web-2/wildfly/docs/schema/jboss-as-security_1_0.xsd

<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ Copyright The WildFly Authors
  ~ SPDX-License-Identifier: Apache-2.0
  -->

<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
           targetNamespace="urn:jboss:domain:security:1.0"
           xmlns="urn:jboss:domain:security:1.0"
           elementFormDefault="qualified"
           attributeFormDefault="unqualified"
           version="1.0">

   <!-- The security subsystem root element -->
   <xs:element name="subsystem" type="security-containerType" />

   <!-- The security container configuration -->
   <xs:complexType name="security-containerType">
      <xs:annotation>
         <xs:documentation>
                <![CDATA[
                    The security subsystem, used to configure authentication and authorization.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:all>
         <xs:element name="security-management" type="securityManagementType" minOccurs="0" maxOccurs="1"/>
         <xs:element name="subject-factory" type="subjectFactoryType" minOccurs="0" maxOccurs="1"/>
         <xs:element name="security-domains" type="securityDomainsType" minOccurs="0" maxOccurs="1"/>
         <xs:element name="security-properties" type="properties" minOccurs="0" maxOccurs="1"/>
      </xs:all>
   </xs:complexType>

   <!-- The security management element -->
   <xs:complexType name="securityManagementType">
      <xs:annotation>
         <xs:documentation>
                <![CDATA[
                    The optional "authentication-manager-class-name" attribute specifies the AuthenticationManager
                    implementation class name to use. To use the container default set the value to "default".

                    The optional "deep-copy-subject-mode" attribute sets the copy mode of subjects done by the security
                    managers to be deep copies that makes copies of the subject principals and credentials if they are
                    cloneable. It should be set to true if subject include mutable content that can be corrupted when
                    multiple threads have the same identity and cache flushes/logout clearing the subject in one thread
                    results in subject references affecting other threads. Default value is "false".

                    The optional "default-callback-handler-class-name" specifies a global class name for the
                    CallbackHandler implementation to be used with login modules. To use the container default set the
                    value to "default".

                    The optional "authorization-manager-class-name" attribute specifies the AuthorizationManager
                    implementation class name to use. To use the container default set the value to "default".

                    The optional "audit-manager-class-name" attribute specifies the AuditManager
                    implementation class name to use. To use the container default set the value to "default".

                    The optional "identity-trust-manager-class-name" attribute specifies the IdentityTrustManager
                    implementation class name to use. To use the container default set the value to "default".

                    The optional "mapping-manager-class-name" attribute specifies the MappingManager
                    implementation class name to use. To use the container default set the value to "default".
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:attribute name="authentication-manager-class-name" type="xs:string" use="optional"/>
      <xs:attribute name="deep-copy-subject-mode" type="xs:boolean" use="optional"/>
      <xs:attribute name="default-callback-handler-class-name" type="xs:string" use="optional"/>
      <xs:attribute name="authorization-manager-class-name" type="xs:string" use="optional"/>
      <xs:attribute name="audit-manager-class-name" type="xs:string" use="optional"/>
      <xs:attribute name="identity-trust-manager-class-name" type="xs:string" use="optional"/>
      <xs:attribute name="mapping-manager-class-name" type="xs:string" use="optional"/>
   </xs:complexType>

   <!-- The subject factory element -->
   <xs:complexType name="subjectFactoryType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    The optional "subject-factory-class-name" attribute sets the class name for the SubjectFactory
                    implementation to be used. To use the container default set the value to "default".
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:attribute name="subject-factory-class-name" type="xs:string" use="optional"/>
   </xs:complexType>

   <!-- Configuration for security domains -->
   <xs:complexType name="securityDomainsType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    Configures security domains for applications.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
         <xs:element name="security-domain" type="securityDomainType" minOccurs="0" maxOccurs="unbounded"/>
      </xs:sequence>
   </xs:complexType>

   <xs:complexType name="securityDomainType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    Definition of a security domain.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
         <xs:choice>
            <xs:element name="authentication" type="authenticationType" minOccurs="0" maxOccurs="1"/>
            <xs:element name="authentication-jaspi" type="authenticationJaspiType" minOccurs="0" maxOccurs="1"/>
         </xs:choice>
         <xs:element name="authorization" type="authorizationType" minOccurs="0" maxOccurs="1"/>
         <xs:element name="acl" type="aclType" minOccurs="0" maxOccurs="1"/>
         <xs:element name="mapping" type="mappingType" minOccurs="0" maxOccurs="1"/>
         <xs:element name="audit" type="auditType" minOccurs="0" maxOccurs="1"/>
         <xs:element name="identity-trust" type="identityTrustType" minOccurs="0" maxOccurs="1"/>
         <xs:element name="jsse" type="jsseType" minOccurs="0" maxOccurs="1"/>
      </xs:sequence>
      <xs:attribute name="name" type="xs:string" use="required"/>
      <xs:attribute name="extends" type="xs:string" use="optional"/>
      <xs:attribute name="cache-type" type="xs:string" use="optional"/>
   </xs:complexType>

   <xs:complexType name="authenticationType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    Authentication configuration.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
         <xs:element name="login-module" type="loginModuleType" minOccurs="1" maxOccurs="unbounded"/>
      </xs:sequence>
   </xs:complexType>

   <xs:complexType name="authenticationJaspiType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    JASPI authentication configuration.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
         <xs:element name="login-module-stack" type="loginModuleStackType" maxOccurs="unbounded"/>
         <xs:element name="auth-module" type="authModuleType" maxOccurs="unbounded"/>
      </xs:sequence>
   </xs:complexType>

   <xs:complexType name="authorizationType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    Authorization configuration.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
         <xs:element name="policy-module" type="policyModuleType" maxOccurs="unbounded"/>
      </xs:sequence>
   </xs:complexType>

   <xs:complexType name="aclType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    ACL configuration.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
         <xs:element name="acl-module" type="aclModuleType" maxOccurs="unbounded"/>
      </xs:sequence>
   </xs:complexType>

   <xs:complexType name="mappingType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    Mapping configuration.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
         <xs:element name="mapping-module" type="mappingModuleType" maxOccurs="unbounded"/>
      </xs:sequence>
   </xs:complexType>

   <xs:complexType name="auditType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    Audit configuration.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
         <xs:element name="provider-module" type="providerModuleType" maxOccurs="unbounded"/>
      </xs:sequence>
   </xs:complexType>

   <xs:complexType name="identityTrustType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    Identity trust configuration.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
         <xs:element name="trust-module" type="trustModuleType" maxOccurs="unbounded"/>
      </xs:sequence>
   </xs:complexType>

   <xs:simpleType name="module-option-flag">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    The flag attribute controls how a login module
                    participates in the overall procedure.
                    Required - The LoginModule is required to succeed. If it
                    succeeds or fails, authentication still continues to proceed
                    down the LoginModule list.

                    Requisite - The LoginModule is required to succeed. If it succeeds,
                    authentication continues down the LoginModule list. If it fails,
                    control immediately returns to the application (authentication does not proceed
                    down the LoginModule list).

                    Sufficient - The LoginModule is  not required to succeed. If it does
                    succeed, control immediately returns to the application (authentication
                    does not proceed down the LoginModule list). If it fails,
                    authentication continues down the LoginModule list.

                    Optional - The LoginModule is not required to succeed. If it succeeds or
                    fails, authentication still continues to proceed down the
                    LoginModule list.

                    The overall authentication succeeds only if
                    all required and requisite LoginModules succeed. If a
                    sufficient LoginModule is configured and succeeds, then only
                    the required and requisite LoginModules prior to that
                    sufficient LoginModule need to have succeeded for the overall
                    authentication to succeed. If no required or requisite
                    LoginModules are configured for an application, then at least
                    one sufficient or optional LoginModule must succeed.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:restriction base="xs:token">
         <xs:enumeration value="required"/>
         <xs:enumeration value="requisite"/>
         <xs:enumeration value="sufficient"/>
         <xs:enumeration value="optional"/>
      </xs:restriction>
   </xs:simpleType>

   <xs:complexType name="loginModuleType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    Login module configuration.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
         <xs:element name="module-option" type="propertyType" minOccurs="0" maxOccurs="unbounded"/>
      </xs:sequence>
      <xs:attribute name="code" type="xs:string" use="required"/>
      <xs:attribute name="flag" type="module-option-flag" use="required"/>
   </xs:complexType>

   <xs:complexType name="propertyType">
      <xs:attribute name="name" type="xs:string" use="required"/>
      <xs:attribute name="value" type="xs:string" use="required"/>
   </xs:complexType>

   <xs:complexType name="loginModuleStackType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    Login module configuration for JASPI.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
          <xs:element name="login-module" type="loginModuleType" minOccurs="1" maxOccurs="unbounded"/>
      </xs:sequence>
      <xs:attribute name="name" type="xs:string" use="required"/>
   </xs:complexType>

   <xs:complexType name="authModuleType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    Authentication module configuration for JASPI.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
         <xs:element name="module-option" type="propertyType" minOccurs="0" maxOccurs="unbounded"/>
      </xs:sequence>
      <xs:attribute name="code" type="xs:string" use="required"/>
      <xs:attribute name="login-module-stack-ref" type="xs:string" use="optional"/>
   </xs:complexType>

   <xs:complexType name="policyModuleType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    Authorization module configuration.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
         <xs:element name="module-option" type="propertyType" minOccurs="0" maxOccurs="unbounded"/>
      </xs:sequence>
      <xs:attribute name="code" type="xs:string" use="required"/>
      <xs:attribute name="flag" type="module-option-flag" use="required"/>
   </xs:complexType>

   <xs:complexType name="aclModuleType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    ACL module configuration.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
         <xs:element name="module-option" type="propertyType" minOccurs="0" maxOccurs="unbounded"/>
      </xs:sequence>
      <xs:attribute name="code" type="xs:string" use="required"/>
      <xs:attribute name="flag" type="module-option-flag" use="required"/>
   </xs:complexType>

   <xs:complexType name="mappingModuleType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    Mapping module configuration.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
          <xs:element name="module-option" type="propertyType" minOccurs="0" maxOccurs="unbounded"/>
      </xs:sequence>
      <xs:attribute name="type" type="xs:string" use="optional"/>
      <xs:attribute name="code" type="xs:string" use="required"/>
   </xs:complexType>

   <xs:complexType name="providerModuleType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    Audit module configuration.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
          <xs:element name="module-option" type="propertyType" minOccurs="0" maxOccurs="unbounded"/>
      </xs:sequence>
      <xs:attribute name="code" type="xs:string" use="required"/>
   </xs:complexType>

   <xs:complexType name="trustModuleType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    Identity trust module configuration.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
          <xs:element name="module-option" type="propertyType" minOccurs="0" maxOccurs="unbounded"/>
      </xs:sequence>
      <xs:attribute name="code" type="xs:string" use="required"/>
      <xs:attribute name="flag" type="module-option-flag" use="required"/>
   </xs:complexType>

   <xs:complexType name="jsseType">
      <xs:annotation>
         <xs:documentation>
               <![CDATA[
                    JSSE configuration.
                ]]>
         </xs:documentation>
      </xs:annotation>
      <xs:sequence>
        <xs:element name="additional-properties" type="xs:string" minOccurs="0" maxOccurs="1"/>
      </xs:sequence>
      <xs:attribute name="keystore-password" type="xs:string" use="optional"/>
      <xs:attribute name="keystore-type" type="xs:string" use="optional"/>
      <xs:attribute name="keystore-url" type="xs:string" use="optional"/>
      <xs:attribute name="keystore-provider" type="xs:string" use="optional"/>
      <xs:attribute name="keystore-provider-argument" type="xs:string" use="optional"/>
      <xs:attribute name="key-manager-factory-algorithm" type="xs:string" use="optional"/>
      <xs:attribute name="key-manager-factory-provider" type="xs:string" use="optional"/>
      <xs:attribute name="truststore-password" type="xs:string" use="optional"/>
      <xs:attribute name="truststore-type" type="xs:string" use="optional"/>
      <xs:attribute name="truststore-url" type="xs:string" use="optional"/>
      <xs:attribute name="truststore-provider" type="xs:string" use="optional"/>
      <xs:attribute name="truststore-provider-argument" type="xs:string" use="optional"/>
      <xs:attribute name="trust-manager-factory-algorithm" type="xs:string" use="optional"/>
      <xs:attribute name="trust-manager-factory-provider" type="xs:string" use="optional"/>
      <xs:attribute name="client-alias" type="xs:string" use="optional"/>
      <xs:attribute name="server-alias" type="xs:string" use="optional"/>
      <xs:attribute name="service-auth-token" type="xs:string" use="optional"/>
      <xs:attribute name="client-auth" type="xs:boolean" use="optional"/>
      <xs:attribute name="cipher-suites" type="xs:string" use="optional"/>
      <xs:attribute name="protocols" type="xs:string" use="optional"/>
   </xs:complexType>

   <xs:complexType name="properties">
      <xs:sequence>
         <xs:element name="property" type="propertyType" maxOccurs="unbounded"/>
      </xs:sequence>
   </xs:complexType>

</xs:schema>
initial commit 2024-10-15 03:01:27 +03:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!--`
			`~ Copyright The WildFly Authors`
			`~ SPDX-License-Identifier: Apache-2.0`
			`-->`

			`<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"`
			`targetNamespace="urn:jboss:domain:security:1.0"`
			`xmlns="urn:jboss:domain:security:1.0"`
			`elementFormDefault="qualified"`
			`attributeFormDefault="unqualified"`
			`version="1.0">`

			`<!-- The security subsystem root element -->`
			`<xs:element name="subsystem" type="security-containerType" />`

			`<!-- The security container configuration -->`
			`<xs:complexType name="security-containerType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`The security subsystem, used to configure authentication and authorization.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:all>`
			`<xs:element name="security-management" type="securityManagementType" minOccurs="0" maxOccurs="1"/>`
			`<xs:element name="subject-factory" type="subjectFactoryType" minOccurs="0" maxOccurs="1"/>`
			`<xs:element name="security-domains" type="securityDomainsType" minOccurs="0" maxOccurs="1"/>`
			`<xs:element name="security-properties" type="properties" minOccurs="0" maxOccurs="1"/>`
			`</xs:all>`
			`</xs:complexType>`

			`<!-- The security management element -->`
			`<xs:complexType name="securityManagementType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`The optional "authentication-manager-class-name" attribute specifies the AuthenticationManager`
			`implementation class name to use. To use the container default set the value to "default".`

			`The optional "deep-copy-subject-mode" attribute sets the copy mode of subjects done by the security`
			`managers to be deep copies that makes copies of the subject principals and credentials if they are`
			`cloneable. It should be set to true if subject include mutable content that can be corrupted when`
			`multiple threads have the same identity and cache flushes/logout clearing the subject in one thread`
			`results in subject references affecting other threads. Default value is "false".`

			`The optional "default-callback-handler-class-name" specifies a global class name for the`
			`CallbackHandler implementation to be used with login modules. To use the container default set the`
			`value to "default".`

			`The optional "authorization-manager-class-name" attribute specifies the AuthorizationManager`
			`implementation class name to use. To use the container default set the value to "default".`

			`The optional "audit-manager-class-name" attribute specifies the AuditManager`
			`implementation class name to use. To use the container default set the value to "default".`

			`The optional "identity-trust-manager-class-name" attribute specifies the IdentityTrustManager`
			`implementation class name to use. To use the container default set the value to "default".`

			`The optional "mapping-manager-class-name" attribute specifies the MappingManager`
			`implementation class name to use. To use the container default set the value to "default".`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:attribute name="authentication-manager-class-name" type="xs:string" use="optional"/>`
			`<xs:attribute name="deep-copy-subject-mode" type="xs:boolean" use="optional"/>`
			`<xs:attribute name="default-callback-handler-class-name" type="xs:string" use="optional"/>`
			`<xs:attribute name="authorization-manager-class-name" type="xs:string" use="optional"/>`
			`<xs:attribute name="audit-manager-class-name" type="xs:string" use="optional"/>`
			`<xs:attribute name="identity-trust-manager-class-name" type="xs:string" use="optional"/>`
			`<xs:attribute name="mapping-manager-class-name" type="xs:string" use="optional"/>`
			`</xs:complexType>`

			`<!-- The subject factory element -->`
			`<xs:complexType name="subjectFactoryType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`The optional "subject-factory-class-name" attribute sets the class name for the SubjectFactory`
			`implementation to be used. To use the container default set the value to "default".`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:attribute name="subject-factory-class-name" type="xs:string" use="optional"/>`
			`</xs:complexType>`

			`<!-- Configuration for security domains -->`
			`<xs:complexType name="securityDomainsType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`Configures security domains for applications.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="security-domain" type="securityDomainType" minOccurs="0" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`</xs:complexType>`

			`<xs:complexType name="securityDomainType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`Definition of a security domain.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:choice>`
			`<xs:element name="authentication" type="authenticationType" minOccurs="0" maxOccurs="1"/>`
			`<xs:element name="authentication-jaspi" type="authenticationJaspiType" minOccurs="0" maxOccurs="1"/>`
			`</xs:choice>`
			`<xs:element name="authorization" type="authorizationType" minOccurs="0" maxOccurs="1"/>`
			`<xs:element name="acl" type="aclType" minOccurs="0" maxOccurs="1"/>`
			`<xs:element name="mapping" type="mappingType" minOccurs="0" maxOccurs="1"/>`
			`<xs:element name="audit" type="auditType" minOccurs="0" maxOccurs="1"/>`
			`<xs:element name="identity-trust" type="identityTrustType" minOccurs="0" maxOccurs="1"/>`
			`<xs:element name="jsse" type="jsseType" minOccurs="0" maxOccurs="1"/>`
			`</xs:sequence>`
			`<xs:attribute name="name" type="xs:string" use="required"/>`
			`<xs:attribute name="extends" type="xs:string" use="optional"/>`
			`<xs:attribute name="cache-type" type="xs:string" use="optional"/>`
			`</xs:complexType>`

			`<xs:complexType name="authenticationType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`Authentication configuration.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="login-module" type="loginModuleType" minOccurs="1" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`</xs:complexType>`

			`<xs:complexType name="authenticationJaspiType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`JASPI authentication configuration.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="login-module-stack" type="loginModuleStackType" maxOccurs="unbounded"/>`
			`<xs:element name="auth-module" type="authModuleType" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`</xs:complexType>`

			`<xs:complexType name="authorizationType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`Authorization configuration.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="policy-module" type="policyModuleType" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`</xs:complexType>`

			`<xs:complexType name="aclType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`ACL configuration.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="acl-module" type="aclModuleType" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`</xs:complexType>`

			`<xs:complexType name="mappingType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`Mapping configuration.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="mapping-module" type="mappingModuleType" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`</xs:complexType>`

			`<xs:complexType name="auditType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`Audit configuration.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="provider-module" type="providerModuleType" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`</xs:complexType>`

			`<xs:complexType name="identityTrustType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`Identity trust configuration.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="trust-module" type="trustModuleType" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`</xs:complexType>`

			`<xs:simpleType name="module-option-flag">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`The flag attribute controls how a login module`
			`participates in the overall procedure.`
			`Required - The LoginModule is required to succeed. If it`
			`succeeds or fails, authentication still continues to proceed`
			`down the LoginModule list.`

			`Requisite - The LoginModule is required to succeed. If it succeeds,`
			`authentication continues down the LoginModule list. If it fails,`
			`control immediately returns to the application (authentication does not proceed`
			`down the LoginModule list).`

			`Sufficient - The LoginModule is not required to succeed. If it does`
			`succeed, control immediately returns to the application (authentication`
			`does not proceed down the LoginModule list). If it fails,`
			`authentication continues down the LoginModule list.`

			`Optional - The LoginModule is not required to succeed. If it succeeds or`
			`fails, authentication still continues to proceed down the`
			`LoginModule list.`

			`The overall authentication succeeds only if`
			`all required and requisite LoginModules succeed. If a`
			`sufficient LoginModule is configured and succeeds, then only`
			`the required and requisite LoginModules prior to that`
			`sufficient LoginModule need to have succeeded for the overall`
			`authentication to succeed. If no required or requisite`
			`LoginModules are configured for an application, then at least`
			`one sufficient or optional LoginModule must succeed.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:restriction base="xs:token">`
			`<xs:enumeration value="required"/>`
			`<xs:enumeration value="requisite"/>`
			`<xs:enumeration value="sufficient"/>`
			`<xs:enumeration value="optional"/>`
			`</xs:restriction>`
			`</xs:simpleType>`

			`<xs:complexType name="loginModuleType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`Login module configuration.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="module-option" type="propertyType" minOccurs="0" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`<xs:attribute name="code" type="xs:string" use="required"/>`
			`<xs:attribute name="flag" type="module-option-flag" use="required"/>`
			`</xs:complexType>`

			`<xs:complexType name="propertyType">`
			`<xs:attribute name="name" type="xs:string" use="required"/>`
			`<xs:attribute name="value" type="xs:string" use="required"/>`
			`</xs:complexType>`

			`<xs:complexType name="loginModuleStackType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`Login module configuration for JASPI.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="login-module" type="loginModuleType" minOccurs="1" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`<xs:attribute name="name" type="xs:string" use="required"/>`
			`</xs:complexType>`

			`<xs:complexType name="authModuleType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`Authentication module configuration for JASPI.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="module-option" type="propertyType" minOccurs="0" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`<xs:attribute name="code" type="xs:string" use="required"/>`
			`<xs:attribute name="login-module-stack-ref" type="xs:string" use="optional"/>`
			`</xs:complexType>`

			`<xs:complexType name="policyModuleType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`Authorization module configuration.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="module-option" type="propertyType" minOccurs="0" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`<xs:attribute name="code" type="xs:string" use="required"/>`
			`<xs:attribute name="flag" type="module-option-flag" use="required"/>`
			`</xs:complexType>`

			`<xs:complexType name="aclModuleType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`ACL module configuration.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="module-option" type="propertyType" minOccurs="0" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`<xs:attribute name="code" type="xs:string" use="required"/>`
			`<xs:attribute name="flag" type="module-option-flag" use="required"/>`
			`</xs:complexType>`

			`<xs:complexType name="mappingModuleType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`Mapping module configuration.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="module-option" type="propertyType" minOccurs="0" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`<xs:attribute name="type" type="xs:string" use="optional"/>`
			`<xs:attribute name="code" type="xs:string" use="required"/>`
			`</xs:complexType>`

			`<xs:complexType name="providerModuleType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`Audit module configuration.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="module-option" type="propertyType" minOccurs="0" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`<xs:attribute name="code" type="xs:string" use="required"/>`
			`</xs:complexType>`

			`<xs:complexType name="trustModuleType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`Identity trust module configuration.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="module-option" type="propertyType" minOccurs="0" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`<xs:attribute name="code" type="xs:string" use="required"/>`
			`<xs:attribute name="flag" type="module-option-flag" use="required"/>`
			`</xs:complexType>`

			`<xs:complexType name="jsseType">`
			`<xs:annotation>`
			`<xs:documentation>`
			`<![CDATA[`
			`JSSE configuration.`
			`]]>`
			`</xs:documentation>`
			`</xs:annotation>`
			`<xs:sequence>`
			`<xs:element name="additional-properties" type="xs:string" minOccurs="0" maxOccurs="1"/>`
			`</xs:sequence>`
			`<xs:attribute name="keystore-password" type="xs:string" use="optional"/>`
			`<xs:attribute name="keystore-type" type="xs:string" use="optional"/>`
			`<xs:attribute name="keystore-url" type="xs:string" use="optional"/>`
			`<xs:attribute name="keystore-provider" type="xs:string" use="optional"/>`
			`<xs:attribute name="keystore-provider-argument" type="xs:string" use="optional"/>`
			`<xs:attribute name="key-manager-factory-algorithm" type="xs:string" use="optional"/>`
			`<xs:attribute name="key-manager-factory-provider" type="xs:string" use="optional"/>`
			`<xs:attribute name="truststore-password" type="xs:string" use="optional"/>`
			`<xs:attribute name="truststore-type" type="xs:string" use="optional"/>`
			`<xs:attribute name="truststore-url" type="xs:string" use="optional"/>`
			`<xs:attribute name="truststore-provider" type="xs:string" use="optional"/>`
			`<xs:attribute name="truststore-provider-argument" type="xs:string" use="optional"/>`
			`<xs:attribute name="trust-manager-factory-algorithm" type="xs:string" use="optional"/>`
			`<xs:attribute name="trust-manager-factory-provider" type="xs:string" use="optional"/>`
			`<xs:attribute name="client-alias" type="xs:string" use="optional"/>`
			`<xs:attribute name="server-alias" type="xs:string" use="optional"/>`
			`<xs:attribute name="service-auth-token" type="xs:string" use="optional"/>`
			`<xs:attribute name="client-auth" type="xs:boolean" use="optional"/>`
			`<xs:attribute name="cipher-suites" type="xs:string" use="optional"/>`
			`<xs:attribute name="protocols" type="xs:string" use="optional"/>`
			`</xs:complexType>`

			`<xs:complexType name="properties">`
			`<xs:sequence>`
			`<xs:element name="property" type="propertyType" maxOccurs="unbounded"/>`
			`</xs:sequence>`
			`</xs:complexType>`

			`</xs:schema>`