Add explicit PreviousSession support
[java-idp.git] / resources / classpath / schema / shibboleth-2.0-idp-profile-handler.xsd
index f922178..c1e0335 100644 (file)
@@ -32,7 +32,7 @@
             <xsd:sequence>
                 <xsd:element name="ErrorHandler" type="ErrorHandlerType" />
                 <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
-                <xsd:element name="AuthenticationHandler" type="AuthenticationHandlerType" minOccurs="0"
+                <xsd:element name="LoginHandler" type="LoginHandlerType" minOccurs="0"
                     maxOccurs="unbounded" />
             </xsd:sequence>
         </xsd:complexType>
             <xsd:extension base="RequestURIMappedProfileHandlerType" />
         </xsd:complexContent>
     </xsd:complexType>
+    
+    <xsd:complexType name="SAMLMetadata">
+        <xsd:annotation>
+            <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="RequestURIMappedProfileHandlerType">
+                <xsd:attribute name="metadataFile" type="xsd:string" use="required">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Location of the static IdP metadata file.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
 
     <xsd:complexType name="SAML2SSO">
         <xsd:annotation>
-            <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
+            <xsd:documentation>Configuration type for SAML 2 SSO profile handlers.</xsd:documentation>
         </xsd:annotation>
         <xsd:complexContent>
             <xsd:extension base="SAML2ProfileHandler">
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
-                <xsd:attribute name="decodingBinding" type="xsd:anyURI"
-                    default="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
-                    <xsd:annotation>
-                        <xsd:documentation>
-                            The URI of the binding used when decoding requests from relying parties.
-                        </xsd:documentation>
-                    </xsd:annotation>
-                </xsd:attribute>
-                <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
-                    default="shibboleth.SAML2SSOMessageSecurityPolicyFactory">
-                    <xsd:annotation>
-                        <xsd:documentation>
-                            The component ID of the security policy factory to use with the profile handler.
-
-                            This setting should not be changed from its default unless the deployer fully understands
-                            the inter-relationship between IdP components.
-                        </xsd:documentation>
-                    </xsd:annotation>
-                </xsd:attribute>
             </xsd:extension>
         </xsd:complexContent>
     </xsd:complexType>
             <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
         </xsd:annotation>
         <xsd:complexContent>
+            <xsd:extension base="SAML2ProfileHandler" />
+        </xsd:complexContent>
+    </xsd:complexType>
+    
+    <xsd:complexType name="SAML2ArtifactResolution">
+        <xsd:annotation>
+            <xsd:documentation>Configuration type for SAML 2 artifact resolution profile handlers.</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexContent>
             <xsd:extension base="SAML2ProfileHandler">
-                <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
-                    default="shibboleth.SAML2AttributeQueryMessageSecurityPolicyFactory">
+                <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
                     <xsd:annotation>
                         <xsd:documentation>
-                            The component ID of the security policy factory to use with the profile handler.
-
-                            This setting should not be changed from its default unless the deployer fully understands
-                            the inter-relationship between IdP components.
+                            Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact objects.
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
         </xsd:complexContent>
     </xsd:complexType>
 
+    <xsd:complexType name="ShibbolethSSO">
+        <xsd:annotation>
+            <xsd:documentation>Configuration type for Shibboleth 1 SSO profile handlers.</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="SAML1ProfileHandler">
+                <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            The context relative path to the authentication manager used by this profile handler. This
+                            should match the URL pattern given in the web.xml
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+
     <xsd:complexType name="SAML1AttributeQuery">
         <xsd:annotation>
             <xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
             <xsd:extension base="SAML1ProfileHandler" />
         </xsd:complexContent>
     </xsd:complexType>
+    
+    <xsd:complexType name="SAML1ArtifactResolution">
+        <xsd:annotation>
+            <xsd:documentation>Configuration type for SAML 1 artifact resolution profile handlers.</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="SAML1ProfileHandler">
+                <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact objects.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
 
     <xsd:complexType name="SAML1ProfileHandler" abstract="true">
         <xsd:annotation>
         </xsd:annotation>
         <xsd:complexContent>
             <xsd:extension base="IdPProfileHandlerType">
-                <xsd:attribute name="messageDecoderFactoryId" type="xsd:string"
-                    default="shibboleth.MessageDecoderFactory">
+                <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
                     <xsd:annotation>
                         <xsd:documentation>
-                            The component ID of the message decoder to use with the profile handler.
+                            The component ID of a generator used to generated things like response and assertion IDs.
 
                             This setting should not be changed from its default unless the deployer fully understands
                             the inter-relationship between IdP components.
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
-                <xsd:attribute name="messageEncoderFactoryId" type="xsd:string"
-                    default="shibboleth.MessageEncoderFactory">
+                <xsd:attribute name="inboundBinding" type="xsd:anyURI" use="required">
                     <xsd:annotation>
                         <xsd:documentation>
-                            The component ID of the message encoder to use with the profile handler.
-
-                            This setting should not be changed from its default unless the deployer fully understands
-                            the inter-relationship between IdP components.
+                            The SAML message binding used by inbound messages.
                         </xsd:documentation>
                     </xsd:annotation>
                 </xsd:attribute>
-                <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
+                <xsd:attribute name="outboundBindingEnumeration" >
                     <xsd:annotation>
                         <xsd:documentation>
-                            The component ID of a generator used to generated things like response and assertion IDs.
-
-                            This setting should not be changed from its default unless the deployer fully understands
-                            the inter-relationship between IdP components.
+                            An ordered list of outbound bindings supported by this profile handler. The order provided
+                            establishes the precedence given the bindings such that, from the left to right, the first
+                            binding also supported by the relying party will be used.
                         </xsd:documentation>
                     </xsd:annotation>
+                    <xsd:simpleType>
+                        <xsd:list itemType="xsd:anyURI" />
+                    </xsd:simpleType>
                 </xsd:attribute>
             </xsd:extension>
         </xsd:complexContent>
             <xsd:extension base="ShibbolethProfileHandlerType" />
         </xsd:complexContent>
     </xsd:complexType>
+    
+    <xsd:complexType name="PreviousSession">
+        <xsd:complexContent>
+            <xsd:extension base="LoginHandlerType">
+                <xsd:attribute name="servletPath" type="xsd:string">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Optional servlet path to which the browser may be redirected.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
+                <xsd:attribute name="reportPreviousSessionAuthnMethod" type="xsd:boolean" default="false">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Whether this login handler should report its authentication method as PreviousSession 
+                            or the authentication method requested by the peer.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
+                <xsd:attribute name="supportsPassiveAuthentication" type="xsd:boolean" default="false">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Whether this login handler, when redirecting to a servlet, support passives authentication.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
 
     <xsd:complexType name="RemoteUser">
         <xsd:complexContent>
-            <xsd:extension base="AuthenticationHandlerType">
+            <xsd:extension base="LoginHandlerType">
                 <xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/RemoteUser">
                     <xsd:annotation>
                         <xsd:documentation>
         </xsd:complexContent>
     </xsd:complexType>
 
-    <xsd:complexType name="AuthenticationHandlerType" abstract="true">
+    <xsd:complexType name="UsernamePassword">
+        <xsd:complexContent>
+            <xsd:extension base="LoginHandlerType">
+                <xsd:attribute name="jaasConfigurationLocation" type="xsd:anyURI">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            Location of the JAAS configuration. If this attribute is used it will usually contain a file
+                            URL to a configuration on the local filesystem. However, this attribute need not be used and
+                            this information can be set within the VM in any manner supported by the JVM/container
+                            implementation.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
+                <xsd:attribute name="authenticationServletURL" type="xsd:string" default="/Authn/UserPassword">
+                    <xsd:annotation>
+                        <xsd:documentation>
+                            The servlet context path to the
+                            edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordAuthenticationServlet
+                            that will authenticate the user.
+                        </xsd:documentation>
+                    </xsd:annotation>
+                </xsd:attribute>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+
+    <xsd:complexType name="LoginHandlerType" abstract="true">
         <xsd:annotation>
             <xsd:documentation>Base type for authentication handler types.</xsd:documentation>
         </xsd:annotation>