complexContent>
202     </xsd:complexType>
203
204     <xsd:complexType name="RemoteUser">
205         <xsd:complexContent>
206             <xsd:extension base="LoginHandlerType">
207                 <xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/RemoteUser">
208                     <xsd:annotation>
209                         <xsd:documentation>
210                             The servlet context path to the
211                             edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet instance
212                             protected by the container or web server.
213                         </xsd:documentation>
214                     </xsd:annotation>
215                 </xsd:attribute>
216             </xsd:extension>
217         </xsd:complexContent>
218     </xsd:complexType>
219
220     <xsd:complexType name="UsernamePassword">
221         <xsd:complexContent>
222             <xsd:extension base="LoginHandlerType">
223                 <xsd:attribute name="jaasConfigurationLocation" type="xsd:anyURI">
224                     <xsd:annotation>
225                         <xsd:documentation>
226                             Location of the JAAS configuration. If this attribute is used it will usually contain a file
227                             URL to a configuration on the local filesystem. However, this attribute need not be used and
228                             this information can be set within the VM in any manner supported by the JVM/container
229                             implementation.
230                         </xsd:documentation>
231                     </xsd:annotation>
232                 </xsd:attribute>
233                 <xsd:attribute name="authenticationServletURL" type="xsd:string" default="/Authn/UserPassword">
234                     <xsd:annotation>
235                         <xsd:documentation>
236                             The servlet context path to the
237                             edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordAuthenticationServlet
238                             that will authenticate the user.
239                         </xsd:documentation>
240                     </xsd:annotation>
241                 </xsd:attribute>
242             </xsd:extension>
243         </xsd:complexContent>
244     </xsd:complexType>
245
246     <xsd:complexType name="LoginHandlerType" abstract="true">
247         <xsd:annotation>
248             <xsd:documentation>Base type for authentication handler types.</xsd:documentation>
249         </xsd:annotation>
250         <xsd:sequence>
251             <xsd:element name="AuthenticationMethod" type="xsd:string" maxOccurs="unbounded">
252                 <xsd:annotation>
253                     <xsd:documentation>
254                         The authentication methods supported by this handler. In SAML these methods represent the SAML 2
255                         authentication contexts class and declaration reference URIs.
256                     </xsd:documentation>
257                 </xsd:annotation>
258             </xsd:element>
259         </xsd:sequence>
260         <xsd:attribute name="authenticationDuration" type="xsd:positiveInteger" default="30">
261             <xsd:annotation>
262                 <xsd:documentation>
263                     The length of time, in minutes, that an authentication performed by this handler should be
264                     considered active. After which time a user, previously authenticated by this handler, must
265                     re-authenticate in order to assert the authentication method again.
266                 </xsd:documentation>
267             </xsd:annotation>
268         </xsd:attribute>
269     </xsd:complexType>
270
271 </xsd:schema>