Update schema pack to 2022.3
Update scripts/update_schemas.py to point at 2022.3 and run.
Schema pack 2022.3 is the latest Redfish release, released 01/23/2023.
It contains several new schemas and support for Multi-factor
Authentication and CXL support along other things.
Update done by automation.
Tested: Redfish service validator passes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I55a64d7cda26572e7b75135acc324cb44d316fe6
diff --git a/static/redfish/v1/schema/AccountService_v1.xml b/static/redfish/v1/schema/AccountService_v1.xml
index c90691a..e2dd2e0 100644
--- a/static/redfish/v1/schema/AccountService_v1.xml
+++ b/static/redfish/v1/schema/AccountService_v1.xml
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!---->
<!--################################################################################ -->
-<!--# Redfish Schema: AccountService v1.11.1 -->
+<!--# Redfish Schema: AccountService v1.12.0 -->
<!--# -->
<!--# For a detailed change log, see the README file contained in the DSP8010 bundle, -->
<!--# available at http://www.dmtf.org/standards/redfish -->
@@ -81,6 +81,47 @@
</Collection>
</Annotation>
</EntityType>
+
+ <ComplexType Name="MFABypass" Abstract="true">
+ <Annotation Term="OData.AdditionalProperties" Bool="false"/>
+ <Annotation Term="OData.Description" String="Multi-factor authentication bypass settings."/>
+ <Annotation Term="OData.LongDescription" String="This type shall contain multi-factor authentication bypass settings."/>
+ </ComplexType>
+
+ <EnumType Name="MFABypassType">
+ <Annotation Term="Redfish.Revisions">
+ <Collection>
+ <Record>
+ <PropertyValue Property="Kind" EnumMember="Redfish.RevisionKind/Added"/>
+ <PropertyValue Property="Version" String="v1_12_0"/>
+ </Record>
+ </Collection>
+ </Annotation>
+ <Member Name="All">
+ <Annotation Term="OData.Description" String="Bypass all multi-factor authentication types."/>
+ <Annotation Term="OData.LongDescription" String="This value shall indicate an account or role mapping can bypass all multi-factor authentication types including OEM-defined types."/>
+ </Member>
+ <Member Name="SecurID">
+ <Annotation Term="OData.Description" String="Bypass RSA SecurID."/>
+ <Annotation Term="OData.LongDescription" String="This value shall indicate an account or role mapping can bypass RSA SecurID."/>
+ </Member>
+ <Member Name="GoogleAuthenticator">
+ <Annotation Term="OData.Description" String="Bypass Google Authenticator."/>
+ <Annotation Term="OData.LongDescription" String="This value shall indicate an account or role mapping can bypass Google Authenticator."/>
+ </Member>
+ <Member Name="MicrosoftAuthenticator">
+ <Annotation Term="OData.Description" String="Bypass Microsoft Authenticator."/>
+ <Annotation Term="OData.LongDescription" String="This value shall indicate an account or role mapping can bypass Microsoft Authenticator."/>
+ </Member>
+ <Member Name="ClientCertificate">
+ <Annotation Term="OData.Description" String="Bypass client certificate authentication."/>
+ <Annotation Term="OData.LongDescription" String="This value shall indicate an account or role mapping can bypass client certificate authentication."/>
+ </Member>
+ <Member Name="OEM">
+ <Annotation Term="OData.Description" String="Bypass OEM-defined multi-factor authentication."/>
+ <Annotation Term="OData.LongDescription" String="This value shall indicate an account or role mapping can bypass OEM-defined multi-factor authentication."/>
+ </Member>
+ </EnumType>
</Schema>
<Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_0_0">
@@ -533,17 +574,17 @@
<Annotation Term="OData.LongDescription" String="This property shall contain the user name for this service."/>
</Property>
<Property Name="Password" Type="Edm.String">
- <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Write"/>
<Annotation Term="OData.Description" String="The password for this service. A PATCH or PUT request writes the password. This property is `null` in responses."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the password for this service. A PATCH or PUT operation writes the password. The value shall be `null` in responses."/>
</Property>
<Property Name="Token" Type="Edm.String">
- <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Write"/>
<Annotation Term="OData.Description" String="The token for this service. A PATCH or PUT operation writes the token. This property is `null` in responses."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the token for this service. A PATCH or PUT operation writes the token. The value shall be `null` in responses."/>
</Property>
<Property Name="KerberosKeytab" Type="Edm.String">
- <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Write"/>
<Annotation Term="OData.Description" String="The Base64-encoded version of the Kerberos keytab for this service. A PATCH or PUT operation writes the keytab. This property is `null` in responses."/>
<Annotation Term="OData.LongDescription" String="This property shall contain a Base64-encoded version of the Kerberos keytab for this service. A PATCH or PUT operation writes the keytab. The value shall be `null` in responses."/>
</Property>
@@ -685,6 +726,12 @@
<EntityType Name="AccountService" BaseType="AccountService.v1_3_8.AccountService"/>
</Schema>
+ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_3_10">
+ <Annotation Term="Redfish.OwningEntity" String="DMTF"/>
+ <Annotation Term="OData.Description" String="This version was created to mark properties with values containing sensitive data as write-only."/>
+ <EntityType Name="AccountService" BaseType="AccountService.v1_3_9.AccountService"/>
+ </Schema>
+
<Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_4_0">
<Annotation Term="Redfish.OwningEntity" String="DMTF"/>
<Annotation Term="Redfish.Release" String="2018.3"/>
@@ -743,6 +790,12 @@
<EntityType Name="AccountService" BaseType="AccountService.v1_4_6.AccountService"/>
</Schema>
+ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_4_8">
+ <Annotation Term="Redfish.OwningEntity" String="DMTF"/>
+ <Annotation Term="OData.Description" String="This version was created to mark properties with values containing sensitive data as write-only."/>
+ <EntityType Name="AccountService" BaseType="AccountService.v1_4_7.AccountService"/>
+ </Schema>
+
<Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_5_0">
<Annotation Term="Redfish.OwningEntity" String="DMTF"/>
<Annotation Term="Redfish.Release" String="2019.1"/>
@@ -793,6 +846,12 @@
<EntityType Name="AccountService" BaseType="AccountService.v1_5_5.AccountService"/>
</Schema>
+ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_5_7">
+ <Annotation Term="Redfish.OwningEntity" String="DMTF"/>
+ <Annotation Term="OData.Description" String="This version was created to mark properties with values containing sensitive data as write-only."/>
+ <EntityType Name="AccountService" BaseType="AccountService.v1_5_6.AccountService"/>
+ </Schema>
+
<Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_6_0">
<Annotation Term="Redfish.OwningEntity" String="DMTF"/>
<Annotation Term="Redfish.Release" String="2019.2"/>
@@ -831,6 +890,12 @@
<EntityType Name="AccountService" BaseType="AccountService.v1_6_4.AccountService"/>
</Schema>
+ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_6_6">
+ <Annotation Term="Redfish.OwningEntity" String="DMTF"/>
+ <Annotation Term="OData.Description" String="This version was created to mark properties with values containing sensitive data as write-only."/>
+ <EntityType Name="AccountService" BaseType="AccountService.v1_6_5.AccountService"/>
+ </Schema>
+
<Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_7_0">
<Annotation Term="Redfish.OwningEntity" String="DMTF"/>
<Annotation Term="Redfish.Release" String="2019.4"/>
@@ -876,6 +941,12 @@
<EntityType Name="AccountService" BaseType="AccountService.v1_7_4.AccountService"/>
</Schema>
+ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_7_6">
+ <Annotation Term="Redfish.OwningEntity" String="DMTF"/>
+ <Annotation Term="OData.Description" String="This version was created to mark properties with values containing sensitive data as write-only."/>
+ <EntityType Name="AccountService" BaseType="AccountService.v1_7_5.AccountService"/>
+ </Schema>
+
<Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_8_0">
<Annotation Term="Redfish.Release" String="2020.4"/>
<Annotation Term="Redfish.OwningEntity" String="DMTF"/>
@@ -923,7 +994,7 @@
<ComplexType Name="Authentication" BaseType="AccountService.v1_3_0.Authentication">
<Property Name="EncryptionKey" Type="Edm.String">
- <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Write"/>
<Annotation Term="OData.Description" String="Specifies the encryption key."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the value of a symmetric encryption key for account services that support some form of encryption, obfuscation, or authentication such as TACACS+. The value shall be `null` in responses. The property shall accept a hexadecimal string whose length depends on the external account service, such as TACACS+. A TACACS+ service shall use this property to specify the secret key as defined in RFC8907."/>
<Annotation Term="Validation.Pattern" String="^[0-9a-fA-F]+$"/>
@@ -987,6 +1058,12 @@
<EntityType Name="AccountService" BaseType="AccountService.v1_8_1.AccountService"/>
</Schema>
+ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_8_3">
+ <Annotation Term="Redfish.OwningEntity" String="DMTF"/>
+ <Annotation Term="OData.Description" String="This version was created to mark properties with values containing sensitive data as write-only."/>
+ <EntityType Name="AccountService" BaseType="AccountService.v1_8_2.AccountService"/>
+ </Schema>
+
<Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_9_0">
<Annotation Term="Redfish.Release" String="2021.1"/>
<Annotation Term="Redfish.OwningEntity" String="DMTF"/>
@@ -1007,6 +1084,12 @@
<EntityType Name="AccountService" BaseType="AccountService.v1_9_0.AccountService"/>
</Schema>
+ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_9_2">
+ <Annotation Term="Redfish.OwningEntity" String="DMTF"/>
+ <Annotation Term="OData.Description" String="This version was created to mark properties with values containing sensitive data as write-only."/>
+ <EntityType Name="AccountService" BaseType="AccountService.v1_9_0.AccountService"/>
+ </Schema>
+
<Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_10_0">
<Annotation Term="Redfish.OwningEntity" String="DMTF"/>
<Annotation Term="Redfish.Release" String="2021.2"/>
@@ -1047,7 +1130,7 @@
<Property Name="OAuthServiceSigningKeys" Type="Edm.String">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
<Annotation Term="OData.Description" String="The Base64-encoded signing keys of the issuer of the OAuth 2.0 service. Clients should configure this property if Mode contains `Offline`."/>
- <Annotation Term="OData.LongDescription" String="This property shall contain a Base64-encoded string of the RFC7517-defined signing keys of the issuer of the OAuth 2.0 service. If the Mode property contains the value `Discovery`, this property shall contain the keys found at the URI specified by the `jwks_uri` string from the OAuth 2.0 service's metadata and this property shall be read-only. Clients should configure this property if Mode contains `Offline`."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain a Base64-encoded string of the RFC7517-defined signing keys of the issuer of the OAuth 2.0 service. Services shall verify the token provided in the `Authorization` header of the request with the value of this property. If the Mode property contains the value `Discovery`, this property shall contain the keys found at the URI specified by the `jwks_uri` string from the OAuth 2.0 service's metadata and this property shall be read-only. Clients should configure this property if Mode contains `Offline`."/>
</Property>
</ComplexType>
@@ -1069,6 +1152,18 @@
<EntityType Name="AccountService" BaseType="AccountService.v1_10_0.AccountService"/>
</Schema>
+ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_10_2">
+ <Annotation Term="Redfish.OwningEntity" String="DMTF"/>
+ <Annotation Term="OData.Description" String="This version was created to clarify the usage of OAuthServiceSigningKeys with token validation."/>
+ <EntityType Name="AccountService" BaseType="AccountService.v1_10_1.AccountService"/>
+ </Schema>
+
+ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_10_3">
+ <Annotation Term="Redfish.OwningEntity" String="DMTF"/>
+ <Annotation Term="OData.Description" String="This version was created to mark properties with values containing sensitive data as write-only."/>
+ <EntityType Name="AccountService" BaseType="AccountService.v1_10_2.AccountService"/>
+ </Schema>
+
<Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_11_0">
<Annotation Term="Redfish.OwningEntity" String="DMTF"/>
<Annotation Term="Redfish.Release" String="2022.1"/>
@@ -1090,5 +1185,188 @@
<EntityType Name="AccountService" BaseType="AccountService.v1_11_0.AccountService"/>
</Schema>
+ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_11_2">
+ <Annotation Term="Redfish.OwningEntity" String="DMTF"/>
+ <Annotation Term="OData.Description" String="This version was created to clarify the usage of OAuthServiceSigningKeys with token validation."/>
+ <EntityType Name="AccountService" BaseType="AccountService.v1_11_1.AccountService"/>
+ </Schema>
+
+ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_11_3">
+ <Annotation Term="Redfish.OwningEntity" String="DMTF"/>
+ <Annotation Term="OData.Description" String="This version was created to mark properties with values containing sensitive data as write-only."/>
+ <EntityType Name="AccountService" BaseType="AccountService.v1_11_2.AccountService"/>
+ </Schema>
+
+ <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="AccountService.v1_12_0">
+ <Annotation Term="Redfish.OwningEntity" String="DMTF"/>
+ <Annotation Term="Redfish.Release" String="2022.3"/>
+
+ <EntityType Name="AccountService" BaseType="AccountService.v1_11_3.AccountService">
+ <Property Name="MultiFactorAuth" Type="AccountService.v1_12_0.MultiFactorAuth">
+ <Annotation Term="OData.Description" String="The multi-factor authentication settings that this account service supports."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain the multi-factor authentication settings that this account service supports."/>
+ </Property>
+ </EntityType>
+
+ <ComplexType Name="MultiFactorAuth">
+ <Annotation Term="OData.AdditionalProperties" Bool="false"/>
+ <Annotation Term="OData.Description" String="Multi-factor authentication settings."/>
+ <Annotation Term="OData.LongDescription" String="This type shall contain multi-factor authentication settings."/>
+ <Property Name="SecurID" Type="AccountService.v1_12_0.SecurID">
+ <Annotation Term="OData.Description" String="The settings related to RSA SecurID multi-factor authentication."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain the settings related to RSA SecurID multi-factor authentication."/>
+ </Property>
+ <Property Name="GoogleAuthenticator" Type="AccountService.v1_12_0.GoogleAuthenticator">
+ <Annotation Term="OData.Description" String="The settings related to Google Authenticator multi-factor authentication."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain the settings related to Google Authenticator multi-factor authentication."/>
+ </Property>
+ <Property Name="MicrosoftAuthenticator" Type="AccountService.v1_12_0.MicrosoftAuthenticator">
+ <Annotation Term="OData.Description" String="The settings related to Microsoft Authenticator multi-factor authentication."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain the settings related to Microsoft Authenticator multi-factor authentication."/>
+ </Property>
+ <Property Name="ClientCertificate" Type="AccountService.v1_12_0.ClientCertificate">
+ <Annotation Term="OData.Description" String="The settings related to client certificate authentication schemes such as mTLS or CAC/PIV."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain the settings related to client certificate authentication."/>
+ </Property>
+ </ComplexType>
+
+ <ComplexType Name="SecurID">
+ <Annotation Term="OData.AdditionalProperties" Bool="false"/>
+ <Annotation Term="OData.Description" String="Various settings for RSA SecurID multi-factor authentication."/>
+ <Annotation Term="OData.LongDescription" String="This type shall contain settings for RSA SecurID multi-factor authentication."/>
+ <Property Name="Enabled" Type="Edm.Boolean">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Description" String="An indication of whether multi-factor authentication with RSA SecurID is enabled."/>
+ <Annotation Term="OData.LongDescription" String="This property shall indicate whether multi-factor authentication with RSA SecurID is enabled."/>
+ </Property>
+ <Property Name="ServerURI" Type="Edm.String">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Description" String="The URI of the RSA SecurID server."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain the URI of the RSA SecurID server."/>
+ <Annotation Term="OData.IsURL"/>
+ </Property>
+ <Property Name="ClientId" Type="Edm.String">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Description" String="The client ID to use when communicating with the RSA SecurID server."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain the client ID to use when communication with the RSA SecurID server."/>
+ </Property>
+ <Property Name="ClientSecret" Type="Edm.String">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Description" String="The client secret to use when communicating with the RSA SecurID server. This property is `null` in responses."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain the client secret to use when communication with the RSA SecurID server. The value shall be `null` in responses."/>
+ </Property>
+ <Property Name="ClientSecretSet" Type="Edm.Boolean" Nullable="false">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
+ <Annotation Term="OData.Description" String="Indicates if the ClientSecret property is set."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain `true` if a valid value was provided for the ClientSecret property. Otherwise, the property shall contain `false`."/>
+ </Property>
+ <NavigationProperty Name="Certificates" Type="CertificateCollection.CertificateCollection" ContainsTarget="true" Nullable="false">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
+ <Annotation Term="OData.Description" String="The link to a collection of server certificates for the RSA SecurID server referenced by the ServerURI property."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain a link to a resource collection of type CertificateCollection that represent the server certificates for the RSA SecurID server referenced by the ServerURI property. Regardless of the contents of this collection, services may perform additional verification based on other factors, such as the configuration of the SecurityPolicy resource."/>
+ <Annotation Term="OData.AutoExpandReferences"/>
+ </NavigationProperty>
+ </ComplexType>
+
+ <ComplexType Name="GoogleAuthenticator">
+ <Annotation Term="OData.AdditionalProperties" Bool="false"/>
+ <Annotation Term="OData.Description" String="Various settings for Google Authenticator multi-factor authentication."/>
+ <Annotation Term="OData.LongDescription" String="This type shall contain settings for Google Authenticator multi-factor authentication."/>
+ <Property Name="Enabled" Type="Edm.Boolean">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Description" String="An indication of whether multi-factor authentication with Google Authenticator is enabled."/>
+ <Annotation Term="OData.LongDescription" String="This property shall indicate whether multi-factor authentication with Google Authenticator is enabled."/>
+ </Property>
+ <Property Name="SecretKey" Type="Edm.String">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Description" String="The secret key to use when communicating with the Google Authenticator server. This property is `null` in responses."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain the client key to use when communication with the Google Authenticator Server. The value shall be `null` in responses."/>
+ </Property>
+ <Property Name="SecretKeySet" Type="Edm.Boolean" Nullable="false">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
+ <Annotation Term="OData.Description" String="Indicates if the SecretKey property is set."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain `true` if a valid value was provided for the SecretKey property. Otherwise, the property shall contain `false`."/>
+ </Property>
+ </ComplexType>
+
+ <ComplexType Name="MicrosoftAuthenticator">
+ <Annotation Term="OData.AdditionalProperties" Bool="false"/>
+ <Annotation Term="OData.Description" String="Various settings for Microsoft Authenticator multi-factor authentication."/>
+ <Annotation Term="OData.LongDescription" String="This type shall contain settings for Microsoft Authenticator multi-factor authentication."/>
+ <Property Name="Enabled" Type="Edm.Boolean">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Description" String="An indication of whether multi-factor authentication with Microsoft Authenticator is enabled."/>
+ <Annotation Term="OData.LongDescription" String="This property shall indicate whether multi-factor authentication with Microsoft Authenticator is enabled."/>
+ </Property>
+ <Property Name="SecretKey" Type="Edm.String">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Description" String="The secret key to use when communicating with the Microsoft Authenticator server. This property is `null` in responses."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain the client key to use when communication with the Microsoft Authenticator server. The value shall be `null` in responses."/>
+ </Property>
+ <Property Name="SecretKeySet" Type="Edm.Boolean" Nullable="false">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
+ <Annotation Term="OData.Description" String="Indicates if the SecretKey property is set."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain `true` if a valid value was provided for the SecretKey property. Otherwise, the property shall contain `false`."/>
+ </Property>
+ </ComplexType>
+
+ <ComplexType Name="ClientCertificate">
+ <Annotation Term="OData.AdditionalProperties" Bool="false"/>
+ <Annotation Term="OData.Description" String="Various settings for client certificate authentication such as mTLS or CAC/PIV."/>
+ <Annotation Term="OData.LongDescription" String="This type shall contain settings for client certificate authentication."/>
+ <Property Name="Enabled" Type="Edm.Boolean">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Description" String="An indication of whether client certificate authentication is enabled."/>
+ <Annotation Term="OData.LongDescription" String="This property shall indicate whether client certificate authentication is enabled."/>
+ </Property>
+ <Property Name="RespondToUnauthenticatedClients" Type="Edm.Boolean">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Description" String="An indication of whether the service responds to clients that do not successfully authenticate."/>
+ <Annotation Term="OData.LongDescription" String="This property shall indicate whether the service responds to clients that do not successfully authenticate. If this property is not supported by the service, it shall be assumed to be `true`. See the 'Client certificate authentication' clause in the Redfish Specification."/>
+ </Property>
+ <Property Name="CertificateMappingAttribute" Type="AccountService.v1_12_0.CertificateMappingAttribute">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Description" String="The client certificate attribute to map to a user."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain the client certificate attribute to map to a user."/>
+ </Property>
+ <NavigationProperty Name="Certificates" Type="CertificateCollection.CertificateCollection" ContainsTarget="true" Nullable="false">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
+ <Annotation Term="OData.Description" String="The link to a collection of CA certificates used to validate client certificates."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain a link to a resource collection of type CertificateCollection that represents the CA certificates used to validate client certificates during TLS handshaking. Regardless of the contents of this collection, services may perform additional verification based on other factors, such as the configuration of the SecurityPolicy resource. If the service supports the RevokedCertificates or TrustedCertificates properties within the Client property within TLS property of the SecurityPolicy resource, the service shall verify the provided client certificate with the SecurityPolicy resource prior to verifying it with this collection."/>
+ <Annotation Term="OData.AutoExpandReferences"/>
+ </NavigationProperty>
+ </ComplexType>
+
+ <EnumType Name="CertificateMappingAttribute">
+ <Member Name="Whole">
+ <Annotation Term="OData.Description" String="Match the whole certificate."/>
+ <Annotation Term="OData.LongDescription" String="This value shall indicate the service matches the entire certificate with a Certificate resource subordinate to a ManagerAccount resource or the entire certificate matches the appropriate field from an external account provider."/>
+ </Member>
+ <Member Name="CommonName">
+ <Annotation Term="OData.Description" String="Match the Common Name (CN) field in the provided certificate to the username."/>
+ <Annotation Term="OData.LongDescription" String="This value shall indicate the service matches the RFC5280-defined 'commonName' attribute in the provided certificate to the UserName property in a ManagerAccount resource or the appropriate field from an external account provider."/>
+ </Member>
+ <Member Name="UserPrincipalName">
+ <Annotation Term="OData.Description" String="Match the User Principal Name (UPN) field in the provided certificate to the username."/>
+ <Annotation Term="OData.LongDescription" String="This value shall indicate the service matches the User Principal Name (UPN) field in the provided certificate to the UserName property in a ManagerAccount resource or the appropriate field from an external account provider."/>
+ </Member>
+ </EnumType>
+
+ <ComplexType Name="RoleMapping" BaseType="AccountService.v1_3_0.RoleMapping">
+ <Property Name="MFABypass" Type="AccountService.MFABypass">
+ <Annotation Term="OData.Description" String="The multi-factor authentication bypass settings."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain the multi-factor authentication bypass settings."/>
+ </Property>
+ </ComplexType>
+
+ <ComplexType Name="MFABypass" BaseType="AccountService.MFABypass">
+ <Property Name="BypassTypes" Type="Collection(AccountService.MFABypassType)">
+ <Annotation Term="OData.Permissions" EnumMember="OData.Permission/ReadWrite"/>
+ <Annotation Term="OData.Description" String="The types of multi-factor authentication this account or role mapping is allowed to bypass."/>
+ <Annotation Term="OData.LongDescription" String="This property shall contain the types of multi-factor authentication this account or role mapping is allowed to bypass. An empty array shall indicate this account or role mapping cannot bypass any multi-factor authentication types that are currently enabled."/>
+ </Property>
+ </ComplexType>
+ </Schema>
+
</edmx:DataServices>
</edmx:Edmx>