projects / java-idp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
yeah... save then commit
[java-idp.git] / src / main / resources / schema / shibboleth-2.0-idp-profile-handler.xsd
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <xsd:schema targetNamespace="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
4     xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:service="urn:mace:shibboleth:2.0:services"
5     elementFormDefault="qualified">
6
7     <xsd:include schemaLocation="classpath:/schema/shibboleth-2.0-profile-handler.xsd" />
8
9     <xsd:import namespace="urn:mace:shibboleth:2.0:services"
10         schemaLocation="classpath:/schema/shibboleth-2.0-services.xsd" />
11
12     <xsd:annotation>
13         <xsd:documentation>
14             This schema specifies the configuration options for Shibboleth IdP profile handlers.
15         </xsd:documentation>
16     </xsd:annotation>
17
18     <xsd:complexType name="IdPProfileHandlerManager">
19         <xsd:annotation>
20             <xsd:documentation>Definition for the basic Shibboleth profile handler manager service.</xsd:documentation>
21         </xsd:annotation>
22         <xsd:complexContent>
23             <xsd:extension base="service:ReloadableServiceType" />
24         </xsd:complexContent>
25     </xsd:complexType>
26
27     <xsd:element name="ProfileHandlerGroup">
28         <xsd:annotation>
29             <xsd:documentation>Root of a profile handler configuration file.</xsd:documentation>
30         </xsd:annotation>
31         <xsd:complexType>
32             <xsd:sequence>
33                 <xsd:element name="ErrorHandler" type="ErrorHandlerType" />
34                 <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
35                 <xsd:element name="LoginHandler" type="LoginHandlerType" minOccurs="0" maxOccurs="unbounded" />
36             </xsd:sequence>
37         </xsd:complexType>
38     </xsd:element>
39
40     <xsd:complexType name="Status">
41         <xsd:annotation>
42             <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
43         </xsd:annotation>
44         <xsd:complexContent>
45             <xsd:extension base="RequestURIMappedProfileHandlerType" />
46         </xsd:complexContent>
47     </xsd:complexType>
48
49     <xsd:complexType name="SAMLMetadata">
50         <xsd:annotation>
51             <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
52         </xsd:annotation>
53         <xsd:complexContent>
54             <xsd:extension base="RequestURIMappedProfileHandlerType">
55                 <xsd:attribute name="metadataFile" type="xsd:string" use="required">
56                     <xsd:annotation>
57                         <xsd:documentation>Location of the static IdP metadata file.</xsd:documentation>
58                     </xsd:annotation>
59                 </xsd:attribute>
60             </xsd:extension>
61         </xsd:complexContent>
62     </xsd:complexType>
63
64     <xsd:complexType name="SAML2SSO">
65         <xsd:annotation>
66             <xsd:documentation>Configuration type for SAML 2 SSO profile handlers.</xsd:documentation>
67         </xsd:annotation>
68         <xsd:complexContent>
69             <xsd:extension base="SAML2ProfileHandler">
70                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
71                     <xsd:annotation>
72                         <xsd:documentation>
73                             The context relative path to the authentication manager used by this profile handler. This
74                             should match the URL pattern given in the web.xml
75                         </xsd:documentation>
76                     </xsd:annotation>
77                 </xsd:attribute>
78             </xsd:extension>
79         </xsd:complexContent>
80     </xsd:complexType>
81
82     <xsd:complexType name="SAML2AttributeQuery">
83         <xsd:annotation>
84             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
85         </xsd:annotation>
86         <xsd:complexContent>
87             <xsd:extension base="SAML2ProfileHandler" />
88         </xsd:complexContent>
89     </xsd:complexType>
90
91     <xsd:complexType name="SAML2ArtifactResolution">
92         <xsd:annotation>
93             <xsd:documentation>Configuration type for SAML 2 artifact resolution profile handlers.</xsd:documentation>
94         </xsd:annotation>
95         <xsd:complexContent>
96             <xsd:extension base="SAML2ProfileHandler">
97                 <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
98                     <xsd:annotation>
99                         <xsd:documentation>
100                             Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact
101                             objects.
102                         </xsd:documentation>
103                     </xsd:annotation>
104                 </xsd:attribute>
105             </xsd:extension>
106         </xsd:complexContent>
107     </xsd:complexType>
108
109     <xsd:complexType name="SAML2ProfileHandler" abstract="true">
110         <xsd:annotation>
111             <xsd:documentation>Base type for SAML 2 profile handlers.</xsd:documentation>
112         </xsd:annotation>
113         <xsd:complexContent>
114             <xsd:extension base="SAMLProfileHandler" />
115         </xsd:complexContent>
116     </xsd:complexType>
117
118     <xsd:complexType name="ShibbolethSSO">
119         <xsd:annotation>
120             <xsd:documentation>Configuration type for Shibboleth 1 SSO profile handlers.</xsd:documentation>
121         </xsd:annotation>
122         <xsd:complexContent>
123             <xsd:extension base="SAML1ProfileHandler">
124                 <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
125                     <xsd:annotation>
126                         <xsd:documentation>
127                             The context relative path to the authentication manager used by this profile handler. This
128                             should match the URL pattern given in the web.xml
129                         </xsd:documentation>
130                     </xsd:annotation>
131                 </xsd:attribute>
132             </xsd:extension>
133         </xsd:complexContent>
134     </xsd:complexType>
135
136     <xsd:complexType name="SAML1AttributeQuery">
137         <xsd:annotation>
138             <xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
139         </xsd:annotation>
140         <xsd:complexContent>
141             <xsd:extension base="SAML1ProfileHandler" />
142         </xsd:complexContent>
143     </xsd:complexType>
144
145     <xsd:complexType name="SAML1ArtifactResolution">
146         <xsd:annotation>
147             <xsd:documentation>Configuration type for SAML 1 artifact resolution profile handlers.</xsd:documentation>
148         </xsd:annotation>
149         <xsd:complexContent>
150             <xsd:extension base="SAML1ProfileHandler">
151                 <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
152                     <xsd:annotation>
153                         <xsd:documentation>
154                             Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact
155                             objects.
156                         </xsd:documentation>
157                     </xsd:annotation>
158                 </xsd:attribute>
159             </xsd:extension>
160         </xsd:complexContent>
161     </xsd:complexType>
162
163     <xsd:complexType name="SAML1ProfileHandler" abstract="true">
164         <xsd:annotation>
165             <xsd:documentation>Base type for SAML 1 profile handlers.</xsd:documentation>
166         </xsd:annotation>
167         <xsd:complexContent>
168             <xsd:extension base="SAMLProfileHandler" />
169         </xsd:complexContent>
170     </xsd:complexType>
171
172     <xsd:complexType name="SAMLProfileHandler" abstract="true">
173         <xsd:annotation>
174             <xsd:documentation>Base type for Shibboleth IdP SAML profile handlers.</xsd:documentation>
175         </xsd:annotation>
176         <xsd:complexContent>
177             <xsd:extension base="IdPProfileHandlerType">
178                 <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
179                     <xsd:annotation>
180                         <xsd:documentation>
181                             The component ID of a generator used to generated things like response and assertion IDs.
182
183                             This setting should not be changed from its default unless the deployer fully understands
184                             the inter-relationship between IdP components.
185                         </xsd:documentation>
186                     </xsd:annotation>
187                 </xsd:attribute>
188                 <xsd:attribute name="inboundBinding" type="xsd:anyURI" use="required">
189                     <xsd:annotation>
190                         <xsd:documentation>The SAML message binding used by inbound messages.</xsd:documentation>
191                     </xsd:annotation>
192                 </xsd:attribute>
193                 <xsd:attribute name="outboundBindingEnumeration">
194                     <xsd:annotation>
195                         <xsd:documentation>
196                             An ordered list of outbound bindings supported by this profile handler. The order provided
197                             establishes the precedence given the bindings such that, from the left to right, the first
198                             binding also supported by the relying party will be used.
199                         </xsd:documentation>
200                     </xsd:annotation>
201                     <xsd:simpleType>
202                         <xsd:list itemType="xsd:anyURI" />
203                     </xsd:simpleType>
204                 </xsd:attribute>
205             </xsd:extension>
206         </xsd:complexContent>
207     </xsd:complexType>
208
209     <xsd:complexType name="IdPProfileHandlerType" abstract="true">
210         <xsd:annotation>
211             <xsd:documentation>Base type for IdP profile handlers.</xsd:documentation>
212         </xsd:annotation>
213         <xsd:complexContent>
214             <xsd:extension base="ShibbolethProfileHandlerType" />
215         </xsd:complexContent>
216     </xsd:complexType>
217
218     <xsd:complexType name="PreviousSession">
219         <xsd:complexContent>
220             <xsd:extension base="LoginHandlerType">
221                 <xsd:attribute name="servletPath" type="xsd:string">
222                     <xsd:annotation>
223                         <xsd:documentation>
224                             Optional servlet path to which the browser may be redirected.
225                         </xsd:documentation>
226                     </xsd:annotation>
227                 </xsd:attribute>
228                 <xsd:attribute name="reportPreviousSessionAuthnMethod" type="xsd:boolean" default="false">
229                     <xsd:annotation>
230                         <xsd:documentation>
231                             Whether this login handler should report its authentication method as PreviousSession or the
232                             authentication method requested by the peer.
233                         </xsd:documentation>
234                     </xsd:annotation>
235                 </xsd:attribute>
236                 <xsd:attribute name="supportsPassiveAuthentication" type="xsd:boolean" default="false">
237                     <xsd:annotation>
238                         <xsd:documentation>
239                             Whether this login handler, when redirecting to a servlet, support passives authentication.
240                         </xsd:documentation>
241                     </xsd:annotation>
242                 </xsd:attribute>
243             </xsd:extension>
244         </xsd:complexContent>
245     </xsd:complexType>
246
247     <xsd:complexType name="RemoteUser">
248         <xsd:complexContent>
249             <xsd:extension base="LoginHandlerType">
250                 <xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/RemoteUser">
251                     <xsd:annotation>
252                         <xsd:documentation>
253                             The servlet context path to the
254                             edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet instance
255                             protected by the container or web server.
256                         </xsd:documentation>
257                     </xsd:annotation>
258                 </xsd:attribute>
259             </xsd:extension>
260         </xsd:complexContent>
261     </xsd:complexType>
262
263     <xsd:complexType name="UsernamePassword">
264         <xsd:complexContent>
265             <xsd:extension base="LoginHandlerType">
266                 <xsd:attribute name="jaasConfigurationLocation" type="xsd:anyURI">
267                     <xsd:annotation>
268                         <xsd:documentation>
269                             Location of the JAAS configuration. If this attribute is used it will usually contain a file
270                             URL to a configuration on the local filesystem. However, this attribute need not be used and
271                             this information can be set within the VM in any manner supported by the JVM/container
272                             implementation.
273                         </xsd:documentation>
274                     </xsd:annotation>
275                 </xsd:attribute>
276                 <xsd:attribute name="authenticationServletURL" type="xsd:string" default="/Authn/UserPassword">
277                     <xsd:annotation>
278                         <xsd:documentation>
279                             The servlet context path to the
280                             edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordAuthenticationServlet
281                             that will authenticate the user.
282                         </xsd:documentation>
283                     </xsd:annotation>
284                 </xsd:attribute>
285             </xsd:extension>
286         </xsd:complexContent>
287     </xsd:complexType>
288
289     <xsd:complexType name="IPAddress">
290         <xsd:complexContent>
291             <xsd:extension base="LoginHandlerType">
292                 <xsd:sequence>
293                     <xsd:element name="IPEntry" type="xsd:string" maxOccurs="unbounded">
294                         <xsd:annotation>
295                             <xsd:documentation>
296                                 An IP addresses in CIDR notation. For example, a single IP address of 192.168.1.1 would
297                                 have the CIDR notation of 192.168.1.1/32. For the entire 192.168.0.0 class B network,
298                                 the CIDR notation would be 192.168.0.0/16.
299                             </xsd:documentation>
300                         </xsd:annotation>
301                     </xsd:element>
302                 </xsd:sequence>
303                 <xsd:attribute name="username" type="xsd:string">
304                     <xsd:annotation>
305                         <xsd:documentation>
306                             The username that will be presented to the IdP for all IP-address authenticated users.
307                         </xsd:documentation>
308                     </xsd:annotation>
309                 </xsd:attribute>
310                 <xsd:attribute name="defaultDeny" type="xsd:boolean">
311                     <xsd:annotation>
312                         <xsd:documentation>
313                             If defaultDeny is true then only the IP addresses listed will be "authenticated." If
314                             defaultDeny is false, then all IP addresses except those listed will be authenticated.
315                         </xsd:documentation>
316                     </xsd:annotation>
317                 </xsd:attribute>
318             </xsd:extension>
319         </xsd:complexContent>
320     </xsd:complexType>
321
322     <xsd:complexType name="LoginHandlerType" abstract="true">
323         <xsd:annotation>
324             <xsd:documentation>Base type for authentication handler types.</xsd:documentation>
325         </xsd:annotation>
326         <xsd:sequence>
327             <xsd:element name="AuthenticationMethod" type="xsd:string" maxOccurs="unbounded">
328                 <xsd:annotation>
329                     <xsd:documentation>
330                         The authentication methods supported by this handler. In SAML these methods represent the SAML 2
331                         authentication contexts class and declaration reference URIs.
332                     </xsd:documentation>
333                 </xsd:annotation>
334             </xsd:element>
335         </xsd:sequence>
336         <xsd:attribute name="authenticationDuration" type="xsd:positiveInteger" default="30">
337             <xsd:annotation>
338                 <xsd:documentation>
339                     The length of time, in minutes, that an authentication performed by this handler should be
340                     considered active. After which time a user, previously authenticated by this handler, must
341                     re-authenticate in order to assert the authentication method again.
342                 </xsd:documentation>
343             </xsd:annotation>
344         </xsd:attribute>
345     </xsd:complexType>
346
347 </xsd:schema>
Shibboleth 2 Java IdP