Code clean up
[java-idp.git] / resources / classpath / schema / shibboleth-2.0-idp-profile-handler.xsd
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <xsd:schema targetNamespace="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
4     xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:service="urn:mace:shibboleth:2.0:services"
5     elementFormDefault="qualified">
6
7     <xsd:include schemaLocation="classpath:/schema/shibboleth-2.0-profile-handler.xsd" />
8
9     <xsd:import namespace="urn:mace:shibboleth:2.0:services"
10         schemaLocation="classpath:/schema/shibboleth-2.0-services.xsd" />
11
12     <xsd:annotation>
13         <xsd:documentation>
14             This schema specifies the configuration options for Shibboleth IdP profile handlers.
15         </xsd:documentation>
16     </xsd:annotation>
17
18     <xsd:complexType name="IdPProfileHandlerManager">
19         <xsd:annotation>
20             <xsd:documentation>Definition for the basic Shibboleth profile handler manager service.</xsd:documentation>
21         </xsd:annotation>
22         <xsd:complexContent>
23             <xsd:extension base="service:ReloadableServiceType" />
24         </xsd:complexContent>
25     </xsd:complexType>
26
27     <xsd:element name="ProfileHandlerGroup">
28         <xsd:annotation>
29             <xsd:documentation>Root of a profile handler configuration file.</xsd:documentation>
30         </xsd:annotation>
31         <xsd:complexType>
32             <xsd:sequence>
33                 <xsd:element name="ErrorHandler" type="ErrorHandlerType" />
34                 <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
35                 <xsd:element name="AuthenticationHandler" type="AuthenticationHandlerType" minOccurs="0"
36                     maxOccurs="unbounded" />
37             </xsd:sequence>
38         </xsd:complexType>
39     </xsd:element>
40
41     <xsd:complexType name="Status">
42         <xsd:annotation>
43             <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
44         </xsd:annotation>
45         <xsd:complexContent>
46             <xsd:extension base="RequestURIMappedProfileHandlerType" />
47         </xsd:complexContent>
48     </xsd:complexType>
49
50     <xsd:complexType name="SAML2SSO">
51         <xsd:annotation>
52             <xsd:documentation>Configuration type for SAML 2 SSO profile handlers.</xsd:documentation>
53         </xsd:annotation>
54         <xsd:complexContent>
55             <xsd:extension base="SAML2ProfileHandler">
56                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
57                     <xsd:annotation>
58                         <xsd:documentation>
59                             The context relative path to the authentication manager used by this profile handler. This
60                             should match the URL pattern given in the web.xml
61                         </xsd:documentation>
62                     </xsd:annotation>
63                 </xsd:attribute>
64             </xsd:extension>
65         </xsd:complexContent>
66     </xsd:complexType>
67
68     <xsd:complexType name="SAML2AttributeQuery">
69         <xsd:annotation>
70             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
71         </xsd:annotation>
72         <xsd:complexContent>
73             <xsd:extension base="SAML2ProfileHandler" />
74         </xsd:complexContent>
75     </xsd:complexType>
76
77     <xsd:complexType name="SAML2ProfileHandler" abstract="true">
78         <xsd:annotation>
79             <xsd:documentation>Base type for SAML 2 profile handlers.</xsd:documentation>
80         </xsd:annotation>
81         <xsd:complexContent>
82             <xsd:extension base="SAMLProfileHandler" />
83         </xsd:complexContent>
84     </xsd:complexType>
85
86     <xsd:complexType name="ShibbolethSSO">
87         <xsd:annotation>
88             <xsd:documentation>Configuration type for Shibboleth 1 SSO profile handlers.</xsd:documentation>
89         </xsd:annotation>
90         <xsd:complexContent>
91             <xsd:extension base="SAML1ProfileHandler">
92                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
93                     <xsd:annotation>
94                         <xsd:documentation>
95                             The context relative path to the authentication manager used by this profile handler. This
96                             should match the URL pattern given in the web.xml
97                         </xsd:documentation>
98                     </xsd:annotation>
99                 </xsd:attribute>
100             </xsd:extension>
101         </xsd:complexContent>
102     </xsd:complexType>
103
104     <xsd:complexType name="SAML1AttributeQuery">
105         <xsd:annotation>
106             <xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
107         </xsd:annotation>
108         <xsd:complexContent>
109             <xsd:extension base="SAML1ProfileHandler" />
110         </xsd:complexContent>
111     </xsd:complexType>
112
113     <xsd:complexType name="SAML1ProfileHandler" abstract="true">
114         <xsd:annotation>
115             <xsd:documentation>Base type for SAML 1 profile handlers.</xsd:documentation>
116         </xsd:annotation>
117         <xsd:complexContent>
118             <xsd:extension base="SAMLProfileHandler" />
119         </xsd:complexContent>
120     </xsd:complexType>
121
122     <xsd:complexType name="SAMLProfileHandler" abstract="true">
123         <xsd:annotation>
124             <xsd:documentation>Base type for Shibboleth IdP SAML profile handlers.</xsd:documentation>
125         </xsd:annotation>
126         <xsd:complexContent>
127             <xsd:extension base="IdPProfileHandlerType">
128                 <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
129                     <xsd:annotation>
130                         <xsd:documentation>
131                             The component ID of a generator used to generated things like response and assertion IDs.
132
133                             This setting should not be changed from its default unless the deployer fully understands
134                             the inter-relationship between IdP components.
135                         </xsd:documentation>
136                     </xsd:annotation>
137                 </xsd:attribute>
138                 <xsd:attribute name="inboundBinding" type="xsd:anyURI" use="required">
139                     <xsd:annotation>
140                         <xsd:documentation>
141                             The SAML message binding used by inbound messages.
142                         </xsd:documentation>
143                     </xsd:annotation>
144                 </xsd:attribute>
145                 <xsd:attribute name="outboundBindingEnumeration" >
146                     <xsd:annotation>
147                         <xsd:documentation>
148                             An ordered list of outbound bindings supported by this profile handler. The order provided
149                             establishes the precedence given the bindings such that, from the left to right, the first
150                             binding also supported by the relying party will be used.
151                         </xsd:documentation>
152                     </xsd:annotation>
153                     <xsd:simpleType>
154                         <xsd:list itemType="xsd:anyURI" />
155                     </xsd:simpleType>
156                 </xsd:attribute>
157             </xsd:extension>
158         </xsd:complexContent>
159     </xsd:complexType>
160
161     <xsd:complexType name="IdPProfileHandlerType" abstract="true">
162         <xsd:annotation>
163             <xsd:documentation>Base type for IdP profile handlers.</xsd:documentation>
164         </xsd:annotation>
165         <xsd:complexContent>
166             <xsd:extension base="ShibbolethProfileHandlerType" />
167         </xsd:complexContent>
168     </xsd:complexType>
169
170     <xsd:complexType name="RemoteUser">
171         <xsd:complexContent>
172             <xsd:extension base="AuthenticationHandlerType">
173                 <xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/RemoteUser">
174                     <xsd:annotation>
175                         <xsd:documentation>
176                             The servlet context path to the
177                             edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet instance
178                             protected by the container or web server.
179                         </xsd:documentation>
180                     </xsd:annotation>
181                 </xsd:attribute>
182             </xsd:extension>
183         </xsd:complexContent>
184     </xsd:complexType>
185
186     <xsd:complexType name="UsernamePassword">
187         <xsd:complexContent>
188             <xsd:extension base="AuthenticationHandlerType">
189                 <xsd:attribute name="jaasConfigurationLocation" type="xsd:anyURI">
190                     <xsd:annotation>
191                         <xsd:documentation>
192                             Location of the JAAS configuration. If this attribute is used it will usually contain a file
193                             URL to a configuration on the local filesystem. However, this attribute need not be used and
194                             this information can be set within the VM in any manner supported by the JVM/container
195                             implementation.
196                         </xsd:documentation>
197                     </xsd:annotation>
198                 </xsd:attribute>
199                 <xsd:attribute name="authenticationServletURL" type="xsd:string" default="/Authn/UserPassword">
200                     <xsd:annotation>
201                         <xsd:documentation>
202                             The servlet context path to the
203                             edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordAuthenticationServlet
204                             that will authenticate the user.
205                         </xsd:documentation>
206                     </xsd:annotation>
207                 </xsd:attribute>
208             </xsd:extension>
209         </xsd:complexContent>
210     </xsd:complexType>
211
212     <xsd:complexType name="AuthenticationHandlerType" abstract="true">
213         <xsd:annotation>
214             <xsd:documentation>Base type for authentication handler types.</xsd:documentation>
215         </xsd:annotation>
216         <xsd:sequence>
217             <xsd:element name="AuthenticationMethod" type="xsd:string" maxOccurs="unbounded">
218                 <xsd:annotation>
219                     <xsd:documentation>
220                         The authentication methods supported by this handler. In SAML these methods represent the SAML 2
221                         authentication contexts class and declaration reference URIs.
222                     </xsd:documentation>
223                 </xsd:annotation>
224             </xsd:element>
225         </xsd:sequence>
226         <xsd:attribute name="authenticationDuration" type="xsd:positiveInteger" default="30">
227             <xsd:annotation>
228                 <xsd:documentation>
229                     The length of time, in minutes, that an authentication performed by this handler should be
230                     considered active. After which time a user, previously authenticated by this handler, must
231                     re-authenticate in order to assert the authentication method again.
232                 </xsd:documentation>
233             </xsd:annotation>
234         </xsd:attribute>
235     </xsd:complexType>
236
237 </xsd:schema>