Skip to content

Commit

Permalink
schema change for authentication flows (identity recovery, password r…
Browse files Browse the repository at this point in the history 
…eset, registration): they extend UserInterfaceFeatureType now
  • Loading branch information
@KaterynaHonchar
KaterynaHonchar committed Aug 25, 2023
1 parent 55f6d43 commit fe2e220
Showing 1 changed file with 140 additions and 150 deletions.
290 changes: 140 additions & 150 deletions infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2297,92 +2297,73 @@
</a:schemaMigration>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="name" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Name of the password reset scheme. This is a short name that acts both as an
identifier of the scheme and also as a short name used for diagnostics.
<xsd:complexContent>
<xsd:extension base="tns:UserInterfaceFeatureType">
<xsd:sequence>
<xsd:element name="name" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Name of the password reset scheme. This is a short name that acts both as an
identifier of the scheme and also as a short name used for diagnostics.

DEPRECATED: use identifier attribute instead of name
</xsd:documentation>
<xsd:appinfo>
<a:since>3.7.1</a:since>
<a:deprecated/>
<a:deprecatedSince>4.7</a:deprecatedSince>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="identifier" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
Unique credentials reset identifier. Can be used for overriding credentials reset in different security
policies. Can be also used as a short name used for diagnostics (instead of name attribute).
</xsd:documentation>
<xsd:appinfo>
<a:since>4.7</a:since>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="description" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Free form description of the credential reset method (administrator comment).
</xsd:documentation>
<xsd:appinfo>
<a:since>4.1</a:since>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element ref="tns:documentation" minOccurs="0" maxOccurs="1"/>
<xsd:element name="authenticationSequenceName" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Defines authentication sequence, which will be used for reset credential.
Since 4.7: it's better to specify sequence identifier here instead of sequence name
as name attribute becomes deprecated in some objects which are used for
authentication configuration starting from 4.7 version (e.g. in AuthenticationSequenceType)
</xsd:documentation>
<xsd:appinfo>
<a:since>4.1</a:since>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="newCredentialSource" type="tns:CredentialSourceType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
Source of a new credential value. This setting specifies whether the new credential
value should be provided by the user, randomly generated, derived by a key-exchange
protocol and so on.
</xsd:documentation>
<xsd:appinfo>
<a:since>3.7.1</a:since>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="forceChange" type="xsd:boolean" minOccurs="0" maxOccurs="1" default="false">
<xsd:annotation>
<xsd:documentation>
If set to true then the new credential will have the forceChange flag set.
Which usually means that the user will have to change the credential on next logon.
</xsd:documentation>
<xsd:appinfo>
<a:since>3.7.1</a:since>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="formRef" type="c:ObjectReferenceType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
Reference to form which is displayed for reset
</xsd:documentation>
<xsd:appinfo>
<a:objectReferenceTargetType>tns:FormType</a:objectReferenceTargetType>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
<xsd:attribute name="id" type="xsd:long"/>
DEPRECATED: use identifier attribute instead of name
</xsd:documentation>
<xsd:appinfo>
<a:since>3.7.1</a:since>
<a:deprecated/>
<a:deprecatedSince>4.7</a:deprecatedSince>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="authenticationSequenceName" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Defines authentication sequence, which will be used for reset credential.
Since 4.7: it's better to specify sequence identifier here instead of sequence name
as name attribute becomes deprecated in some objects which are used for
authentication configuration starting from 4.7 version (e.g. in AuthenticationSequenceType)
</xsd:documentation>
<xsd:appinfo>
<a:since>4.1</a:since>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="newCredentialSource" type="tns:CredentialSourceType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
Source of a new credential value. This setting specifies whether the new credential
value should be provided by the user, randomly generated, derived by a key-exchange
protocol and so on.
</xsd:documentation>
<xsd:appinfo>
<a:since>3.7.1</a:since>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="forceChange" type="xsd:boolean" minOccurs="0" maxOccurs="1" default="false">
<xsd:annotation>
<xsd:documentation>
If set to true then the new credential will have the forceChange flag set.
Which usually means that the user will have to change the credential on next logon.
</xsd:documentation>
<xsd:appinfo>
<a:since>3.7.1</a:since>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="formRef" type="c:ObjectReferenceType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
Reference to form which is displayed for reset
</xsd:documentation>
<xsd:appinfo>
<a:objectReferenceTargetType>tns:FormType</a:objectReferenceTargetType>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>

<xsd:complexType name="IdentityRecoveryPolicyType">
Expand All @@ -2398,39 +2379,27 @@
<a:container/>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="identifier" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Unique identifier. Can be used for overriding the configuration in different security policies.
Can be also used as a short name used for diagnostics.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="description" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Free form description of the identity recovery policy.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="authenticationSequenceIdentifier" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
Defines authentication sequence, which should be used for identity recovery.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="itemToDisplay" type="t:ItemPathType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>
The path to the user attribute which should be displayed after the user was found. If no attribute is
specified, user's name attribute will be displayed.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
<xsd:attribute name="id" type="xsd:long"/>
<xsd:complexContent>
<xsd:extension base="tns:UserInterfaceFeatureType">
<xsd:sequence>
<xsd:element name="authenticationSequenceIdentifier" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
Defines authentication sequence, which should be used for identity recovery.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="itemToDisplay" type="t:ItemPathType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>
The path to the user attribute which should be displayed after the user was found. If no attribute is
specified, user's name attribute will be displayed.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>

<xsd:complexType name="CredentialSourceType">
Expand Down Expand Up @@ -2498,38 +2467,59 @@
</a:schemaMigration>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="name" type="xsd:string" minOccurs="0">
</xsd:element>
<xsd:element name="initialLifecycleState" type="xsd:string" minOccurs="0">
</xsd:element>
<xsd:element name="requiredLifecycleState" type="xsd:string" minOccurs="0">
</xsd:element>
<xsd:element name="displayName" type="xsd:string" minOccurs="0">
</xsd:element>
<xsd:element name="additionalAuthenticationSequence" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Defined authentication sequence, which will be use for additional authentication.
</xsd:documentation>
<xsd:appinfo>
<a:since>4.5</a:since>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="defaultRole" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>
Reference to the default roles which will be assigned to the user automatically after registration
</xsd:documentation>
<xsd:appinfo>
<a:objectReferenceTargetType>tns:AbstractRoleType</a:objectReferenceTargetType>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<!-- More registration types may come here in the future. -->
</xsd:sequence>
<xsd:attribute name="id" type="xsd:long"/>
<xsd:complexContent>
<xsd:extension base="tns:UserInterfaceFeatureType">
<xsd:sequence>
<xsd:element name="name" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Use UserInterfaceFeatureType.identifier instead
</xsd:documentation>
<xsd:appinfo>
<a:deprecated/>
<a:deprecatedSince>4.8</a:deprecatedSince>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="initialLifecycleState" type="xsd:string" minOccurs="0">
</xsd:element>
<xsd:element name="requiredLifecycleState" type="xsd:string" minOccurs="0">
</xsd:element>
<xsd:element name="displayName" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Use UserInterfaceFeatureType.display.label instead
</xsd:documentation>
<xsd:appinfo>
<a:deprecated/>
<a:deprecatedSince>4.8</a:deprecatedSince>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="additionalAuthenticationSequence" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Defined authentication sequence, which will be use for additional authentication.
</xsd:documentation>
<xsd:appinfo>
<a:since>4.5</a:since>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="defaultRole" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>
Reference to the default roles which will be assigned to the user automatically after registration
</xsd:documentation>
<xsd:appinfo>
<a:objectReferenceTargetType>tns:AbstractRoleType</a:objectReferenceTargetType>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<!-- More registration types may come here in the future. -->
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>

<xsd:complexType name="SelfRegistrationPolicyType">
Expand Down

0 comments on commit fe2e220

Please sign in to comment.