<xsd:sequence>
<xsd:element name="ErrorHandler" type="ErrorHandlerType" />
<xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded" />
- <xsd:element name="AuthenticationHandler" type="AuthenticationHandlerType" minOccurs="0"
+ <xsd:element name="LoginHandler" type="LoginHandlerType" minOccurs="0"
maxOccurs="unbounded" />
</xsd:sequence>
</xsd:complexType>
<xsd:extension base="RequestURIMappedProfileHandlerType" />
</xsd:complexContent>
</xsd:complexType>
+
+ <xsd:complexType name="SAMLMetadata">
+ <xsd:annotation>
+ <xsd:documentation>Basic handler that returns a general status of the IdP.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexContent>
+ <xsd:extension base="RequestURIMappedProfileHandlerType">
+ <xsd:attribute name="metadataFile" type="xsd:string" use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ Location of the static IdP metadata file.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
<xsd:complexType name="SAML2SSO">
<xsd:annotation>
- <xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
+ <xsd:documentation>Configuration type for SAML 2 SSO profile handlers.</xsd:documentation>
</xsd:annotation>
<xsd:complexContent>
<xsd:extension base="SAML2ProfileHandler">
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
- <xsd:attribute name="decodingBinding" type="xsd:anyURI"
- default="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
- <xsd:annotation>
- <xsd:documentation>
- The URI of the binding used when decoding requests from relying parties.
- </xsd:documentation>
- </xsd:annotation>
- </xsd:attribute>
- <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
- default="shibboleth.SAML2SSOMessageSecurityPolicyFactory">
- <xsd:annotation>
- <xsd:documentation>
- The component ID of the security policy factory to use with the profile handler.
-
- This setting should not be changed from its default unless the deployer fully understands
- the inter-relationship between IdP components.
- </xsd:documentation>
- </xsd:annotation>
- </xsd:attribute>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
<xsd:documentation>Configuration type for SAML 2 Attribute Query profile handlers.</xsd:documentation>
</xsd:annotation>
<xsd:complexContent>
+ <xsd:extension base="SAML2ProfileHandler" />
+ </xsd:complexContent>
+ </xsd:complexType>
+
+ <xsd:complexType name="SAML2ArtifactResolution">
+ <xsd:annotation>
+ <xsd:documentation>Configuration type for SAML 2 artifact resolution profile handlers.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexContent>
<xsd:extension base="SAML2ProfileHandler">
- <xsd:attribute name="securityPolicyFactoryId" type="xsd:string"
- default="shibboleth.SAML2AttributeQueryMessageSecurityPolicyFactory">
+ <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
<xsd:annotation>
<xsd:documentation>
- The component ID of the security policy factory to use with the profile handler.
-
- This setting should not be changed from its default unless the deployer fully understands
- the inter-relationship between IdP components.
+ Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact objects.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexContent>
</xsd:complexType>
+ <xsd:complexType name="ShibbolethSSO">
+ <xsd:annotation>
+ <xsd:documentation>Configuration type for Shibboleth 1 SSO profile handlers.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexContent>
+ <xsd:extension base="SAML1ProfileHandler">
+ <xsd:attribute name="authenticationManagerPath" type="xsd:string" default="/AuthnEngine">
+ <xsd:annotation>
+ <xsd:documentation>
+ The context relative path to the authentication manager used by this profile handler. This
+ should match the URL pattern given in the web.xml
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+
<xsd:complexType name="SAML1AttributeQuery">
<xsd:annotation>
<xsd:documentation>Configuration type for SAML 1 Attribute Query profile handlers.</xsd:documentation>
<xsd:extension base="SAML1ProfileHandler" />
</xsd:complexContent>
</xsd:complexType>
+
+ <xsd:complexType name="SAML1ArtifactResolution">
+ <xsd:annotation>
+ <xsd:documentation>Configuration type for SAML 1 artifact resolution profile handlers.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexContent>
+ <xsd:extension base="SAML1ProfileHandler">
+ <xsd:attribute name="artifactMapRef" type="xsd:string" default="shibboleth.ArtifactMap">
+ <xsd:annotation>
+ <xsd:documentation>
+ Reference to SAMLArtifactMap used by handler to resolve artifact strings into artifact objects.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
<xsd:complexType name="SAML1ProfileHandler" abstract="true">
<xsd:annotation>
</xsd:annotation>
<xsd:complexContent>
<xsd:extension base="IdPProfileHandlerType">
- <xsd:attribute name="messageDecoderFactoryId" type="xsd:string"
- default="shibboleth.MessageDecoderFactory">
+ <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
<xsd:annotation>
<xsd:documentation>
- The component ID of the message decoder to use with the profile handler.
+ The component ID of a generator used to generated things like response and assertion IDs.
This setting should not be changed from its default unless the deployer fully understands
the inter-relationship between IdP components.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
- <xsd:attribute name="messageEncoderFactoryId" type="xsd:string"
- default="shibboleth.MessageEncoderFactory">
+ <xsd:attribute name="inboundBinding" type="xsd:anyURI" use="required">
<xsd:annotation>
<xsd:documentation>
- The component ID of the message encoder to use with the profile handler.
-
- This setting should not be changed from its default unless the deployer fully understands
- the inter-relationship between IdP components.
+ The SAML message binding used by inbound messages.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
- <xsd:attribute name="idGeneratorId" type="xsd:string" default="shibboleth.IdGenerator">
+ <xsd:attribute name="outboundBindingEnumeration" >
<xsd:annotation>
<xsd:documentation>
- The component ID of a generator used to generated things like response and assertion IDs.
-
- This setting should not be changed from its default unless the deployer fully understands
- the inter-relationship between IdP components.
+ An ordered list of outbound bindings supported by this profile handler. The order provided
+ establishes the precedence given the bindings such that, from the left to right, the first
+ binding also supported by the relying party will be used.
</xsd:documentation>
</xsd:annotation>
+ <xsd:simpleType>
+ <xsd:list itemType="xsd:anyURI" />
+ </xsd:simpleType>
</xsd:attribute>
</xsd:extension>
</xsd:complexContent>
<xsd:extension base="ShibbolethProfileHandlerType" />
</xsd:complexContent>
</xsd:complexType>
+
+ <xsd:complexType name="PreviousSession">
+ <xsd:complexContent>
+ <xsd:extension base="LoginHandlerType">
+ <xsd:attribute name="servletPath" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>
+ Optional servlet path to which the browser may be redirected.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="reportPreviousSessionAuthnMethod" type="xsd:boolean" default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Whether this login handler should report its authentication method as PreviousSession
+ or the authentication method requested by the peer.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="supportsPassiveAuthentication" type="xsd:boolean" default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Whether this login handler, when redirecting to a servlet, support passives authentication.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
<xsd:complexType name="RemoteUser">
<xsd:complexContent>
- <xsd:extension base="AuthenticationHandlerType">
+ <xsd:extension base="LoginHandlerType">
<xsd:attribute name="protectedServletPath" type="xsd:string" default="/Authn/RemoteUser">
<xsd:annotation>
<xsd:documentation>
</xsd:complexContent>
</xsd:complexType>
- <xsd:complexType name="AuthenticationHandlerType" abstract="true">
+ <xsd:complexType name="UsernamePassword">
+ <xsd:complexContent>
+ <xsd:extension base="LoginHandlerType">
+ <xsd:attribute name="jaasConfigurationLocation" type="xsd:anyURI">
+ <xsd:annotation>
+ <xsd:documentation>
+ Location of the JAAS configuration. If this attribute is used it will usually contain a file
+ URL to a configuration on the local filesystem. However, this attribute need not be used and
+ this information can be set within the VM in any manner supported by the JVM/container
+ implementation.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="authenticationServletURL" type="xsd:string" default="/Authn/UserPassword">
+ <xsd:annotation>
+ <xsd:documentation>
+ The servlet context path to the
+ edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordAuthenticationServlet
+ that will authenticate the user.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+
+ <xsd:complexType name="LoginHandlerType" abstract="true">
<xsd:annotation>
<xsd:documentation>Base type for authentication handler types.</xsd:documentation>
</xsd:annotation>
projects / java-idp.git / blobdiff