resources/classpath/schema/shibboleth-2.0-idp-profile-handler.xsd

   1 <?xml version="1.0" encoding="UTF-8"?>
   2
   3 <xsd:schema targetNamespace="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
   4     xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:service="urn:mace:shibboleth:2.0:services"
   5     elementFormDefault="qualified">
   6
   7     <xsd:include schemaLocation="classpath:/schema/shibboleth-2.0-profile-handler.xsd" />
   8
   9     <xsd:import namespace="urn:mace:shibboleth:2.0:services"
  10         schemaLocation="classpath:/schema/shibboleth-2.0-services.xsd" />
  11
  12     <xsd:annotation>
  13         <xsd:documentation>
  14             This schema specifies the configuration options for Shibboleth IdP profile handlers.
  15         </xsd:documentation>
  16     </xsd:annotation>
  17
  18     <xsd:complexType name="IdPProfileHandlerManager">
  19         <xsd:annotation>
  20             <xsd:documentation>Definition for the basic Shibboleth profile handler manager service.</xsd:documentation>
  21         </xsd:annotation>
  22         <xsd:complexContent>
  23             <xsd:extension base="service:ReloadableServiceType" />
  24         </xsd:complexContent>
  25     </xsd:complexType>
  26
  27     <xsd:element name="ProfileHandlerGroup">
  28         <xsd:annotation>
  29             <xsd:documentation>Root of a profile handler configuration file.</xsd:documentation>
  30         </xsd:annotation>
  31         <xsd:complexType>
  32             <xsd:sequence>
  33                 <xsd:element name="ErrorHandler" type="ErrorHandlerType" />
  34                 <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
  35                 <xsd:element name="AuthenticationHandler" type="AuthenticationHandlerType" minOccurs="0"
  36                     maxOccurs="unbounded" />
  37             </xsd:sequence>
  38         </xsd:complexType>
  39     </xsd:element>
  40
  41     <xsd:complexType name="Status">
  42         <xsd:annotation>
  43             <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
  44         </xsd:annotation>
  45         <xsd:complexContent>
  46             <xsd:extension base="RequestURIMappedProfileHandlerType" />
  47         </xsd:complexContent>
  48     </xsd:complexType>
  49
  50     <xsd:complexType name="SAML2SSO">
  51         <xsd:annotation>
  52             <xsd:documentation>Configuration type for SAML 2 SSO profile handlers.</xsd:documentation>
  53         </xsd:annotation>
  54         <xsd:complexContent>
  55             <xsd:extension base="SAML2ProfileHandler">
  56                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
  57                     <xsd:annotation>
  58                         <xsd:documentation>
  59                             The context relative path to the authentication manager used by this profile handler. This
  60                             should match the URL pattern given in the web.xml
  61                         </xsd:documentation>
  62                     </xsd:annotation>
  63                 </xsd:attribute>
  64                 <xsd:attribute name="decodingBinding" type="xsd:anyURI"
  65                     default="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
  66                     <xsd:annotation>
  67                         <xsd:documentation>
  68                             The URI of the binding used when decoding requests from relying parties.
  69                         </xsd:documentation>
  70                     </xsd:annotation>
  71                 </xsd:attribute>
  72                 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
  73                     default="shibboleth.SAML2SSOMessageSecurityPolicyFactory">
  74                     <xsd:annotation>
  75                         <xsd:documentation>
  76                             The component ID of the security policy factory to use with the profile handler.
  77
  78                             This setting should not be changed from its default unless the deployer fully understands
  79                             the inter-relationship between IdP components.
  80                         </xsd:documentation>
  81                     </xsd:annotation>
  82                 </xsd:attribute>
  83                 <xsd:attribute name="outboundBindingEnumeration"
  84                     default="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
  85                     <xsd:annotation>
  86                         <xsd:documentation>
  87                             An ordered list of outbound bindings supported by this profile handler. The order provided
  88                             establishs the precedence given the bindings such that, from the left to right, the first
  89                             binding also supported by the relying party will be used.
  90                         </xsd:documentation>
  91                     </xsd:annotation>
  92                     <xsd:simpleType>
  93                         <xsd:list itemType="xsd:anyURI" />
  94                     </xsd:simpleType>
  95                 </xsd:attribute>
  96             </xsd:extension>
  97         </xsd:complexContent>
  98     </xsd:complexType>
  99
 100     <xsd:complexType name="SAML2AttributeQuery">
 101         <xsd:annotation>
 102             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
 103         </xsd:annotation>
 104         <xsd:complexContent>
 105             <xsd:extension base="SAML2ProfileHandler">
 106                 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
 107                     default="shibboleth.SAML2AttributeQueryMessageSecurityPolicyFactory">
 108                     <xsd:annotation>
 109                         <xsd:documentation>
 110                             The component ID of the security policy factory to use with the profile handler.
 111
 112                             This setting should not be changed from its default unless the deployer fully understands
 113                             the inter-relationship between IdP components.
 114                         </xsd:documentation>
 115                     </xsd:annotation>
 116                 </xsd:attribute>
 117             </xsd:extension>
 118         </xsd:complexContent>
 119     </xsd:complexType>
 120
 121     <xsd:complexType name="SAML2ProfileHandler" abstract="true">
 122         <xsd:annotation>
 123             <xsd:documentation>Base type for SAML 2 profile handlers.</xsd:documentation>
 124         </xsd:annotation>
 125         <xsd:complexContent>
 126             <xsd:extension base="SAMLProfileHandler" />
 127         </xsd:complexContent>
 128     </xsd:complexType>
 129
 130     <xsd:complexType name="ShibbolethSSO">
 131         <xsd:annotation>
 132             <xsd:documentation>Configuration type for Shibboleth 1 SSO profile handlers.</xsd:documentation>
 133         </xsd:annotation>
 134         <xsd:complexContent>
 135             <xsd:extension base="SAML1ProfileHandler">
 136                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
 137                     <xsd:annotation>
 138                         <xsd:documentation>
 139                             The context relative path to the authentication manager used by this profile handler. This
 140                             should match the URL pattern given in the web.xml
 141                         </xsd:documentation>
 142                     </xsd:annotation>
 143                 </xsd:attribute>
 144                 <xsd:attribute name="outboundBindingEnumeration"
 145                     default="urn:oasis:names:tc:SAML:1.0:profiles:browser-post">
 146                     <xsd:annotation>
 147                         <xsd:documentation>
 148                             An ordered list of outbound bindings supported by this profile handler. The order provided
 149                             establishs the precedence given the bindings such that, from the left to right, the first
 150                             binding also supported by the relying party will be used.
 151                         </xsd:documentation>
 152                     </xsd:annotation>
 153                     <xsd:simpleType>
 154                         <xsd:list itemType="xsd:anyURI" />
 155                     </xsd:simpleType>
 156                 </xsd:attribute>
 157             </xsd:extension>
 158         </xsd:complexContent>
 159     </xsd:complexType>
 160
 161     <xsd:complexType name="SAML1AttributeQuery">
 162         <xsd:annotation>
 163             <xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
 164         </xsd:annotation>
 165         <xsd:complexContent>
 166             <xsd:extension base="SAML1ProfileHandler">
 167                 <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
 168                     default="shibboleth.SAML1AttributeQueryMessageSecurityPolicyFactory">
 169                     <xsd:annotation>
 170                         <xsd:documentation>
 171                             The component ID of the security policy factory to use with the profile handler.
 172
 173                             This setting should not be changed from its default unless the deployer fully understands
 174                             the inter-relationship between IdP components.
 175                         </xsd:documentation>
 176                     </xsd:annotation>
 177                 </xsd:attribute>
 178             </xsd:extension>
 179         </xsd:complexContent>
 180     </xsd:complexType>
 181
 182     <xsd:complexType name="SAML1ProfileHandler" abstract="true">
 183         <xsd:annotation>
 184             <xsd:documentation>Base type for SAML 1 profile handlers.</xsd:documentation>
 185         </xsd:annotation>
 186         <xsd:complexContent>
 187             <xsd:extension base="SAMLProfileHandler" />
 188         </xsd:complexContent>
 189     </xsd:complexType>
 190
 191     <xsd:complexType name="SAMLProfileHandler" abstract="true">
 192         <xsd:annotation>
 193             <xsd:documentation>Base type for Shibboleth IdP SAML profile handlers.</xsd:documentation>
 194         </xsd:annotation>
 195         <xsd:complexContent>
 196             <xsd:extension base="IdPProfileHandlerType">
 197                 <xsd:attribute name="messageDecoderFactoryId" type="xsd:string"
 198                     default="shibboleth.MessageDecoderFactory">
 199                     <xsd:annotation>
 200                         <xsd:documentation>
 201                             The component ID of the message decoder to use with the profile handler.
 202
 203                             This setting should not be changed from its default unless the deployer fully understands
 204                             the inter-relationship between IdP components.
 205                         </xsd:documentation>
 206                     </xsd:annotation>
 207                 </xsd:attribute>
 208                 <xsd:attribute name="messageEncoderFactoryId" type="xsd:string"
 209                     default="shibboleth.MessageEncoderFactory">
 210                     <xsd:annotation>
 211                         <xsd:documentation>
 212                             The component ID of the message encoder to use with the profile handler.
 213
 214                             This setting should not be changed from its default unless the deployer fully understands
 215                             the inter-relationship between IdP components.
 216                         </xsd:documentation>
 217                     </xsd:annotation>
 218                 </xsd:attribute>
 219                 <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
 220                     <xsd:annotation>
 221                         <xsd:documentation>
 222                             The component ID of a generator used to generated things like response and assertion IDs.
 223
 224                             This setting should not be changed from its default unless the deployer fully understands
 225                             the inter-relationship between IdP components.
 226                         </xsd:documentation>
 227                     </xsd:annotation>
 228                 </xsd:attribute>
 229             </xsd:extension>
 230         </xsd:complexContent>
 231     </xsd:complexType>
 232
 233     <xsd:complexType name="IdPProfileHandlerType" abstract="true">
 234         <xsd:annotation>
 235             <xsd:documentation>Base type for IdP profile handlers.</xsd:documentation>
 236         </xsd:annotation>
 237         <xsd:complexContent>
 238             <xsd:extension base="ShibbolethProfileHandlerType" />
 239         </xsd:complexContent>
 240     </xsd:complexType>
 241
 242     <xsd:complexType name="RemoteUser">
 243         <xsd:complexContent>
 244             <xsd:extension base="AuthenticationHandlerType">
 245                 <xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/RemoteUser">
 246                     <xsd:annotation>
 247                         <xsd:documentation>
 248                             The servlet context path to the
 249                             edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet instance
 250                             protected by the container or web server.
 251                         </xsd:documentation>
 252                     </xsd:annotation>
 253                 </xsd:attribute>
 254             </xsd:extension>
 255         </xsd:complexContent>
 256     </xsd:complexType>
 257
 258     <xsd:complexType name="UsernamePassword">
 259         <xsd:complexContent>
 260             <xsd:extension base="AuthenticationHandlerType">
 261                 <xsd:attribute name="jaasConfigurationLocation" type="xsd:anyURI">
 262                     <xsd:annotation>
 263                         <xsd:documentation>
 264                             Location of the JAAS configuration. If this attribute is used it will usually contain a file
 265                             URL to a configuration on the local filesystem. However, this attribute need not be used and
 266                             this information can be set within the VM in any manner supported by the JVM/container
 267                             implementation.
 268                         </xsd:documentation>
 269                     </xsd:annotation>
 270                 </xsd:attribute>
 271                 <xsd:attribute name="authenticationServletURL" type="xsd:string" default="/Authn/UserPassword">
 272                     <xsd:annotation>
 273                         <xsd:documentation>
 274                             The servlet context path to the
 275                             edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordAuthenticationServlet
 276                             that will authenticate the user.
 277                         </xsd:documentation>
 278                     </xsd:annotation>
 279                 </xsd:attribute>
 280             </xsd:extension>
 281         </xsd:complexContent>
 282     </xsd:complexType>
 283
 284     <xsd:complexType name="AuthenticationHandlerType" abstract="true">
 285         <xsd:annotation>
 286             <xsd:documentation>Base type for authentication handler types.</xsd:documentation>
 287         </xsd:annotation>
 288         <xsd:sequence>
 289             <xsd:element name="AuthenticationMethod" type="xsd:string" maxOccurs="unbounded">
 290                 <xsd:annotation>
 291                     <xsd:documentation>
 292                         The authentication methods supported by this handler. In SAML these methods represent the SAML 2
 293                         authentication contexts class and declaration reference URIs.
 294                     </xsd:documentation>
 295                 </xsd:annotation>
 296             </xsd:element>
 297         </xsd:sequence>
 298         <xsd:attribute name="authenticationDuration" type="xsd:positiveInteger" default="30">
 299             <xsd:annotation>
 300                 <xsd:documentation>
 301                     The length of time, in minutes, that an authentication performed by this handler should be
 302                     considered active. After which time a user, previously authenticated by this handler, must
 303                     re-authenticate in order to assert the authentication method again.
 304                 </xsd:documentation>
 305             </xsd:annotation>
 306         </xsd:attribute>
 307     </xsd:complexType>
 308
 309 </xsd:schema>