Added HTTP auth settings.
[java-idp.git] / src / schemas / shibboleth-targetconfig-1.0.xsd
1 <?xml version="1.0" encoding="US-ASCII"?>
2 <schema targetNamespace="urn:mace:shibboleth:target:config:1.0"
3         xmlns="http://www.w3.org/2001/XMLSchema"
4         xmlns:conf="urn:mace:shibboleth:target:config:1.0"
5         xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
6         xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
7         elementFormDefault="qualified"
8         attributeFormDefault="unqualified"
9         blockDefault="substitution"
10         version="1.1">
11
12         <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-1.1.xsd"/>
13         <import namespace="urn:oasis:names:tc:SAML:2.0:metadata" schemaLocation="saml-schema-metadata-2.0.xsd"/>
14
15         <annotation>
16                 <documentation>
17         1.0 schema for XML-based configuration of Shibboleth target libraries and modules.
18         First appearing in Shibboleth 1.2 release.
19         </documentation>
20     </annotation>
21
22         <complexType name="PluggableType">
23                 <sequence>
24                         <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
25                 </sequence>
26                 <attribute name="type" type="string" use="required"/>
27                 <attribute name="uri" type="anyURI" use="optional"/>
28                 <anyAttribute namespace="##any" processContents="lax"/>
29         </complexType>
30
31         <element name="ShibbolethTargetConfig" type="conf:SPConfigType"/>
32         <element name="SPConfig" type="conf:SPConfigType"/>
33         <complexType name="SPConfigType">
34                 <annotation>
35                         <documentation>Root element of configuration file</documentation>
36                 </annotation>
37                 <sequence>
38                         <element ref="conf:Extensions" minOccurs="0"/>
39                         <choice minOccurs="0">
40                                 <element name="Global" type="conf:GlobalConfigurationType"/>
41                                 <element name="SHAR" type="conf:GlobalConfigurationType"/>
42                         </choice>
43                         <choice minOccurs="0">
44                                 <element name="Local" type="conf:LocalConfigurationType"/>
45                                 <element name="SHIRE" type="conf:LocalConfigurationType"/>
46                         </choice>
47                         <element ref="conf:Applications"/>
48                         <element name="CredentialsProvider" type="conf:PluggableType" minOccurs="0" maxOccurs="unbounded"/>
49                         <element ref="conf:AttributeFactory" minOccurs="0" maxOccurs="unbounded"/>
50                 </sequence>
51                 <attribute name="logger" type="anyURI" use="optional"/>
52                 <attribute name="clockSkew" type="unsignedInt" use="optional"/>
53                 <anyAttribute namespace="##other" processContents="lax"/>
54         </complexType>
55
56         <element name="Extensions">
57                 <annotation>
58                         <documentation>Container for extension libraries and custom configuration</documentation>
59                 </annotation>
60                 <complexType>
61                         <sequence>
62                                 <element name="Library" minOccurs="0" maxOccurs="unbounded">
63                                         <complexType>
64                                                 <sequence>
65                                                         <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
66                                                 </sequence>
67                                                 <attribute name="path" type="anyURI" use="required"/>
68                                                 <attribute name="fatal" type="boolean" use="optional"/>
69                                                 <anyAttribute namespace="##other" processContents="lax"/>
70                                         </complexType>
71                                 </element>
72                                 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
73                         </sequence>
74                 </complexType>
75         </element>
76
77         <complexType name="GlobalConfigurationType">
78                 <annotation>
79                         <documentation>Container for global (server independent) configuration</documentation>
80                 </annotation>
81                 <sequence>
82                         <element ref="conf:Extensions" minOccurs="0"/>
83                         <choice>
84                                 <element name="UnixListener">
85                                         <complexType>
86                                                 <attribute name="address" type="string" use="required"/>
87                                         </complexType>
88                                 </element>
89                                 <element name="TCPListener">
90                                         <complexType>
91                                                 <attribute name="address" type="string" use="required"/>
92                                                 <attribute name="port" type="unsignedInt" use="required"/>
93                                                 <attribute name="acl" use="optional" default="127.0.0.1">
94                                                         <simpleType>
95                                                                 <list itemType="string"/>
96                                                         </simpleType>
97                                                 </attribute>
98                                         </complexType>
99                                 </element>
100                                 <element name="MemoryListener" type="conf:PluggableType"/>
101                                 <element name="Listener" type="conf:PluggableType"/>
102                         </choice>
103                         <choice>
104                                 <element name="MemorySessionCache">
105                                         <complexType>
106                                                 <attributeGroup ref="conf:SessionCacheProperties"/>
107                                                 <anyAttribute namespace="##other" processContents="lax"/>
108                                         </complexType>
109                                 </element>
110                                 <element name="MySQLSessionCache">
111                                         <complexType>
112                                                 <sequence>
113                                                         <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
114                                                 </sequence>
115                                                 <attributeGroup ref="conf:SessionCacheProperties"/>
116                                                 <attribute name="mysqlTimeout" type="unsignedInt" use="optional" default="14400"/>
117                                                 <attribute name="storeAttributes" type="boolean" use="optional" default="false"/>
118                                                 <anyAttribute namespace="##other" processContents="lax"/>
119                                         </complexType>
120                                 </element>
121                                 <element name="SessionCache">
122                                         <complexType>
123                                                 <complexContent>
124                                                         <extension base="conf:PluggableType">
125                                                                 <attributeGroup ref="conf:SessionCacheProperties"/>
126                                                         </extension>
127                                                 </complexContent>
128                                         </complexType>
129                                 </element>
130                         </choice>
131                         <choice minOccurs="0">
132                                 <element name="MySQLReplayCache">
133                                         <complexType>
134                                                 <sequence>
135                                                         <element name="Argument" type="string" minOccurs="0" maxOccurs="unbounded"/>
136                                                 </sequence>
137                                                 <anyAttribute namespace="##other" processContents="lax"/>
138                                         </complexType>
139                                 </element>
140                                 <element name="ReplayCache" type="conf:PluggableType"/>
141                         </choice>
142                         <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
143                 </sequence>
144                 <attribute name="logger" type="anyURI" use="optional"/>
145                 <anyAttribute namespace="##other" processContents="lax"/>
146         </complexType>
147
148         <attributeGroup name="SessionCacheProperties">
149         <attribute name="cleanupInterval" type="unsignedInt" use="optional" default="300"/>
150         <attribute name="cacheTimeout" type="unsignedInt" use="optional" default="28800"/>
151                 <attribute name="AAConnectTimeout" type="unsignedInt" use="optional" default="15"/>
152                 <attribute name="AATimeout" type="unsignedInt" use="optional" default="30"/>
153                 <attribute name="defaultLifetime" type="unsignedInt" use="optional" default="1800"/>
154                 <attribute name="retryInterval" type="unsignedInt" use="optional" default="300"/>
155                 <attribute name="strictValidity" type="boolean" use="optional" default="true"/>
156                 <attribute name="propagateErrors" type="boolean" use="optional" default="false"/>
157         </attributeGroup>
158
159         <complexType name="LocalConfigurationType">
160                 <annotation>
161                         <documentation>
162                         Container for configuration of locally integrated or platform-specific
163                         features (e.g. web server filters)
164                         </documentation>
165                 </annotation>
166                 <sequence>
167                         <element ref="conf:Extensions" minOccurs="0"/>
168                         <element name="RequestMapProvider" type="conf:PluggableType" minOccurs="0"/>
169                         <element name="Implementation" minOccurs="0">
170                                 <complexType>
171                                         <choice maxOccurs="unbounded">
172                                                 <element ref="conf:ISAPI"/>
173                                                 <any namespace="##other" processContents="lax"/>
174                                         </choice>
175                                 </complexType>
176                         </element>
177                         <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
178                 </sequence>
179                 <attribute name="logger" type="anyURI" use="optional"/>
180                 <attribute name="localRelayState" type="boolean" use="optional" default="false"/>
181                 <anyAttribute namespace="##other" processContents="lax"/>
182         </complexType>
183         
184         <element name="ISAPI">
185                 <complexType>
186                         <sequence>
187                                 <element name="Site" maxOccurs="unbounded">
188                                         <complexType>
189                                                 <sequence>
190                                                         <element name="Alias" type="string" minOccurs="0" maxOccurs="unbounded"/>
191                                                 </sequence>
192                                                 <attribute name="id" type="unsignedInt" use="required"/>
193                                                 <attribute name="name" type="string" use="required"/>
194                                                 <attribute name="port" type="unsignedInt" use="optional"/>
195                                                 <attribute name="sslport" type="unsignedInt" use="optional"/>
196                                                 <attribute name="scheme" type="string" use="optional"/>
197                                         </complexType>
198                                 </element>
199                                 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
200                         </sequence>
201                         <attribute name="normalizeRequest" type="boolean" use="optional"/>
202                         <anyAttribute namespace="##other" processContents="lax"/>
203                 </complexType>
204         </element>
205         <element name="NSAPI" type="anyType"/>
206         <element name="Java" type="anyType"/>
207
208         <element name="AccessControl" type="conf:UniOperatorType">
209                 <annotation>
210                         <documentation>
211                         A simple example access policy language extension that supersedes Apache .htaccess
212                         </documentation>
213                 </annotation>
214         </element>
215         <element name="OR" type="conf:MultiOperatorType"/>
216         <element name="AND" type="conf:MultiOperatorType"/>
217         <element name="NOT" type="conf:UniOperatorType"/>
218         <complexType name="UniOperatorType">
219                 <choice>
220                         <element ref="conf:AND"/>
221                         <element ref="conf:OR"/>
222                         <element ref="conf:NOT"/>
223                         <element ref="conf:Rule"/>
224                 </choice>
225         </complexType>
226         <complexType name="MultiOperatorType">
227                 <choice minOccurs="2" maxOccurs="unbounded">
228                         <element ref="conf:AND"/>
229                         <element ref="conf:OR"/>
230                         <element ref="conf:NOT"/>
231                         <element ref="conf:Rule"/>
232                 </choice>
233         </complexType>
234         <element name="Rule">
235                 <complexType>
236                         <simpleContent>
237                                 <extension base="conf:listOfStrings">
238                                         <attribute name="require" type="string" use="required"/>
239                                 </extension>
240                         </simpleContent>
241                 </complexType>
242         </element>
243         <simpleType name="listOfStrings">
244                 <list itemType="string"/>
245         </simpleType>
246         
247         <attributeGroup name="ContentSettings">
248                 <attribute name="authType" type="string" use="optional"/>
249                 <attribute name="requireSession" type="boolean" use="optional"/>
250                 <attribute name="requireSessionWith" type="string" use="optional"/>
251                 <attribute name="exportAssertion" type="boolean" use="optional"/>
252                 <anyAttribute namespace="##other" processContents="lax"/>
253         </attributeGroup>
254         <element name="AccessControlProvider" type="conf:PluggableType"/>
255         <element name="htaccess" type="conf:PluggableType"/>
256
257     <element name="RequestMap">
258                 <annotation>
259                         <documentation>
260                         Built-in request mapping syntax, decomposes URLs into Host/Path/Path/...
261                         </documentation>
262                 </annotation>
263         <complexType>
264             <sequence>
265                 <choice minOccurs="0">
266                         <element ref="conf:htaccess"/>
267                                         <element ref="conf:AccessControl"/>
268                         <element ref="conf:AccessControlProvider"/>
269                     </choice>
270                 <element ref="conf:Host" minOccurs="0" maxOccurs="unbounded"/>
271             </sequence>
272             <attribute name="applicationId" type="string" fixed="default"/>
273                 <attributeGroup ref="conf:ContentSettings"/>
274         </complexType>
275     </element>
276
277     <element name="Host">
278         <complexType>
279                 <sequence>
280                 <choice minOccurs="0">
281                         <element ref="conf:htaccess"/>
282                                         <element ref="conf:AccessControl"/>
283                         <element ref="conf:AccessControlProvider"/>
284                     </choice>
285                         <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
286                 </sequence>
287                 <attribute name="scheme" use="optional">
288                             <simpleType>
289                                 <restriction base="string">
290                                     <enumeration value="http"/>
291                                     <enumeration value="https"/>
292                                     <enumeration value="ftp"/>
293                                     <enumeration value="ldap"/>
294                                     <enumeration value="ldaps"/>
295                                 </restriction>
296                             </simpleType>
297                 </attribute>
298                 <attribute name="name" type="string" use="required"/>
299                 <attribute name="port" type="unsignedInt" use="optional"/>
300                 <attribute name="applicationId" type="string" use="optional"/>
301                 <attributeGroup ref="conf:ContentSettings"/>
302         </complexType>
303     </element>
304
305     <element name="Path">
306         <complexType>
307                 <sequence>
308                 <choice minOccurs="0">
309                         <element ref="conf:htaccess"/>
310                                         <element ref="conf:AccessControl"/>
311                         <element ref="conf:AccessControlProvider"/>
312                     </choice>
313                         <element ref="conf:Path" minOccurs="0" maxOccurs="unbounded"/>
314                 </sequence>
315                 <attribute name="name" type="string" use="required"/>
316                 <attribute name="applicationId" type="string" use="optional"/>
317                 <attributeGroup ref="conf:ContentSettings"/>
318         </complexType>
319     </element>
320
321         <element name="Applications">
322                 <annotation>
323                         <documentation>Container for global target settings and application-specific overrides</documentation>
324                 </annotation>
325                 <complexType>
326                         <sequence>
327                                 <element ref="conf:Sessions"/>
328                                 <element ref="conf:Errors"/>
329                                 <element ref="conf:CredentialUse" minOccurs="0"/>
330                                 <choice minOccurs="0" maxOccurs="unbounded">
331                     <element ref="saml:AttributeDesignator"/>
332                     <element ref="saml:Audience"/>
333                     <element name="AAPProvider" type="conf:PluggableType"/>
334                     <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
335                     <element name="MetadataProvider" type="conf:PluggableType"/>
336                     <element name="TrustProvider" type="conf:PluggableType"/>
337                                 </choice>
338                                 <element ref="conf:Application" minOccurs="0" maxOccurs="unbounded"/>
339                         </sequence>
340                         <attribute name="id" type="string" fixed="default"/>
341                         <attribute name="providerId" type="anyURI" use="required"/>
342                         <attribute name="homeURL" type="anyURI" use="optional"/>
343                 <anyAttribute namespace="##other" processContents="lax"/>
344                 </complexType>
345         </element>
346         
347         <element name="Application">
348                 <annotation>
349                         <documentation>Container for application-specific overrides</documentation>
350                 </annotation>
351                 <complexType>
352                         <sequence>
353                                 <element ref="conf:Sessions" minOccurs="0"/>
354                                 <element ref="conf:Errors" minOccurs="0"/>
355                                 <element ref="conf:CredentialUse" minOccurs="0"/>
356                                 <choice minOccurs="0" maxOccurs="unbounded">
357                     <element ref="saml:AttributeDesignator"/>
358                     <element ref="saml:Audience"/>
359                     <element name="AAPProvider" type="conf:PluggableType"/>
360                     <!-- deprecated --> <element name="FederationProvider" type="conf:PluggableType"/>
361                     <element name="MetadataProvider" type="conf:PluggableType"/>
362                     <element name="TrustProvider" type="conf:PluggableType"/>
363                                 </choice>
364                         </sequence>
365                         <attribute name="id" type="string" use="required"/>
366                         <attribute name="providerId" type="anyURI" use="optional"/>
367                         <attribute name="homeURL" type="anyURI" use="optional"/>
368                 <anyAttribute namespace="##other" processContents="lax"/>
369                 </complexType>
370         </element>
371
372         <element name="KeyInfoResolver" type="conf:PluggableType">
373                 <annotation>
374                         <documentation>
375                         Custom plug-in that resolves ds:KeyInfo elements into public keys, used in
376                         TrustProvider elements.
377                         </documentation>
378                 </annotation>
379         </element>
380
381         <element name="Sessions">
382                 <annotation>
383                         <documentation>Container for specifying app session establishment and policy</documentation>
384                 </annotation>
385                 <complexType>
386                         <choice minOccurs="0" maxOccurs="unbounded">
387                                 <element ref="conf:SessionInitiator"/>
388                                 <element ref="md:AssertionConsumerService"/>
389                                 <element ref="md:SingleLogoutService"/>
390                                 <element ref="conf:DiagnosticService"/>
391                                 <element name="ExtensionService" type="conf:PluggableType"/>
392                         </choice>
393                         <!-- deprecated --> <attribute name="wayfURL" type="anyURI" use="optional"/>
394                         <!-- deprecated --> <attribute name="shireURL" type="anyURI" use="optional"/>
395                         <!-- deprecated --> <attribute name="shireSSL" type="boolean" use="optional"/>
396                         <attribute name="handlerURL" type="anyURI" use="optional"/>
397                         <attribute name="handlerSSL" type="boolean" use="optional" default="true"/>
398                         <attribute name="cookieName" type="string" use="optional"/>
399                         <attribute name="cookieProps" type="string" use="optional"/>
400                         <attribute name="idpHistory" type="boolean" use="optional" default="true"/>
401                         <attribute name="idpHistoryDays" type="unsignedInt" use="optional"/>
402                         <attribute name="lifetime" type="unsignedInt" use="optional"/>
403                         <attribute name="timeout" type="unsignedInt" use="optional"/>
404                         <attribute name="checkAddress" type="boolean" use="optional"/>
405                         <attribute name="checkReplay" type="boolean" use="optional" default="true"/>
406                         <anyAttribute namespace="##other" processContents="lax"/>
407                 </complexType>
408         </element>
409         <element name="SessionInitiator">
410                 <annotation>
411                         <documentation>Used to specify WAYF/Discovery services (external or internal)</documentation>
412                 </annotation>
413                 <complexType>
414                         <sequence>
415                                 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
416                         </sequence>
417                         <attribute name="Location" type="anyURI" use="required"/>
418                         <attribute name="Binding" type="anyURI" use="required"/>
419                         <attribute name="wayfURL" type="anyURI" use="optional"/>
420                         <attribute name="wayfBinding" type="anyURI" use="optional"/>
421                         <attribute name="checkCDC" type="anyURI" use="optional"/>
422                         <attribute name="isDefault" type="boolean" use="optional"/>
423                         <attribute name="id" type="string" use="optional"/>
424                         <anyAttribute namespace="##any" processContents="lax"/>
425                 </complexType>
426         </element>
427         <element name="DiagnosticService">
428                 <annotation>
429                         <documentation>Used to specify internal diagnostic capabilities</documentation>
430                 </annotation>
431                 <complexType>
432                         <sequence>
433                                 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
434                         </sequence>
435                         <attribute name="Location" type="anyURI" use="required"/>
436                         <attribute name="Binding" type="anyURI" use="required"/>
437                         <attribute name="echo" type="boolean" use="optional"/>
438                         <attribute name="log" type="boolean" use="optional"/>
439                         <attribute name="config" type="boolean" use="optional"/>
440                         <attribute name="acl" use="optional">
441                                 <simpleType>
442                                         <list itemType="string"/>
443                                 </simpleType>
444                         </attribute>
445                         <anyAttribute namespace="##any" processContents="lax"/>
446                 </complexType>
447         </element>
448
449         <element name="Errors">
450                 <annotation>
451                         <documentation>Container for error templates and associated details</documentation>
452                 </annotation>
453                 <complexType>
454                         <sequence>
455                                 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
456                         </sequence>
457                         <!-- deprecated --> <attribute name="shire" type="anyURI" use="optional"/>
458                         <attribute name="session" type="anyURI" use="optional"/>
459                         <attribute name="metadata" type="anyURI" use="optional"/>
460                         <attribute name="rm" type="anyURI" use="required"/>
461                         <attribute name="access" type="anyURI" use="optional"/>
462                         <attribute name="supportContact" type="string" use="optional"/>
463                         <attribute name="logoLocation" type="anyURI" use="optional"/>
464                         <attribute name="styleSheet" type="anyURI" use="optional"/>
465                         <anyAttribute namespace="##any" processContents="lax"/>
466                 </complexType>
467         </element>
468
469         <attributeGroup name="CredentialUseGroup">
470                 <attribute name="TLS" type="string" use="optional"/>
471                 <attribute name="Signing" type="string" use="optional"/>
472                 <attribute name="signRequest" type="boolean" use="optional" default="false"/>
473                 <attribute name="signatureAlg" type="anyURI" use="optional"/>
474                 <attribute name="digestAlg" type="anyURI" use="optional"/>
475                 <attribute name="signedResponse" type="boolean" use="optional" default="false"/>
476                 <attribute name="signedAssertions" type="boolean" use="optional" default="false"/>
477                 <attribute name="authType" use="optional">
478                         <simpleType>
479                                 <restriction base="string">
480                                         <enumeration value="basic"/>
481                                         <enumeration value="digest"/>
482                                         <enumeration value="ntlm"/>
483                                         <enumeration value="gss"/>
484                                 </restriction>
485                         </simpleType>
486                 </attribute>
487                 <attribute name="authUsername" use="optional"/>
488                 <attribute name="authPassword" use="optional"/>
489         </attributeGroup>
490
491         <element name="CredentialUse">
492                 <annotation>
493                         <documentation>Container for specifying credentials to use</documentation>
494                 </annotation>
495                 <complexType>
496                         <sequence>
497                                 <element name="RelyingParty" minOccurs="0" maxOccurs="unbounded">
498                                         <complexType>
499                                                 <sequence>
500                                                         <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
501                                                 </sequence>
502                                                 <attribute name="Name" type="string" use="required"/>
503                                                 <attributeGroup ref="conf:CredentialUseGroup"/>
504                                                 <anyAttribute namespace="##other" processContents="lax"/>
505                                         </complexType>
506                                 </element>
507                                 <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
508                         </sequence>
509                         <attributeGroup ref="conf:CredentialUseGroup"/>
510                 <anyAttribute namespace="##other" processContents="lax"/>
511                 </complexType>
512         </element>
513         
514         <element name="AttributeFactory">
515                 <annotation>
516                         <documentation>Specifies a plugin that implements a specialized SAML attribute</documentation>
517                 </annotation>
518                 <complexType>
519                         <sequence>
520                                 <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
521                         </sequence>
522                         <attribute name="type" type="string" use="required"/>
523                         <attribute name="AttributeName" type="string" use="required"/>
524                 <anyAttribute namespace="##other" processContents="lax"/>
525                 </complexType>
526         </element>
527         
528 </schema>
529