|
Server : Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.6 System : Windows NT USER-PC 6.1 build 7601 (Windows 7 Professional Edition Service Pack 1) AMD64 User : User ( 0) PHP Version : 7.4.6 Disable Function : NONE Directory : C:/Program Files (x86)/Cisco/Cisco PEAP Module/ |
<?xml version="1.0"?>
<xs:schema
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="http://www.cisco.com/CCX"
targetNamespace="http://www.cisco.com/CCX"
elementFormDefault="qualified"
attributeFormDefault="unqualified">
<xs:element name="eapPeap" type="EapPeap"/>
<xs:complexType name="EapPeap">
<xs:complexContent>
<xs:extension base="TunnelMethods">
<xs:sequence>
<xs:element name="authMethods">
<xs:complexType>
<xs:choice>
<xs:element name="builtinMethods">
<xs:complexType>
<xs:choice>
<xs:element name="authenticateWithPassword">
<xs:complexType>
<xs:sequence>
<xs:element name="protectedIdentityPattern" type="IdentityPattern" minOccurs="0"/>
<xs:element name="passwordSource" type="PasswordSource"/>
<xs:element name="methods">
<xs:complexType>
<xs:all>
<xs:element name="eapMschapv2" type="Empty" minOccurs="0"/>
<xs:element name="eapGtc" type="Empty" minOccurs="0"/>
</xs:all>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="authenticateWithToken">
<xs:complexType>
<xs:sequence>
<xs:element name="protectedIdentityPattern" type="IdentityPattern" minOccurs="0"/>
<xs:element name="tokenSource" type="TokenSource"/>
<xs:element name="methods">
<xs:complexType>
<xs:all>
<xs:element name="eapGtc" type="Empty"/>
</xs:all>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:choice>
</xs:complexType>
</xs:element>
</xs:choice>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="IdentityPattern">
<xs:simpleContent>
<xs:extension base="NonEmptyString">
<xs:attribute name="encryptContent" type="xs:boolean" use="optional" default="true">
<xs:annotation>
<xs:documentation>this is defaulted to 'true' as an indication to the post-process tool that it should encrypt this element, if the element is not already encrypted (within an XML Security envelope).</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:complexType name="PasswordFromProfile">
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute name="encryptContent" type="xs:boolean" use="optional" default="true">
<xs:annotation>
<xs:documentation>this is defaulted to 'true' as an indication to the post-process tool that it should encrypt this element, if the element is not already encrypted (within an XML Security envelope).</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:complexType name="PasswordSource">
<xs:choice>
<xs:element name="passwordFromLogon" type="Empty"/>
<xs:element name="passwordFromUser" type="Empty"/>
<xs:element name="passwordFromProfile" type="PasswordFromProfile"/>
</xs:choice>
</xs:complexType>
<xs:complexType name="TokenSource">
<xs:choice>
<xs:element name="passwordFromOtherToken" type="Empty">
<xs:annotation>
<xs:documentation>this will result in a prompt to user to obtain identity and otp from token</xs:documentation>
</xs:annotation>
</xs:element>
</xs:choice>
</xs:complexType>
<xs:complexType name="TunnelMethods">
<xs:sequence>
<xs:choice>
<xs:element name="validateServerCertificate" type="serverCertificateValidationParameters"/>
<xs:element name="doNotValidateServerCertificate" type="Empty"/>
</xs:choice>
<xs:element name="unprotectedIdentityPattern" type="IdentityPattern" minOccurs="0">
<xs:annotation>
<xs:documentation>If the [username] and/or [domain] placeholders are used in the pattern then: if a client certificate is used for authentication then placeholder's values shall be obtained from the CN field of the client certificate. if the credentials are obtained from the end-user then they shall be obtained from the information the user enters. if the credentials are obtained from the operating system then they shall be obtained from the information the logon provides.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:choice>
<xs:element name="enableFastReconnect">
<xs:complexType>
<xs:complexContent>
<xs:extension base="Empty">
<xs:choice>
<xs:element name="alwaysAttempt" type="Empty"/>
</xs:choice>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:element>
<xs:element name="disableFastReconnect" type="Empty"/>
</xs:choice>
</xs:sequence>
</xs:complexType>
<xs:complexType name="CertificateContainer">
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element name="certificateId" type="CertificateIdentifier"/>
</xs:choice>
</xs:complexType>
<xs:complexType name="CertificateIdentifier">
<xs:simpleContent>
<xs:annotation>
<xs:documentation>SHA 1 hash over the whole binary certificate in X509 format that uniquely identifies a certificate in the global list of trusted CAs for the machine (OS managed store in windows).</xs:documentation>
</xs:annotation>
<xs:extension base="NonEmptyString">
<xs:attribute name="reference" type="xs:boolean">
<xs:annotation>
<xs:documentation>true means this is a file reference to a certificate in PEM format, false means this is the SHA1 hash over that certificate. This is so the admin does not need to find, cut and paste the hash, but rather just point at a file and post process tool will convert it to a hash.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:complexType name="Empty"/>
<xs:simpleType name="NonEmptyString">
<xs:restriction base="xs:string">
<xs:minLength value="1"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="ServerRuleFormat">
<xs:simpleContent>
<xs:extension base="NonEmptyString">
<xs:attribute name="match" use="required">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="exactly"/>
<xs:enumeration value="endsWith"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:complexType name="ServerValidationRules">
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>
This is optional so that the Vista product may allow a profile that has no server validations rules to start with and when a user validates an untrusted server the validation process still validates the server name.</xs:documentation>
</xs:annotation>
<xs:element name="matchSubjectAlternativeName" type="ServerRuleFormat"/>
<xs:element name="matchSubject" type="ServerRuleFormat"/>
</xs:choice>
</xs:complexType>
<xs:complexType name="serverCertificateValidationParameters">
<xs:sequence>
<xs:choice>
<xs:element name="serverNameValidationRules" type="ServerValidationRules"/>
<xs:element name="anyServerName" type="Empty">
<xs:annotation>
<xs:documentation>the server name within the certificate will not be tested.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:choice>
<xs:choice>
<xs:element name="validateChainWithSpecificCa">
<xs:complexType>
<xs:complexContent>
<xs:extension base="CertificateContainer"/>
</xs:complexContent>
</xs:complexType>
</xs:element>
<xs:element name="validateChainWithAnyCaFromOs" type="Empty">
<xs:annotation>
<xs:documentation>the certificate chain will be trusted if it ends in a CA cert from the global CA cert store.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:choice>
<xs:element name="userValidatesUntrustedServerCertificate" type="xs:boolean">
<xs:annotation>
<xs:documentation>if the server certificate fails to validate then if this is true the end-user will be asked to validate the server. If they do so then appropriate trustedCaCerts will be remembered as well as the server name fields so it will be automatically trusted in the future.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:schema>