377 lines
18 KiB
XML
377 lines
18 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!--
|
|
~ Copyright The WildFly Authors
|
|
~ SPDX-License-Identifier: Apache-2.0
|
|
-->
|
|
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
|
|
targetNamespace="urn:jboss:domain:picketlink-federation:1.1"
|
|
xmlns="urn:jboss:domain:picketlink-federation:1.1"
|
|
elementFormDefault="qualified"
|
|
attributeFormDefault="unqualified"
|
|
version="1.1">
|
|
|
|
<!-- The picketlink federation subsystem root element -->
|
|
<xsd:element name="subsystem" type="subsystemType"/>
|
|
|
|
<xsd:complexType name="subsystemType">
|
|
<xsd:sequence>
|
|
<xsd:element name="federation" type="federationType" minOccurs="0" maxOccurs="unbounded"/>
|
|
</xsd:sequence>
|
|
</xsd:complexType>
|
|
|
|
<xsd:complexType name="federationType">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the Federation type.</xsd:documentation>
|
|
</xsd:annotation>
|
|
<xsd:sequence>
|
|
<xsd:element name="saml" type="samlType" minOccurs="0" maxOccurs="1"/>
|
|
<xsd:element name="key-store" type="keyStoreType" minOccurs="0" maxOccurs="1"/>
|
|
<xsd:element name="identity-provider" type="identityProviderType" minOccurs="0" maxOccurs="1"/>
|
|
<xsd:element name="service-providers" type="serviceProvidersType" minOccurs="0" maxOccurs="1"/>
|
|
</xsd:sequence>
|
|
<xsd:attribute name="name" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>The federation name.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
</xsd:complexType>
|
|
|
|
<xsd:complexType name="samlType">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the SAML type. This type defines all configurations about how SAML assertions are processed and created.</xsd:documentation>
|
|
</xsd:annotation>
|
|
<xsd:attribute name="clock-skew" type="xsd:int" use="optional" default="0">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the clock skew for SAML assertions. The value must be specified in milliseconds.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="token-timeout" type="xsd:int" use="optional" default="5000">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the timeout for SAML assertions. The value must be specified in milliseconds.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
</xsd:complexType>
|
|
|
|
<xsd:complexType name="roleGeneratorType">
|
|
<xsd:annotation>
|
|
<xsd:documentation>The RoleGenerator implementation that will be used to load roles and push them to SAML assertions.</xsd:documentation>
|
|
</xsd:annotation>
|
|
<xsd:attribute name="name" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the role generator name.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="class-name" type="xsd:string" use="optional">
|
|
<xsd:annotation>
|
|
<xsd:documentation>The FQN of the RoleGenerator type.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="code" type="xsd:string" use="optional">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines an alias which maps to a built-in type.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="module" type="xsd:string" use="optional">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the module to be used when loading class-name.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
</xsd:complexType>
|
|
|
|
<xsd:complexType name="attributeManagerType">
|
|
<xsd:annotation>
|
|
<xsd:documentation>The AttributeManager implementation that will be used to load roles and push them to SAML assertions.</xsd:documentation>
|
|
</xsd:annotation>
|
|
<xsd:attribute name="name" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the attribute manager name.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="class-name" type="xsd:string" use="optional">
|
|
<xsd:annotation>
|
|
<xsd:documentation>The FQN of the AttributeManager type.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="code" type="xsd:string" use="optional">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines an alias which maps to a built-in type.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="module" type="xsd:string" use="optional">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the module to be used when loading class-name.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
</xsd:complexType>
|
|
|
|
<xsd:complexType name="keyStoreType">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the KeyStore type. This type defines how key stores are configured.</xsd:documentation>
|
|
</xsd:annotation>
|
|
<xsd:sequence>
|
|
<xsd:element name="keys" type="keysType" minOccurs="0" maxOccurs="1" nillable="true"/>
|
|
</xsd:sequence>
|
|
<xsd:attribute name="password" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the password for the key store.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="sign-key-alias" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the alias to be used when signing documents.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="sign-key-password" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the password for the sign-key-alias.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="file" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the file location.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="relative-to" type="xsd:string" use="optional">
|
|
<xsd:annotation>
|
|
<xsd:documentation>
|
|
One of the system-provided named paths (such as jboss.home.dir,
|
|
user.home, user.dir) relative to which the absolute path
|
|
will be calculated for the path specified in the file attribute.
|
|
</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
</xsd:complexType>
|
|
|
|
<xsd:complexType name="keysType">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Keys Configuration.</xsd:documentation>
|
|
</xsd:annotation>
|
|
<xsd:sequence>
|
|
<xsd:element name="key" type="keyType" minOccurs="1" maxOccurs="unbounded" nillable="false"/>
|
|
</xsd:sequence>
|
|
</xsd:complexType>
|
|
|
|
<xsd:complexType name="keyType">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines a Key.</xsd:documentation>
|
|
</xsd:annotation>
|
|
<xsd:attribute name="name" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the name or alias of a key in a given key store.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="host" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>A single or a comma separated list of strings representing the host names validated by the given key.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
</xsd:complexType>
|
|
|
|
<xsd:complexType name="identityProviderType">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the Identity Provider type.</xsd:documentation>
|
|
</xsd:annotation>
|
|
<xsd:sequence>
|
|
<xsd:element name="trust" type="trustType" minOccurs="0" maxOccurs="1" nillable="true"/>
|
|
<xsd:element name="role-generator" type="roleGeneratorType" minOccurs="0" maxOccurs="1"/>
|
|
<xsd:element name="attribute-manager" type="attributeManagerType" minOccurs="0" maxOccurs="1"/>
|
|
<xsd:element name="handlers" type="handlersType" minOccurs="0" maxOccurs="1" nillable="true"/>
|
|
</xsd:sequence>
|
|
<xsd:attribute name="name" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>A unique name for the Identity Provider. The name must be the deployment unit name. Eg.: idp.war.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="url" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>URL for this Identity Provider.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="support-signatures" type="xsd:boolean" default="false" use="optional">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Indicates if signature is supported.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="encrypt" type="xsd:boolean" default="false" use="optional">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Indicates if encryption is supported.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="security-domain" type="xsd:string" use="optional">
|
|
<xsd:annotation>
|
|
<xsd:documentation>
|
|
The name of a security-domain that will be used to authenticate and authorize users.
|
|
This attribute is required if the IdP is not external. See the 'external' attribute for more details.
|
|
</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="strict-post-binding" type="xsd:boolean" use="optional" default="true">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Indicates if the the IDP should always respond using HTTP POST binding.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="external" type="xsd:boolean" use="optional" default="false">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Indicates if the configuration is a reference to a external IdP.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="support-metadata" type="xsd:boolean" use="optional" default="false">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Enable/Disable SAML Metadata Support.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="ssl-authentication" type="xsd:boolean" use="optional" default="false">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Indicates if the identity provider should also support HTTP CLIENT_CERT authentication.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
</xsd:complexType>
|
|
|
|
<xsd:complexType name="serviceProvidersType">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Groups Service Provider types.</xsd:documentation>
|
|
</xsd:annotation>
|
|
<xsd:sequence>
|
|
<xsd:element name="service-provider" type="serviceProviderType" minOccurs="1" maxOccurs="unbounded" nillable="false"/>
|
|
</xsd:sequence>
|
|
</xsd:complexType>
|
|
|
|
<xsd:complexType name="serviceProviderType">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the Service Provider type.</xsd:documentation>
|
|
</xsd:annotation>
|
|
<xsd:sequence>
|
|
<xsd:element name="handlers" type="handlersType" minOccurs="0" maxOccurs="1" nillable="true"/>
|
|
</xsd:sequence>
|
|
<xsd:attribute name="name" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Name for this instance. This name must be the deployment unit name.
|
|
</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="url" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>URL for this Service Provider.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="post-binding" type="xsd:boolean" use="optional" default="true">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Indicates which SAML Binding to use. If is true
|
|
HTTP POST binding will be used. Othwerwise HTTP REDIRECT binding
|
|
will be used.
|
|
</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="strict-post-binding" type="xsd:boolean" use="optional" default="true">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Indicates which SAML Binding to use. If is true
|
|
HTTP POST binding will be used. Othwerwise HTTP REDIRECT binding
|
|
will be used.
|
|
</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="support-signatures" type="xsd:boolean" use="optional" default="false">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Indicates if signature is supported.
|
|
</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="support-metadata" type="xsd:boolean" use="optional" default="false">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Enable/Disable SAML Metadata Support.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="security-domain" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Security Domain name used to authenticate users.
|
|
</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="error-page" type="xsd:string" use="optional" default="/error.jsp">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines a custom error page location.
|
|
</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="logout-page" type="xsd:string" use="optional" default="/logout.jsp">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines a custom logout page location.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
</xsd:complexType>
|
|
|
|
<xsd:complexType name="trustType">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Groups Trusted Domain Types.</xsd:documentation>
|
|
</xsd:annotation>
|
|
<xsd:sequence>
|
|
<xsd:element name="trust-domain" type="trustedDomainType" minOccurs="1" maxOccurs="unbounded" nillable="false"/>
|
|
</xsd:sequence>
|
|
</xsd:complexType>
|
|
|
|
<xsd:complexType name="trustedDomainType">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the Truted Domain Type.</xsd:documentation>
|
|
</xsd:annotation>
|
|
<xsd:attribute name="name" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the domain name.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="cert-alias" type="xsd:string" use="optional">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the certificate alias for this domain.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
</xsd:complexType>
|
|
|
|
<xsd:complexType name="handlersType">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Groups Handler Types.</xsd:documentation>
|
|
</xsd:annotation>
|
|
<xsd:sequence>
|
|
<xsd:element name="handler" type="handlerType" minOccurs="1" maxOccurs="unbounded" nillable="false"/>
|
|
</xsd:sequence>
|
|
</xsd:complexType>
|
|
|
|
<xsd:complexType name="handlerType">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the Handler Type.</xsd:documentation>
|
|
</xsd:annotation>
|
|
<xsd:sequence>
|
|
<xsd:element name="handler-parameter" type="handlerParameterType" minOccurs="0" maxOccurs="unbounded"
|
|
nillable="true"/>
|
|
</xsd:sequence>
|
|
<xsd:attribute name="name" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the handler name.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="class-name" type="xsd:string" use="optional">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the handler class name.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="code" type="xsd:string" use="optional">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines an alias which maps to a built-in type.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
</xsd:complexType>
|
|
|
|
<xsd:complexType name="handlerParameterType">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the Handler Parameter Type.</xsd:documentation>
|
|
</xsd:annotation>
|
|
<xsd:attribute name="name" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the parameter name.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
<xsd:attribute name="value" type="xsd:string" use="required">
|
|
<xsd:annotation>
|
|
<xsd:documentation>Defines the parameter value.</xsd:documentation>
|
|
</xsd:annotation>
|
|
</xsd:attribute>
|
|
</xsd:complexType>
|
|
</xsd:schema> |