web-2/wildfly/docs/schema/wildfly-picketlink-federation_2_0.xsd

377 lines
18 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright The WildFly Authors
~ SPDX-License-Identifier: Apache-2.0
-->
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
targetNamespace="urn:jboss:domain:picketlink-federation:2.0"
xmlns="urn:jboss:domain:picketlink-federation:2.0"
elementFormDefault="qualified"
attributeFormDefault="unqualified"
version="2.0">
<!-- The picketlink federation subsystem root element -->
<xsd:element name="subsystem" type="subsystemType"/>
<xsd:complexType name="subsystemType">
<xsd:sequence>
<xsd:element name="federation" type="federationType" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="federationType">
<xsd:annotation>
<xsd:documentation>Defines the Federation type.</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="saml" type="samlType" minOccurs="0" maxOccurs="1"/>
<xsd:element name="key-store" type="keyStoreType" minOccurs="0" maxOccurs="1"/>
<xsd:element name="identity-provider" type="identityProviderType" minOccurs="0" maxOccurs="1"/>
<xsd:element name="service-providers" type="serviceProvidersType" minOccurs="0" maxOccurs="1"/>
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>The federation name.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="samlType">
<xsd:annotation>
<xsd:documentation>Defines the SAML type. This type defines all configurations about how SAML assertions are processed and created.</xsd:documentation>
</xsd:annotation>
<xsd:attribute name="clock-skew" type="xsd:int" use="optional" default="0">
<xsd:annotation>
<xsd:documentation>Defines the clock skew for SAML assertions. The value must be specified in milliseconds.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="token-timeout" type="xsd:int" use="optional" default="5000">
<xsd:annotation>
<xsd:documentation>Defines the timeout for SAML assertions. The value must be specified in milliseconds.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="roleGeneratorType">
<xsd:annotation>
<xsd:documentation>The RoleGenerator implementation that will be used to load roles and push them to SAML assertions.</xsd:documentation>
</xsd:annotation>
<xsd:attribute name="name" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>Defines the role generator name.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="class-name" type="xsd:string" use="optional">
<xsd:annotation>
<xsd:documentation>The FQN of the RoleGenerator type.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="code" type="xsd:string" use="optional">
<xsd:annotation>
<xsd:documentation>Defines an alias which maps to a built-in type.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="module" type="xsd:string" use="optional">
<xsd:annotation>
<xsd:documentation>Defines the module to be used when loading class-name.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="attributeManagerType">
<xsd:annotation>
<xsd:documentation>The AttributeManager implementation that will be used to load roles and push them to SAML assertions.</xsd:documentation>
</xsd:annotation>
<xsd:attribute name="name" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>Defines the attribute manager name.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="class-name" type="xsd:string" use="optional">
<xsd:annotation>
<xsd:documentation>The FQN of the AttributeManager type.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="code" type="xsd:string" use="optional">
<xsd:annotation>
<xsd:documentation>Defines an alias which maps to a built-in type.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="module" type="xsd:string" use="optional">
<xsd:annotation>
<xsd:documentation>Defines the module to be used when loading class-name.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="keyStoreType">
<xsd:annotation>
<xsd:documentation>Defines the KeyStore type. This type defines how key stores are configured.</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="keys" type="keysType" minOccurs="0" maxOccurs="1" nillable="true"/>
</xsd:sequence>
<xsd:attribute name="password" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>Defines the password for the key store.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="sign-key-alias" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>Defines the alias to be used when signing documents.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="sign-key-password" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>Defines the password for the sign-key-alias.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="file" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>Defines the file location.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="relative-to" type="xsd:string" use="optional">
<xsd:annotation>
<xsd:documentation>
One of the system-provided named paths (such as jboss.home.dir,
user.home, user.dir) relative to which the absolute path
will be calculated for the path specified in the file attribute.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="keysType">
<xsd:annotation>
<xsd:documentation>Keys Configuration.</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="key" type="keyType" minOccurs="1" maxOccurs="unbounded" nillable="false"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="keyType">
<xsd:annotation>
<xsd:documentation>Defines a Key.</xsd:documentation>
</xsd:annotation>
<xsd:attribute name="name" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>Defines the name or alias of a key in a given key store.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="host" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>A single or a comma separated list of strings representing the host names validated by the given key.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="identityProviderType">
<xsd:annotation>
<xsd:documentation>Defines the Identity Provider type.</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="trust" type="trustType" minOccurs="0" maxOccurs="1" nillable="true"/>
<xsd:element name="role-generator" type="roleGeneratorType" minOccurs="0" maxOccurs="1"/>
<xsd:element name="attribute-manager" type="attributeManagerType" minOccurs="0" maxOccurs="1"/>
<xsd:element name="handlers" type="handlersType" minOccurs="0" maxOccurs="1" nillable="true"/>
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>A unique name for the Identity Provider. The name must be the deployment unit name. Eg.: idp.war.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="url" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>URL for this Identity Provider.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="support-signatures" type="xsd:boolean" default="false" use="optional">
<xsd:annotation>
<xsd:documentation>Indicates if signature is supported.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="encrypt" type="xsd:boolean" default="false" use="optional">
<xsd:annotation>
<xsd:documentation>Indicates if encryption is supported.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="security-domain" type="xsd:string" use="optional">
<xsd:annotation>
<xsd:documentation>
The name of a security-domain that will be used to authenticate and authorize users.
This attribute is required if the IdP is not external. See the 'external' attribute for more details.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="strict-post-binding" type="xsd:boolean" use="optional" default="true">
<xsd:annotation>
<xsd:documentation>Indicates if the the IDP should always respond using HTTP POST binding.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="external" type="xsd:boolean" use="optional" default="false">
<xsd:annotation>
<xsd:documentation>Indicates if the configuration is a reference to a external IdP.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="support-metadata" type="xsd:boolean" use="optional" default="false">
<xsd:annotation>
<xsd:documentation>Enable/Disable SAML Metadata Support.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="ssl-authentication" type="xsd:boolean" use="optional" default="false">
<xsd:annotation>
<xsd:documentation>Indicates if the identity provider should also support HTTP CLIENT_CERT authentication.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="serviceProvidersType">
<xsd:annotation>
<xsd:documentation>Groups Service Provider types.</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="service-provider" type="serviceProviderType" minOccurs="1" maxOccurs="unbounded" nillable="false"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="serviceProviderType">
<xsd:annotation>
<xsd:documentation>Defines the Service Provider type.</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="handlers" type="handlersType" minOccurs="0" maxOccurs="1" nillable="true"/>
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>Name for this instance. This name must be the deployment unit name.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="url" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>URL for this Service Provider.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="post-binding" type="xsd:boolean" use="optional" default="true">
<xsd:annotation>
<xsd:documentation>Indicates which SAML Binding to use. If is true
HTTP POST binding will be used. Othwerwise HTTP REDIRECT binding
will be used.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="strict-post-binding" type="xsd:boolean" use="optional" default="true">
<xsd:annotation>
<xsd:documentation>Indicates which SAML Binding to use. If is true
HTTP POST binding will be used. Othwerwise HTTP REDIRECT binding
will be used.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="support-signatures" type="xsd:boolean" use="optional" default="false">
<xsd:annotation>
<xsd:documentation>Indicates if signature is supported.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="support-metadata" type="xsd:boolean" use="optional" default="false">
<xsd:annotation>
<xsd:documentation>Enable/Disable SAML Metadata Support.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="security-domain" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>Security Domain name used to authenticate users.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="error-page" type="xsd:string" use="optional" default="/error.jsp">
<xsd:annotation>
<xsd:documentation>Defines a custom error page location.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="logout-page" type="xsd:string" use="optional" default="/logout.jsp">
<xsd:annotation>
<xsd:documentation>Defines a custom logout page location.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="trustType">
<xsd:annotation>
<xsd:documentation>Groups Trusted Domain Types.</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="trust-domain" type="trustedDomainType" minOccurs="1" maxOccurs="unbounded" nillable="false"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="trustedDomainType">
<xsd:annotation>
<xsd:documentation>Defines the Truted Domain Type.</xsd:documentation>
</xsd:annotation>
<xsd:attribute name="name" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>Defines the domain name.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="cert-alias" type="xsd:string" use="optional">
<xsd:annotation>
<xsd:documentation>Defines the certificate alias for this domain.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="handlersType">
<xsd:annotation>
<xsd:documentation>Groups Handler Types.</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="handler" type="handlerType" minOccurs="1" maxOccurs="unbounded" nillable="false"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="handlerType">
<xsd:annotation>
<xsd:documentation>Defines the Handler Type.</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="handler-parameter" type="handlerParameterType" minOccurs="0" maxOccurs="unbounded"
nillable="true"/>
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>Defines the handler name.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="class-name" type="xsd:string" use="optional">
<xsd:annotation>
<xsd:documentation>Defines the handler class name.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="code" type="xsd:string" use="optional">
<xsd:annotation>
<xsd:documentation>Defines an alias which maps to a built-in type.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
<xsd:complexType name="handlerParameterType">
<xsd:annotation>
<xsd:documentation>Defines the Handler Parameter Type.</xsd:documentation>
</xsd:annotation>
<xsd:attribute name="name" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>Defines the parameter name.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="value" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>Defines the parameter value.</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
</xsd:schema>