Cisco Secure ACS Express 5.0.1 ユーザ ガイド User Guide for the Cisco Secure ACS Express 5.0.1
XML 設定ファイル
XML 設定ファイル
発行日;2012/02/02 | 英語版ドキュメント(2009/11/29 版) | ドキュメントご利用ガイド | ダウンロード ; この章pdf , ドキュメント全体pdf (PDF - 3MB) | フィードバック

目次

XML 設定ファイル

空の設定ファイル

インポート/エクスポート スキーマ

XML 設定ファイル

この付録には、参考資料として次の XML ファイルの内容を紹介します。

「空の設定ファイル」

「インポート/エクスポート スキーマ」

空の設定ファイル

次に、空の設定ファイル( acsxp_factory_defaults.xml )の内容を示します。

'acsxp_factory_defaults.xml' ?
It's only able 20 lines:
 
 
<?xml version="1.0" encoding="UTF-8"?>
<acs:ACSExpress xmlns:acs="http://www.cisco.com/ACSExpress/5.0.1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.cisco.com/ACSExpress/5.0.1/ImportExport.xsd ">
<Configuration>
<DeviceGroups></DeviceGroups>
<Devices></Devices>
<UserGroups></UserGroups>
<Users></Users>
<ExternalDBActiveDirectory></ExternalDBActiveDirectory>
<ExternalDBLDAP></ExternalDBLDAP>
<ExternalDBOTP></ExternalDBOTP>
<Policies>
<RadiusAttributeSets></RadiusAttributeSets>
<TimeOfDays></TimeOfDays>
<RadiusAccess></RadiusAccess>
<TacacsPlusAccess></TacacsPlusAccess>
</Policies>
</Configuration>
</acs:ACSExpress>
 

 

インポート/エクスポート スキーマ

次に示すのは、さまざまな ACS Express オブジェクトが含まれるインポート/エクスポート XML ファイルの XML スキーマです。

<?xml version="1.0" encoding="UTF-8"?>
 
<!--
Document : ImportExport.xsd
Created on : November 2, 2006, 3:29 PM
Author : ajeyak
Description: This XML Schema describes the schema for the import/export xml file containing AR Objects
TODO : namespacing http://acsexpress.cisco.com/ACSExpressSchema/5.0.1
-->
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:acs="http://www.cisco.com/ACSExpress/5.0.1"
targetNamespace="http://www.cisco.com/ACSExpress/5.0.1"
xmlns="http://www.cisco.com/ACSExpress/5.0.1"
elementFormDefault="unqualified" attributeFormDefault="unqualified">
 
<!-- Restrictions Block. Commonly used restrictions will be defined here -->
<xsd:simpleType name="StringType">
<xsd:restriction base="xsd:string">
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="253"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
 
<!-- The simpleTypes below are in sync with the field masks used in the UI -->
<xsd:simpleType name="ExpressRawStringType">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[^&lt;&gt;/]*">
</xsd:pattern>
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="ExpressPasswordType">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[^&lt;&gt;]*">
</xsd:pattern>
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="ExpressDescriptionType">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[\w&#x20;._\-,'#]*"></xsd:pattern>
<xsd:minLength value="0"></xsd:minLength>
<xsd:maxLength value="64"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="ExpressSecretType">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[^&lt;&gt;/]*"></xsd:pattern>
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="32"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="ExpressStringType">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[\w&#x20;._\-]*">
</xsd:pattern>
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="ExpressNameType">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[\w&#x20;._\-]*"></xsd:pattern>
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="32"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="ExpressWebCertKeyType">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[^&quot;\\]*">
</xsd:pattern>
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="ExpressExternalDBType">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[^&lt;&gt;/&amp;]*">
</xsd:pattern>
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="255"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="ExpressExternalDBContainerType">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[^&lt;&gt;/&amp;]*">
</xsd:pattern>
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="1024"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="ExpressExternalDBADDomain">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[0-9A-Za-z\._\-]*">
</xsd:pattern>
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="255"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="ExpressExternalDBADUsername">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[^&lt;&gt;/&amp;]*">
</xsd:pattern>
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="125"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="ExpressLDAPFilterType">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[0-9A-Za-z]*"></xsd:pattern>
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="32"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="ExpressLDAPHostNameOrIP">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[0-9A-Za-z\._\-]*">
</xsd:pattern>
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="1024"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="ExpressLDAPGroupObjectClassFilterType">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[0-9A-Za-z*]*"></xsd:pattern>
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="32"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
<xsd:simpleType name="ExpressServerCertKeyType">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[^&quot;\\]*">
</xsd:pattern>
</xsd:restriction>
</xsd:simpleType>
 
<xsd:simpleType name="ExpressGroupFilterType">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[^;&lt;&gt;]*"></xsd:pattern>
<xsd:minLength value="0"></xsd:minLength>
<xsd:maxLength value="1024"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
 
<xsd:simpleType name="ExpressAuthorityIdentifierType">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[\w&#x20;._\-]*">
</xsd:pattern>
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="32"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
 
<xsd:simpleType name="ExpressNapNameType">
<xsd:restriction base="xsd:string">
<xsd:pattern value="[\w_\-]*"></xsd:pattern>
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="32"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
 
<xsd:simpleType name="IPAddressType">
<xsd:restriction base="xsd:string">
<xsd:pattern
value="((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])">
</xsd:pattern>
</xsd:restriction>
</xsd:simpleType>
 
<!-- Should be a string of length 24 made of ones and zeroes. Each bit represents one hours to make a total of
24 hours. A one (1) signifies that the hour is enabled, whereas a zero indicates disabled. -->
<xsd:simpleType name="HoursType">
<xsd:restriction base="xsd:string">
<xsd:length value="24"></xsd:length>
<xsd:pattern value="[0,1]{24}"></xsd:pattern>
</xsd:restriction>
</xsd:simpleType>
 
<!-- Restrictions Block over -->
 
<!-- Objects Block. Objects will be described here -->
 
<xsd:complexType name="DeviceType">
<xsd:sequence>
<xsd:element name="Name" type="ExpressNameType"></xsd:element>
<xsd:element name="IPAddress" type="IPAddressType"></xsd:element>
<xsd:element name="DeviceGroupName" type="ExpressNameType">
</xsd:element>
<xsd:element name="Secret">
<xsd:complexType>
<xsd:sequence>
<!-- At least one of the following 2 elements must be defined -->
<xsd:element name="Radius" type="ExpressSecretType" minOccurs="0"></xsd:element>
<xsd:element name="Tacacs" type="ExpressSecretType" minOccurs="0"></xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<xsd:complexType name="DeviceGroupType">
<xsd:sequence>
<xsd:element name="Name" type="ExpressNameType"></xsd:element>
<xsd:element name="Description" type="ExpressDescriptionType"
minOccurs="0" maxOccurs="1">
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<!-- status is optional. default is enabled @@ -->
<xsd:complexType name="UserType">
<xsd:sequence>
<xsd:element name="Username">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:pattern value="[\w_\-&#x20;~!@#$%^&amp;*()+={}\[\]|:;&lt;&gt;.?]*"></xsd:pattern>
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="32"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="Description" type="ExpressDescriptionType"
minOccurs="0">
</xsd:element>
<xsd:element name="UserGroupName" type="ExpressNameType">
</xsd:element>
<xsd:element name="Enabled" type="xsd:boolean"></xsd:element>
<xsd:element name="FullName" minOccurs="0">
<xsd:simpleType>
<xsd:restriction base="ExpressStringType">
<xsd:minLength value="1" />
<xsd:maxLength value="32" />
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="Manager" minOccurs="0">
<xsd:simpleType>
<xsd:restriction base="ExpressStringType">
<xsd:minLength value="1" />
<xsd:maxLength value="32" />
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="PhoneNumber" minOccurs="0">
<xsd:simpleType>
<xsd:restriction base="ExpressRawStringType">
<xsd:maxLength value="15" />
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="Email" minOccurs="0">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="75"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="Password">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="Value" type="ExpressPasswordType"></xsd:element>
</xsd:sequence>
<xsd:attribute name="encrypted" type="xsd:boolean "use="required"></xsd:attribute>
</xsd:complexType>
</xsd:element>
<xsd:element name="PasswordNeverExpires" type="xsd:boolean"></xsd:element> <!-- If value for this element is "false", then password expiry will be set to the value provided to the element below -->
<xsd:element name="ExpiryDays" minOccurs="0" maxOccurs="1">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="1"></xsd:minInclusive>
<xsd:maxInclusive value="3650"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<!-- status is optional. default is enabled @@ -->
<xsd:complexType name="UserGroupType">
<xsd:sequence>
<xsd:element name="Name" type="ExpressNameType"></xsd:element>
<xsd:element name="Description" type="ExpressDescriptionType" minOccurs="0" maxOccurs="1"></xsd:element>
<xsd:element name="Enabled" type="xsd:boolean" default="true">
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<xsd:complexType name="ADType">
<xsd:sequence>
<xsd:element name="Domain" type="ExpressExternalDBADDomain" ></xsd:element>
<xsd:element name="Username" type="ExpressExternalDBADUsername"></xsd:element>
<xsd:element name="Password">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="Value" type="ExpressPasswordType"></xsd:element>
</xsd:sequence>
<xsd:attribute name="encrypted" type="xsd:boolean"
use="required">
</xsd:attribute>
</xsd:complexType>
</xsd:element>
<xsd:element name="ContainerToJoin" type="ExpressExternalDBContainerType"
minOccurs="0">
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<!-- notes : im not sure whats required and whats not -->
<xsd:complexType name="LDAPType">
<xsd:sequence>
<xsd:element name="PrimaryHostName" type="ExpressLDAPHostNameOrIP"></xsd:element>
<!-- different reg exp required here -->
<xsd:element name="SecondaryHostName" type="ExpressLDAPHostNameOrIP"
minOccurs="0">
</xsd:element>
<xsd:element name="UseSSL" type="xsd:boolean" default="false"></xsd:element>
<xsd:element name="ServerPort" default="389">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="1"></xsd:minInclusive>
<xsd:maxInclusive value="65535"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="Username" type="ExpressExternalDBType"></xsd:element>
<xsd:element name="Password">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="Value" type="ExpressPasswordType"></xsd:element>
</xsd:sequence>
<xsd:attribute name="encrypted" type="xsd:boolean"
use="required">
</xsd:attribute>
</xsd:complexType>
</xsd:element>
<xsd:element name="ServerTimeout" default="5"><!-- ServerTimeout is specified in seconds -->
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="1"></xsd:minInclusive>
<xsd:maxInclusive value="99999"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="FailbackRetryInterval" default="300">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="1"></xsd:minInclusive>
<xsd:maxInclusive value="99999"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element><!-- FailbackRetryInterval is specified in seconds -->
 
<xsd:element name="UserDirSubtree">
<xsd:simpleType>
<xsd:restriction base="ExpressRawStringType">
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="150"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="UserObjectType" type="ExpressLDAPFilterType" default="uid">
</xsd:element>
<xsd:element name="UserObjectClass" type="ExpressLDAPFilterType" default="Person">
</xsd:element>
<xsd:element name="UserPasswordAttribute" type="ExpressLDAPFilterType" default="userpassword">
</xsd:element>
<xsd:element name="GroupMembershipAttr" default="UniqueMember">
<xsd:simpleType>
<xsd:restriction base="ExpressRawStringType">
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="32"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="UserDN" default="entrydn">
<xsd:simpleType>
<xsd:restriction base="ExpressRawStringType">
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="32"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
 
<xsd:element name="StripDomainName" type="xsd:boolean"></xsd:element>
<xsd:element name="DomainDelimiter" default="@">
<xsd:simpleType>
<xsd:restriction base="ExpressRawStringType">
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="5"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="DomainLocation" default="Suffix">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:pattern value="Prefix|Suffix"></xsd:pattern>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
 
<xsd:element name="GroupDirSubtree">
<xsd:simpleType>
<xsd:restriction base="ExpressRawStringType">
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="150"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="GroupObjectType" type="ExpressLDAPFilterType" default="cn">
</xsd:element>
<xsd:element name="GroupObjectClass" type="ExpressLDAPGroupObjectClassFilterType" default="GroupOfUniqueNames">
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<xsd:complexType name="OTPType">
<xsd:sequence>
<xsd:element name="PrimaryHostIP" type="IPAddressType"></xsd:element>
<xsd:element name="SecondaryHostIP" type="IPAddressType" minOccurs="0"></xsd:element>
<xsd:element name="ServerPort" default="1812">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="0"></xsd:minInclusive>
<xsd:maxInclusive value="65535"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="SharedSecret" type="ExpressSecretType"></xsd:element>
<xsd:element name="MaxRetries" default="3">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="1"></xsd:minInclusive>
<xsd:maxInclusive value="99999"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="ServerTimeout" default="5">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="1"></xsd:minInclusive>
<xsd:maxInclusive value="99999"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="FailbackRetryInterval" default="120">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="1"></xsd:minInclusive>
<xsd:maxInclusive value="99999"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<xsd:complexType name="RadiusAttributeSetType">
<xsd:sequence>
<xsd:element name="Name" type="ExpressNameType"></xsd:element>
<xsd:element name="Description" type="ExpressDescriptionType"
minOccurs="0">
</xsd:element>
<xsd:element name="Attribute" minOccurs="0"
maxOccurs="10">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="Name" type="ExpressNameType"></xsd:element>
<xsd:element name="Value" type="ExpressRawStringType"></xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
 
</xsd:complexType>
 
<xsd:complexType name="TimeOfDayType">
<xsd:sequence>
<xsd:element name="Name" type="ExpressNameType"></xsd:element>
<xsd:element name="Description" type="ExpressDescriptionType"
minOccurs="0">
</xsd:element>
<xsd:element name="DayAndHours">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="monday" type="acs:HoursType" />
<xsd:element name="tuesday"
type="acs:HoursType" />
<xsd:element name="wednesday"
type="acs:HoursType" />
<xsd:element name="thursday"
type="acs:HoursType" />
<xsd:element name="friday" type="acs:HoursType" />
<xsd:element name="saturday"
type="acs:HoursType" />
<xsd:element name="sunday" type="acs:HoursType" />
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<xsd:complexType name="NetworkAccessType">
<xsd:sequence>
<xsd:element name="Name" type="ExpressNapNameType"></xsd:element>
<!-- <xsd:element name="Description" type="ExpressDescriptionType"
minOccurs="0">
</xsd:element> -->
<xsd:element name="Enabled" type="xsd:boolean"></xsd:element>
<xsd:element name="DefaultResponse"
type="ExpressNameType">
</xsd:element>
 
<xsd:element name="SelectionRules">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="DeviceGroups" minOccurs="1" maxOccurs="1">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="DeviceGroupName" minOccurs="1" maxOccurs="unbounded"
type="ExpressNameType">
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="AttributeSet" minOccurs="0" maxOccurs="1" >
<xsd:complexType>
<xsd:sequence>
<xsd:element name="Attribute" minOccurs="1"
maxOccurs="unbounded">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="Name" type="ExpressNameType">
</xsd:element>
<xsd:element name="Value" type="ExpressRawStringType">
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<!-- leap, eap-tls, eap-fast, peap(eap-gtc, eap-mschapv2, eap-tls) -->
<xsd:element name="ProtocolSettings" minOccurs="0" maxOccurs="1">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="LEAP" type="xsd:boolean" minOccurs="0"></xsd:element>
<xsd:element name="EAP-TLS" type="xsd:boolean" minOccurs="0"></xsd:element>
<xsd:element name="EAP-FAST" type="xsd:boolean" minOccurs="0"></xsd:element>
<xsd:element name="PEAP" minOccurs="0">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="EAP-GTC" type="xsd:boolean"></xsd:element>
<xsd:element name="EAP-MSCHAPv2" type="xsd:boolean"></xsd:element>
<xsd:element name="EAP-TLS" type="xsd:boolean"></xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<!-- Add machine authentication related elements here -->
<xsd:element name="AuthDatabase">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="ActiveDirectory"></xsd:enumeration>
<xsd:enumeration value="InternalUserDatabase"></xsd:enumeration>
<xsd:enumeration
value="OneTimePasswordServer">
</xsd:enumeration>
<xsd:enumeration value="LDAPDatabase"></xsd:enumeration>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="AccessRule" minOccurs="0"
maxOccurs="unbounded">
<!-- Default rule will be applied if none of the specified rules match -->
<xsd:complexType>
<xsd:sequence>
<xsd:element name="Enabled"
type="xsd:boolean">
</xsd:element>
<xsd:element name="ExternalGroups" minOccurs="0"
maxOccurs="1">
<xsd:complexType>
<xsd:sequence minOccurs="1"
maxOccurs="unbounded">
<xsd:element name="Group"
type="ExpressGroupFilterType">
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
 
<xsd:element name="TimeOfDay" minOccurs="0"
type="ExpressNameType">
</xsd:element>
<xsd:element name="MachineAccessRestriction">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:pattern
value="Enforced|Exempt">
</xsd:pattern>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="RadiusAttributeSet"
type="ExpressNameType">
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<xsd:complexType name="DeviceAdminType">
<xsd:sequence>
<xsd:element name="AuthDatabase">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="Internal User Database"></xsd:enumeration>
<xsd:enumeration value="Active Directory"></xsd:enumeration>
<xsd:enumeration value="LDAP Database"></xsd:enumeration>
<xsd:enumeration value="One Time Password Server"></xsd:enumeration>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="DefaultResponse">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:pattern
value="deny|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15">
</xsd:pattern>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<!-- IdleTimeout -->
<xsd:element name="IdleTimeout" minOccurs="0" maxOccurs="1">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="0"></xsd:minInclusive>
<xsd:maxInclusive value="9999"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="SessionTimeout" minOccurs="0" maxOccurs="1">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="0"></xsd:minInclusive>
<xsd:maxInclusive value="9999"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="AccessRule" minOccurs="0" maxOccurs="unbounded">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="Enabled"
type="xsd:boolean">
</xsd:element>
<xsd:element name="ExternalGroups" minOccurs="0" maxOccurs="1">
<xsd:complexType>
<xsd:sequence minOccurs="1"
maxOccurs="unbounded">
<xsd:element name="Group" type="ExpressGroupFilterType"></xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="DeviceGroupName" type="ExpressNameType" minOccurs="1" maxOccurs="1"></xsd:element>
<xsd:element name="TimeOfDay" type="ExpressNameType" minOccurs="0"></xsd:element>
<xsd:element name="EnablePrivilege">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:pattern
value="deny|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15">
</xsd:pattern>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<xsd:complexType name="PEAPType">
<xsd:sequence>
<!-- General session timeout value is specified in minutes -->
<xsd:element name="SessionCacheTimeout" default="120">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="5"></xsd:minInclusive>
<xsd:maxInclusive value="99999"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="EnableSessionCache" type="xsd:boolean"
default="true">
</xsd:element>
<xsd:element name="EnableFastReconnect" type="xsd:boolean"
default="true">
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<xsd:complexType name="EAPFASTType">
<xsd:sequence>
<xsd:element name="AuthorityIdentifier" type="ExpressAuthorityIdentifierType"></xsd:element>
<xsd:element name="TunnelPACTTLValue" default="1">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="1"></xsd:minInclusive>
<xsd:maxInclusive value="99999"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="TunnelPACTTLUnits" default="Weeks">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:pattern value="Minutes|Hours|Days|Weeks"></xsd:pattern>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<xsd:complexType name="EAPTLSType">
<xsd:sequence>
<!-- General session timeout value is specified in minutes -->
<xsd:element name="SessionCacheTimeout" default="120">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="5"></xsd:minInclusive>
<xsd:maxInclusive value="99999"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="EnableSessionCache" type="xsd:boolean"
default="true">
</xsd:element>
<xsd:element name="SAN" type="xsd:boolean" default="true"></xsd:element>
<xsd:element name="CN" type="xsd:boolean" default="true"></xsd:element>
<xsd:element name="Binary" type="xsd:boolean"
default="true">
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<xsd:complexType name="UserPasswordPolicyType">
<xsd:sequence>
<xsd:element name="Lowercase" type="xsd:boolean"></xsd:element>
<xsd:element name="Uppercase" type="xsd:boolean"></xsd:element>
<xsd:element name="Numbers" type="xsd:boolean"></xsd:element>
<xsd:element name="SpecialCharacters" type="xsd:boolean"></xsd:element>
<xsd:element name="DisallowCharacterRepetition" type="xsd:boolean"></xsd:element>
<xsd:element name="MinLength">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="1"></xsd:minInclusive>
<xsd:maxInclusive value="15"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="DisallowUsername" type="xsd:boolean"></xsd:element>
<xsd:element name="DisallowPasswordResuse"
type="xsd:boolean">
</xsd:element>
<xsd:element name="NeverLockout" type="xsd:boolean"></xsd:element>
<xsd:element name="NoOfInvalidLogins">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="1"></xsd:minInclusive>
<xsd:maxInclusive value="999"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<!-- Objects block over -->
 
<xsd:complexType name="ConfigType">
<xsd:sequence>
<xsd:element name="DeviceGroups" minOccurs="0">
<xsd:complexType>
<xsd:sequence minOccurs="0" maxOccurs="unbounded">
<xsd:element name="DeviceGroup"
type="DeviceGroupType">
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="Devices" minOccurs="0">
<xsd:complexType>
<xsd:sequence minOccurs="0" maxOccurs="unbounded">
<xsd:element name="Device" type="DeviceType"></xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="UserGroups" minOccurs="0">
<xsd:complexType>
<xsd:sequence minOccurs="0" maxOccurs="unbounded">
<xsd:element name="UserGroup"
type="UserGroupType">
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="UserPasswordPolicy"
minOccurs="0" maxOccurs="1" type="UserPasswordPolicyType">
</xsd:element>
<xsd:element name="Users" minOccurs="0">
<xsd:complexType>
<xsd:sequence minOccurs="0" maxOccurs="unbounded">
<xsd:element name="User" type="UserType"></xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="ExternalDBActiveDirectory" minOccurs="0">
<xsd:complexType>
<xsd:sequence minOccurs="0" maxOccurs="1">
<xsd:element name="AD" type="ADType"></xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="ExternalDBLDAP" minOccurs="0">
<xsd:complexType>
<xsd:sequence minOccurs="0" maxOccurs="1">
<xsd:element name="LDAP" type="LDAPType"></xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="ExternalDBOTP" minOccurs="0">
<xsd:complexType>
<xsd:sequence minOccurs="0" maxOccurs="1">
<xsd:element name="OTP" type="OTPType"></xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
 
<xsd:element name="Policies" minOccurs="0">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="RadiusAttributeSets"
minOccurs="0">
<xsd:complexType>
<xsd:sequence minOccurs="0"
maxOccurs="unbounded">
<xsd:element
name="RadiusAttributeSet" type="RadiusAttributeSetType">
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
 
<xsd:element name="TimeOfDays" minOccurs="0">
<xsd:complexType>
<xsd:sequence minOccurs="0"
maxOccurs="unbounded">
<xsd:element name="TimeOfDay"
type="TimeOfDayType">
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
 
<xsd:element name="NetworkAccess"
minOccurs="0">
<xsd:complexType>
<xsd:sequence minOccurs="0" maxOccurs="unbounded">
<xsd:element name="NetworkAccessItem" type="NetworkAccessType" />
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="DeviceAccess"
minOccurs="0">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="DeviceAdministration" type="DeviceAdminType" minOccurs="0" maxOccurs="1" />
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<xsd:complexType name="AdministrationType">
<xsd:sequence>
<xsd:element name="EAPSettings" minOccurs="0">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="PEAP" type="PEAPType"></xsd:element>
<xsd:element name="EAPFAST" type="EAPFASTType"></xsd:element>
<xsd:element name="EAPTLS" type="EAPTLSType"></xsd:element>
<xsd:element name="MARSessionCacheTimeout" default="480">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="5"></xsd:minInclusive>
<xsd:maxInclusive value="99999"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="LoginSettings" minOccurs="0">
<xsd:complexType>
<xsd:sequence>
<!-- Idle session timeout is mentioned in minutes -->
<xsd:element name="IdleSessionTimeout" default="30">
<xsd:simpleType>
<xsd:restriction base="xsd:integer">
<xsd:minInclusive value="10"></xsd:minInclusive>
<xsd:maxInclusive value="1440"></xsd:maxInclusive>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="LoginWelcomeMessage" minOccurs="0">
<xsd:simpleType>
<xsd:restriction base="ExpressStringType">
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="50"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="EmailHelp" minOccurs="0">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:minLength value="1"></xsd:minLength>
<xsd:maxLength value="64"></xsd:maxLength>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<!-- versioning...look at targetnamspace -->
<xsd:element name="ACSExpress">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="Configuration" type="ConfigType"
minOccurs="0">
</xsd:element>
<xsd:element name="Administration"
type="AdministrationType" minOccurs="0">
</xsd:element>
</xsd:sequence>
</xsd:complexType>
 
<!-- key constraint to check for unique Device Group -->
<xsd:key name="UniqueDeviceGroup">
<xsd:selector
xpath="./Configuration/DeviceGroups/DeviceGroup">
</xsd:selector>
<xsd:field xpath="Name"></xsd:field>
</xsd:key>
<!-- key constraint to check for unique Device -->
<xsd:key name="UniqueDevice">
<xsd:selector xpath="./Configuration/Devices/Device"></xsd:selector>
<xsd:field xpath="Name"></xsd:field>
</xsd:key>
<!-- key constraint to check for unique Device IP Address -->
<xsd:key name="UniqueIPAddress">
<xsd:selector xpath="./Configuration/Devices/Device"></xsd:selector>
<xsd:field xpath="IPAddress"></xsd:field>
</xsd:key>
<!-- key constraint to check for unique username for User -->
<xsd:key name="UniqueUser">
<xsd:selector xpath="./Configuration/Users/User"></xsd:selector>
<xsd:field xpath="Username"></xsd:field>
</xsd:key>
<!-- key constraint to check for unique name for User Group -->
<xsd:key name="UniqueUserGroup">
<xsd:selector
xpath="./Configuration/UserGroups/UserGroup">
</xsd:selector>
<xsd:field xpath="Name"></xsd:field>
</xsd:key>
<!-- key constraint to check for unique Radius Attribute Set -->
<xsd:key name="UniqueRadiusAttrSet">
<xsd:selector
xpath="./Configuration/Policies/RadiusAttributeSet">
</xsd:selector>
<xsd:field xpath="Name"></xsd:field>
</xsd:key>
<!-- key constraint to check for unique Time Of Day -->
<xsd:key name="UniqueTimeOfDay">
<xsd:selector xpath="./Configuration/Policies/TimeOfDay"></xsd:selector>
<xsd:field xpath="Name"></xsd:field>
</xsd:key>
<!-- key constraint to check for unique Time Of Day
<xsd:key name="UniqueNetworkAccessService">
<xsd:selector
xpath="./Configuration/Policies/NetworkAccess/NetworkAccessItem">
</xsd:selector>
<xsd:field xpath="Name"></xsd:field>
</xsd:key>
-->
</xsd:element>
 
</xsd:schema>