Add explicit PreviousSession support
[java-idp.git] / resources / classpath / schema / shibboleth-2.0-idp-profile-handler.xsd
index 8c123c3..c1e0335 100644 (file)
@@ -32,7 +32,7 @@
             <xsd:sequence>
                 <xsd:element name="ErrorHandler" type="ErrorHandlerType" />
                 <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
-                <xsd:element name="AuthenticationHandler" type="AuthenticationHandlerType" minOccurs="0"
+                <xsd:element name="LoginHandler" type="LoginHandlerType" minOccurs="0"
                     maxOccurs="unbounded" />
             </xsd:sequence>
         </xsd:complexType>
             <xsd:extension base="RequestURIMappedProfileHandlerType" />
         </xsd:complexContent>
     </xsd:complexType>
+    
+    <xsd:complexType name="SAMLMetadata">
+        <xsd:annotation>
+            <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="RequestURIMappedProfileHandlerType">
+                <xsd:attribute name="metadataFile" type="xsd:string" use="required">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Location of the static IdP metadata file.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
 
     <xsd:complexType name="SAML2SSO">
         <xsd:annotation>
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
-                <xsd:attribute name="decodingBinding" type="xsd:anyURI"
-                    default="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
-                    <xsd:annotation>
-                        <xsd:documentation>
-                            The URI of the binding used when decoding requests from relying parties.
-                        </xsd:documentation>
-                    </xsd:annotation>
-                </xsd:attribute>
-                <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
-                    default="shibboleth.SAML2SSOMessageSecurityPolicyFactory">
-                    <xsd:annotation>
-                        <xsd:documentation>
-                            The component ID of the security policy factory to use with the profile handler.
-
-                            This setting should not be changed from its default unless the deployer fully understands
-                            the inter-relationship between IdP components.
-                        </xsd:documentation>
-                    </xsd:annotation>
-                </xsd:attribute>
-                <xsd:attribute name="outboundBindingEnumeration"
-                    default="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
-                    <xsd:annotation>
-                        <xsd:documentation>
-                            An ordered list of outbound bindings supported by this profile handler. The order provided
-                            establishs the precedence given the bindings such that, from the left to right, the first
-                            binding also supported by the relying party will be used.
-                        </xsd:documentation>
-                    </xsd:annotation>
-                    <xsd:simpleType>
-                        <xsd:list itemType="xsd:anyURI" />
-                    </xsd:simpleType>
-                </xsd:attribute>
             </xsd:extension>
         </xsd:complexContent>
     </xsd:complexType>
             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
         </xsd:annotation>
         <xsd:complexContent>
+            <xsd:extension base="SAML2ProfileHandler" />
+        </xsd:complexContent>
+    </xsd:complexType>
+    
+    <xsd:complexType name="SAML2ArtifactResolution">
+        <xsd:annotation>
+            <xsd:documentation>Configuration type for SAML 2 artifact resolution profile handlers.</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexContent>
             <xsd:extension base="SAML2ProfileHandler">
-                <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
-                    default="shibboleth.SAML2AttributeQueryMessageSecurityPolicyFactory">
+                <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
                     <xsd:annotation>
                         <xsd:documentation>
-                            The component ID of the security policy factory to use with the profile handler.
-
-                            This setting should not be changed from its default unless the deployer fully understands
-                            the inter-relationship between IdP components.
+                            Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact objects.
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
-                <xsd:attribute name="outboundBindingEnumeration"
-                    default="urn:oasis:names:tc:SAML:1.0:profiles:browser-post">
-                    <xsd:annotation>
-                        <xsd:documentation>
-                            An ordered list of outbound bindings supported by this profile handler. The order provided
-                            establishs the precedence given the bindings such that, from the left to right, the first
-                            binding also supported by the relying party will be used.
-                        </xsd:documentation>
-                    </xsd:annotation>
-                    <xsd:simpleType>
-                        <xsd:list itemType="xsd:anyURI" />
-                    </xsd:simpleType>
-                </xsd:attribute>
             </xsd:extension>
         </xsd:complexContent>
     </xsd:complexType>
             <xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
         </xsd:annotation>
         <xsd:complexContent>
+            <xsd:extension base="SAML1ProfileHandler" />
+        </xsd:complexContent>
+    </xsd:complexType>
+    
+    <xsd:complexType name="SAML1ArtifactResolution">
+        <xsd:annotation>
+            <xsd:documentation>Configuration type for SAML 1 artifact resolution profile handlers.</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexContent>
             <xsd:extension base="SAML1ProfileHandler">
-                <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
-                    default="shibboleth.SAML1AttributeQueryMessageSecurityPolicyFactory">
+                <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
                     <xsd:annotation>
                         <xsd:documentation>
-                            The component ID of the security policy factory to use with the profile handler.
-
-                            This setting should not be changed from its default unless the deployer fully understands
-                            the inter-relationship between IdP components.
+                            Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact objects.
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
         </xsd:annotation>
         <xsd:complexContent>
             <xsd:extension base="IdPProfileHandlerType">
-                <xsd:attribute name="messageDecoderFactoryId" type="xsd:string"
-                    default="shibboleth.MessageDecoderFactory">
+                <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
                     <xsd:annotation>
                         <xsd:documentation>
-                            The component ID of the message decoder to use with the profile handler.
+                            The component ID of a generator used to generated things like response and assertion IDs.
 
                             This setting should not be changed from its default unless the deployer fully understands
                             the inter-relationship between IdP components.
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
-                <xsd:attribute name="messageEncoderFactoryId" type="xsd:string"
-                    default="shibboleth.MessageEncoderFactory">
+                <xsd:attribute name="inboundBinding" type="xsd:anyURI" use="required">
                     <xsd:annotation>
                         <xsd:documentation>
-                            The component ID of the message encoder to use with the profile handler.
-
-                            This setting should not be changed from its default unless the deployer fully understands
-                            the inter-relationship between IdP components.
+                            The SAML message binding used by inbound messages.
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
-                <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
+                <xsd:attribute name="outboundBindingEnumeration" >
                     <xsd:annotation>
                         <xsd:documentation>
-                            The component ID of a generator used to generated things like response and assertion IDs.
-
-                            This setting should not be changed from its default unless the deployer fully understands
-                            the inter-relationship between IdP components.
+                            An ordered list of outbound bindings supported by this profile handler. The order provided
+                            establishes the precedence given the bindings such that, from the left to right, the first
+                            binding also supported by the relying party will be used.
                         </xsd:documentation>
                     </xsd:annotation>
+                    <xsd:simpleType>
+                        <xsd:list itemType="xsd:anyURI" />
+                    </xsd:simpleType>
                 </xsd:attribute>
             </xsd:extension>
         </xsd:complexContent>
             <xsd:extension base="ShibbolethProfileHandlerType" />
         </xsd:complexContent>
     </xsd:complexType>
+    
+    <xsd:complexType name="PreviousSession">
+        <xsd:complexContent>
+            <xsd:extension base="LoginHandlerType">
+                <xsd:attribute name="servletPath" type="xsd:string">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Optional servlet path to which the browser may be redirected.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
+                <xsd:attribute name="reportPreviousSessionAuthnMethod" type="xsd:boolean" default="false">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Whether this login handler should report its authentication method as PreviousSession 
+                            or the authentication method requested by the peer.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
+                <xsd:attribute name="supportsPassiveAuthentication" type="xsd:boolean" default="false">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Whether this login handler, when redirecting to a servlet, support passives authentication.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
 
     <xsd:complexType name="RemoteUser">
         <xsd:complexContent>
-            <xsd:extension base="AuthenticationHandlerType">
+            <xsd:extension base="LoginHandlerType">
                 <xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/RemoteUser">
                     <xsd:annotation>
                         <xsd:documentation>
 
     <xsd:complexType name="UsernamePassword">
         <xsd:complexContent>
-            <xsd:extension base="AuthenticationHandlerType">
+            <xsd:extension base="LoginHandlerType">
                 <xsd:attribute name="jaasConfigurationLocation" type="xsd:anyURI">
                     <xsd:annotation>
                         <xsd:documentation>
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
-                <xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/UserPassword">
+                <xsd:attribute name="authenticationServletURL" type="xsd:string" default="/Authn/UserPassword">
                     <xsd:annotation>
                         <xsd:documentation>
                             The servlet context path to the
         </xsd:complexContent>
     </xsd:complexType>
 
-    <xsd:complexType name="AuthenticationHandlerType" abstract="true">
+    <xsd:complexType name="LoginHandlerType" abstract="true">
         <xsd:annotation>
             <xsd:documentation>Base type for authentication handler types.</xsd:documentation>
         </xsd:annotation>