/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
 *
 * The contents of this file are subject to the terms
 * of the Common Development and Distribution License
 * (the License). You may not use this file except in
 * compliance with the License.
 *
 * You can obtain a copy of the License at
 * https://opensso.dev.java.net/public/CDDLv1.0.html or
 * opensso/legal/CDDLv1.0.txt
 * See the License for the specific language governing
 * permission and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL
 * Header Notice in each file and include the License file
 * at opensso/legal/CDDLv1.0.txt.
 * If applicable, add the following below the CDDL Header,
 * with the fields enclosed by brackets [] replaced by
 * your own identifying information:
 * "Portions Copyrighted [year] [name of copyright owner]"
 *
 * $Id: SAML2Constants.java,v 1.44 2009/11/24 21:53:02 madan_ranganath Exp $
 *
 * Portions Copyrighted 2010-2015 ForgeRock AS.
 */
package com.sun.identity.saml2.common;

import com.sun.identity.cot.COTConstants;

/**
 * This interface defines constants common to all SAMLv2 elements.
 *
 * @supported.all.api
 */
public interface SAML2Constants {

    /**
     * XML name space URI
     */
    public String NS_XML = "http://www.w3.org/2000/xmlns/";
    
    /**
     * String used to declare SAMLv2 assertion namespace prefix.
     */
    public String ASSERTION_PREFIX = "saml:";
    
    /**
     * String used to declare SAMLv2 assertion namespace.
     */
    public String ASSERTION_DECLARE_STR =
    " xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"";
    
    /**
     * SAMLv2 assertion namespace URI.
     */
    public String ASSERTION_NAMESPACE_URI =
    "urn:oasis:names:tc:SAML:2.0:assertion";
    
    /**
     * Default namespace attribute for <code>Action</code>.
     */
    public String ACTION_NAMESPACE_NEGATION =
    "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation";
    
    /**
     * String used to declare SAMLv2 protocol namespace prefix.
     */
    public String PROTOCOL_PREFIX = "samlp:";
    
    /**
     * String used to declare SAMLv2 protocol namespace.
     */
    public String PROTOCOL_NAMESPACE = "urn:oasis:names:tc:SAML:2.0:protocol";
    
    /**
     * String used to declare SAMLv2 protocol namespace.
     */
    public String PROTOCOL_DECLARE_STR =
                " xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"";
    
    /**
     * String used to represent HTTP Redirect Binding.
     */
    public String HTTP_REDIRECT =
                "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";

    /**
     * String used to represent SOAP Binding.
     */
    public String SOAP =
                "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";

    /**
     * String used to represent PAOS Binding.
     */
    public static final String PAOS =
                "urn:oasis:names:tc:SAML:2.0:bindings:PAOS";

    /**
     * String used to represent HTTP POST Binding.
     */
    public String HTTP_POST =
                "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";

    /**
     * String used to represent HTTP ARTIFACT Binding.
     */
    public String HTTP_ARTIFACT =
                "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact";

    /**
     * String used to represent URI Binding.
     */
    public String URI =
                "urn:oasis:names:tc:SAML:2.0:bindings:URI";

    /**
     * String to represent Name Identifier Format name space
     */
    public String NAMEID_FORMAT_NAMESPACE=
                "urn:oasis:names:tc:SAML:2.0:nameid-format:";

    /**
     * String to represent Name Identifier Format name space
     * version 1.1
     */
    public static final String NAMEID_FORMAT_NAMESPACE_V_1_1=
          "urn:oasis:names:tc:SAML:1.1:nameid-format:";

    /**
     * String to represent Encrypted Format Name Identifier
     */
    public String ENCRYPTED =
                NAMEID_FORMAT_NAMESPACE + "encrypted";


    /**
     * String to represent Persitent Name Identifier
     */
    public String PERSISTENT =
                NAMEID_FORMAT_NAMESPACE + "persistent";
    
    /**
     * String to represent Unspecified Name Identifier
     */
    public String UNSPECIFIED =
        NAMEID_FORMAT_NAMESPACE_V_1_1 + "unspecified";
  
    /**
     * String to represent Email Address Name Identifier
     */
    public String EMAIL_ADDRESS =
        NAMEID_FORMAT_NAMESPACE_V_1_1 + "emailAddress";

    /**
     * String to represent Entity Name Identifier
     */
    public String ENTITY =
                NAMEID_FORMAT_NAMESPACE + "entity";

    /**
     * String to represent X509 Subejct Name Identifier
     */
    public String X509_SUBJECT_NAME =
        NAMEID_FORMAT_NAMESPACE_V_1_1 + "X509SubjectName";

    /**
     * String to represent Windows Domain Qualified Name Identifier
     */
    public String WINDOWS_DOMAIN_QUALIFIED_NAME =
        NAMEID_FORMAT_NAMESPACE_V_1_1 + "WindowsDomainQualifiedName";

    /**
     * String to represent Kerberos Principal Name Identifier
     */
    public String KERBEROS_PRINCIPAL_NAME =
        NAMEID_FORMAT_NAMESPACE + "kerberos";

    /**
     * String to represent the authentication service url
     */
    public String AUTH_URL = "AuthUrl";

    /**
     * Used when the SAML endpoints are RP'd to a non-server/site URL, typically
     * to DAS
     */
    public String RP_URL = "RpUrl";

    /**
     * Strings represent primitive top-level StatusCode values 
     */
    public String SUCCESS =
        "urn:oasis:names:tc:SAML:2.0:status:Success";

    public String REQUESTER =
        "urn:oasis:names:tc:SAML:2.0:status:Requester";

    public String RESPONDER =
        "urn:oasis:names:tc:SAML:2.0:status:Responder";

    public String NOPASSIVE =
        "urn:oasis:names:tc:SAML:2.0:status:NoPassive";
    
    public String VERSION_MISMATCH =
        "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch";

    public String UNKNOWN_PRINCIPAL =
        "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal";

    public String AUTHN_FAILED =
        "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed";

    public String INVALID_ATTR_NAME_OR_VALUE =
        "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue";

    public String INVALID_NAME_ID_POLICY =
        "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy";

    public String NO_AUTHN_CONTEXT =
        "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext";

    /**
     * Basic name format
     */
    public String BASIC_NAME_FORMAT =
        "urn:oasis:names:tc:SAML:2.0:attrname-format:basic";

    /**
     * Basic attribute profile
     */
    public String BASIC_ATTRIBUTE_PROFILE =
        "urn:oasis:names:tc:SAML:2.0:profiles:attribute:basic";

    /**
     * Attribute Query default profile
     */
    public static final String DEFAULT_ATTR_QUERY_PROFILE =
        "urn:oasis:names:tc:SAML:2.0:profiles:query";

    /**
     * Attribute Query x509 Subject profile
     */
    public static final String X509_SUBJECT_ATTR_QUERY_PROFILE =
        "urn:oasis:names:tc:SAML:2.0:profiles:query:attribute:X509";

    /**
     * Attribute Query default profile alias
     */
    public static final String DEFAULT_ATTR_QUERY_PROFILE_ALIAS =
        "default";

    /**
     * Attribute Query x509 Subject profile alias
     */
    public static final String X509_SUBJECT_ATTR_QUERY_PROFILE_ALIAS =
        "x509Subject";

    /**
     * Strings represent subject confirmation methods
     */
    public String SUBJECT_CONFIRMATION_METHOD_BEARER =
        "urn:oasis:names:tc:SAML:2.0:cm:bearer";
    
    /**
     * Confirmation method for holder of key
     */
    public String SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY =
        "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
    
    /**
     * Confirmation method for sender vouches
     */
    public String SUBJECT_CONFIRMATION_METHOD_SENDER_VOUCHES =
        "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches";
    
    /**
     * Session Property name indicating if response is redirected or not
     */
    public String RESPONSE_REDIRECTED = "SAML2ResponseRedirected";

    /**
     * Length for SAMLv2 IDs.
     */
    public int ID_LENGTH = 20;
    
    /**
     * SAMLv2 Version String
     */
    public String VERSION_2_0 = "2.0";

    /**
     * SAMLRequest query parameter name
     */
    public String SAML_REQUEST = "SAMLRequest";

    /**
     * SAMLResponse query parameter name
     */
    public String SAML_RESPONSE = "SAMLResponse";
    
    
    /**
     * Maximum value of unsigned integer/short type.
     */
    public int MAX_INT_VALUE=65535;
    
    /**
     * Start Tag for XML String
     */
    public String START_TAG="<";
    /**
     * End Tag for XML String
     */
    public String END_TAG =">";
    
    /**
     * Constant for space
     */
    public String SPACE=" ";
    /**
     * Constant for equal
     */
    public String EQUAL= "=";
    
    /**
     * Constant for quote
     */
    public String QUOTE = "\"";
    
    /**
     * Constant for newline
     */
    public String NEWLINE= "\n";
    
    /**
     * Constant for xml name space
     */
    public String NAMESPACE_PREFIX="xmlns";
    
    /**
     * Constant for SAML2 end tag
     */
    public String SAML2_END_TAG="</samlp:";
    
    /**
     * Constant for AuthnRequest
     */
    public String AUTHNREQUEST="AuthnRequest";

    /**
     * Constant for LogoutRequest
     */
    public String LOGOUT_REQUEST="LogoutRequest";

    /**
     * Constant for LogoutResponse
     */
    public String LOGOUT_RESPONSE="LogoutResponse";

    /**
     * Constant for AssertionIDRequest
     */
    public String ASSERTION_ID_REQUEST = "AssertionIDRequest";

    /**
     * Constant for AttributeQuery
     */
    public String ATTRIBUTE_QUERY = "AttributeQuery";

    /**
     * Constant for AuthnQuery
     */
    public String AUTHN_QUERY = "AuthnQuery";

    /**
     * Constant for NameIDMappingRequest
     */
    public String NAME_ID_MAPPING_REQUEST = "NameIDMappingRequest";

    /**
     * Constant for NameIDMappingResponse
     */
    public String NAME_ID_MAPPING_RESPONSE = "NameIDMappingResponse";

    /**
     * Constant for AssertionIDRef
     */
    public String ASSERTION_ID_REF = "AssertionIDRef";

    /**
     * Constant for Attribute
     */
    public String ATTRIBUTE="Attribute";

    /**
     * Constant for SessionIndex
     */
    public String SESSION_INDEX="SessionIndex";

    /**
     * Constant for BaseID
     */
    public String BASEID="BaseID";

    /**
     * Constant for NameID
     */
    public String NAMEID="NameID";

    /**
     * Constant for EncryptedID
     */
    public String ENCRYPTEDID="EncryptedID";
    
    /**
     * Constant for Reason
     */
    public String REASON="Reason";

    /**
     * Constant for NotOnOrAfter
     */
    public String NOTONORAFTER="NotOnOrAfter";

    /**
     * Constant for NotOnOrAfter
     */
    public String NOTBEFORE="NotBefore";

    /**
     * Constant for InResponseTo
     */
    public String INRESPONSETO="InResponseTo";
   
    /**
     * Constant for ID
     */
    public String ID="ID";
    
    
    /**
     * Constant for Version
     */
    public String VERSION="Version";
    
    
    /**
     * Constant for IssueInstant
     */
    public String ISSUE_INSTANT="IssueInstant";
    
    /**
     * Constant for Destination
     */
    public String DESTINATION="Destination";
    
    /**
     * Constant for Value
     */
    public String VALUE="Value";
    
    /**
     * Constant for Destination
     */
    public String CONSENT="Consent";
    
    /**
     * Constant for Issuer
     */
    public String ISSUER="Issuer";
    
    
    /**
     * Constant for Signature
     */
    public String SIGNATURE="Signature";
    
    /**
     * Constant for forceAuthn attribute
     */
    public String FORCEAUTHN="ForceAuthn";
    
    /**
     * Constant for IsPassive attribute
     */
    public String ISPASSIVE="IsPassive";
    
    /**
     * Constant for AllowCreate attribute
     */
    public String ALLOWCREATE="AllowCreate";

    /**
     * Constant for ProtocolBinding attribute
     */
    public String PROTOBINDING="ProtocolBinding";
    
    /**
     * Constant for mustUnderstand attribute
     */
    public static final String MUST_UNDERSTAND = "mustUnderstand";

    /**
     * Constant for actor attribute
     */
    public static final String ACTOR = "actor";

    /**
     * Constant for Binding parameter name
     */
    public String BINDING="binding";

    /**
     * Constant for reqBinding parameter name
     */
    public String REQ_BINDING = "reqBinding";

    /**
     * Constant for affiliationID parameter name
     */
    public String AFFILIATION_ID = "affiliationID";

    /**
     * Constant for Binding namespace
     */
    public String BINDING_PREFIX =
    "urn:oasis:names:tc:SAML:2.0:bindings:";

    /**
     * Constant for AssertionConsumerServiceIndex attribute
     */
    public String ASSERTION_CONSUMER_SVC_INDEX=
    "AssertionConsumerServiceIndex";
    /**
     * Constant for AssertionConsumerServiceURL attribute
     */
    public String ASSERTION_CONSUMER_SVC_URL=
    "AssertionConsumerServiceURL";
    /**
     * Constant for AttributeConsumingServiceIndex attribute
     */
    public String ATTR_CONSUMING_SVC_INDEX=
    "AttributeConsumingServiceIndex";
    /**
     * Constant for ProviderName attribute
     */
    public String PROVIDER_NAME="ProviderName";
    
    /**
     * Constant for Subject Element
     */
    public String SUBJECT="Subject";

    /**
     * Constant for AuthnRequest object
     */
    public String AUTHN_REQUEST = "AuthnRequest";
    
    /**
     * Constant for NameIDPolicy Element
     */
    public String NAMEID_POLICY="NameIDPolicy";
    
    /**
     * Constant for Conditions Element.
     */
    public String CONDITIONS="Conditions";
    
    /**
     * Constant for RequestedAuthnContext Element.
     */
    public String REQ_AUTHN_CONTEXT="RequestedAuthnContext";

    /** 
     * Constant for Comparison Attribute
     */
    public String COMPARISON ="Comparison";

    /**
     * Constant for Scoping Element.
     */
    public String SCOPING="Scoping";
    
    /**
     * Constant for Extensions Element.
     */
    public String EXTENSIONS="Extensions";
    
    /**
     * Constant for StatusDetail Element.
     */
    public String STATUS_DETAIL="StatusDetail";
    
    /**
     * Constant for StatusCode Element.
     */
    public String STATUS_CODE="StatusCode";
    
    /**
     * Constant for Status Element.
     */
    public String STATUS="Status";
    
    /**
     * Constant for StatusMessage Element.
     */
    public String STATUS_MESSAGE="StatusMessage";
    
    /**
     * Constant for GetComplete Element.
     */
    public String GETCOMPLETE="GetComplete";
    
    /**
     * Constant for IDPEntry Element.
     */
    public String IDPENTRY="IDPEntry";
    
    /**
     * Constant for IDPList Element.
     */
    public String IDPLIST="IDPList";
    
    /**
     * Constant for NameIDPolicy Element.
     */
    public String NAMEIDPOLICY="NameIDPolicy";
    
    /**
     * Constant for RequesterID Element.
     */
    public String REQUESTERID="RequesterID";

    // for SAMLPOSTProfileServlet
    public String SOURCE_SITE_SOAP_ENTRY = "sourceSite";
    public String POST_ASSERTION = "assertion";
    public String CLEANUP_INTERVAL_NAME =
                                "iplanet-am-saml-cleanup-interval";

    /**
     * NameID info attribute.
     */ 
    public String NAMEID_INFO = "sun-fm-saml2-nameid-info";

    /**
     * NameID info key attribute.
     */
    public String NAMEID_INFO_KEY = "sun-fm-saml2-nameid-infokey";

    /**
     * SAML2 data store provider name.
     */ 
    public String SAML2 = "saml2";

    /**
     * Auto federation attribute.
     */
    public String AUTO_FED_ATTRIBUTE = 
                        "autofedAttribute";

    /**
     * Auto federation enable attribute.
     */
    public String AUTO_FED_ENABLED =
                        "autofedEnabled";

    /**
     * Transient federation users.
     */
    public String TRANSIENT_FED_USER =
                        "transientUser";

    public String NAMEID_TRANSIENT_FORMAT = 
         NAMEID_FORMAT_NAMESPACE + "transient";

    /**
     * certficate alias attribute.
     */
    public String CERT_ALIAS = "sun-fm-saml2-cert-alias";
 
    /**
     * NameID format map configuration.
     */
    public String NAME_ID_FORMAT_MAP = "nameIDFormatMap";

    /**
     * Attribute map configuration.
     */
    public String ATTRIBUTE_MAP = "attributeMap";

    /**
     * Service provider adapter implementation class
     */
    public String SP_ADAPTER_CLASS = "spAdapter";
    
    /**
     * Environment (attribute/value pair) for Service provider adapter 
     * implementation class. Those variables will be passed down as
     * Map to the implementation class for initialization.
     */
    public String SP_ADAPTER_ENV = "spAdapterEnv";
    
    /**
     * Fedlet adapter implementation class.
     */
    public String FEDLET_ADAPTER_CLASS = "fedletAdapter";
    
    /**
     * Environment (attribute/value pair) for fedlet adapter 
     * implementation class. Those variables will be passed down as
     * Map to the implementation class for initialization.
     */
    public String FEDLET_ADAPTER_ENV = "fedletAdapterEnv";
    
    /**
     * Service provider account mapper.
     */
    public String SP_ACCOUNT_MAPPER = 
                        "spAccountMapper";

    /**
     * Use NameID value as local user ID in service provider account mapper.
     */ 
    public String USE_NAMEID_AS_SP_USERID = "useNameIDAsSPUserID";

    /**
     * Service provider attribute mapper.
     */
    public String SP_ATTRIBUTE_MAPPER = 
                        "spAttributeMapper";

    /**
     * Identity provider account mapper.
     */
    public String IDP_ACCOUNT_MAPPER = 
                        "idpAccountMapper";

    /**
     * Identity provider attribute mapper.
     */
    public String IDP_ATTRIBUTE_MAPPER = 
                        "idpAttributeMapper";

    /**
     * Attribute authority mapper.
     */
    public String ATTRIBUTE_AUTHORITY_MAPPER = 
                        "attributeAuthorityMapper";

    /**
     * Assertion ID request mapper.
     */
    public String ASSERTION_ID_REQUEST_MAPPER = 
                        "assertionIDRequestMapper";

    /**
     * RelayState Parameter
     */
    public String RELAY_STATE="RelayState";

    /**
     * RelayState Alias Parameter
     */
    public String RELAY_STATE_ALIAS="RelayStateAlias";

    /**
     * Realm Parameter
     */
    public String REALM="realm";

    /**
     * AssertionConsumerServiceIndex Parameter
     */
    public String ACS_URL_INDEX="AssertionConsumerServiceIndex";

    /**
     * AttributeConsumingServiceIndex Parameter
     */
    public String ATTR_INDEX="AttributeConsumingServiceIndex";

    /**
     * NameIDPolicy Format Identifier Parameter
     */
    public String NAMEID_POLICY_FORMAT="NameIDFormat";

    /**
     * True Value String
     */
    public String TRUE="true";

    /**
     * False Value String
     */
    public String FALSE="false";

    public String AUTH_LEVEL="AuthLevel";
    public String ORGANIZATION = "Organization";
    public String AUTH_LEVEL_ATTR="sunFMAuthContextComparison";
    public String AUTH_TYPE="authType";
    public String AUTH_LEVEL_ADVICE = "sunamcompositeadvice";

    public String AUTH_TYPE_ATTR ="sunFMAuthContextType";

    public String DECLARE_REF_AUTH_TYPE = "AuthContextDeclareRef";
    public String CLASS_REF_AUTH_TYPE = "AuthContextClassRef";

    public String AUTH_CONTEXT_DECL_REF ="AuthContextDeclRef";
    public String AUTH_CONTEXT_DECL_REF_ATTR 
                                        ="sunFMAuthContextDeclareRef";

    public String AUTH_CONTEXT_CLASS_REF ="AuthnContextClassRef";

    public String AUTH_CONTEXT_CLASS_REF_ATTR 
                                        ="sunFMAuthContextClassRef";

    /**
     * Parameter name for SAML artifact in http request.
     */
    public String SAML_ART = "SAMLart";

    /**
     * Service Provider Role
     */
    public String SP_ROLE = "SPRole";

    /**
     * Identity Provider Role
     */
    public String IDP_ROLE = "IDPRole";
    
    /**
     * Constant value for entity acting as both SP and IDP role.
     */
    public String DUAL_ROLE ="DualRole";


    /**
     * Policy Decision Point Role
     */
    String PDP_ROLE = "PDPRole";

    /**
     * Policy Enforcement Point Role
     */
    String PEP_ROLE = "PEPRole";
    
    /**
     * Attribute Authority Role
     */
    String ATTR_AUTH_ROLE = "AttrAuthRole";

    /**
     * Attribute Query Role
     */
    String ATTR_QUERY_ROLE = "AttrQueryRole";

    /**
     * Authentication Authority Role
     */
    String AUTHN_AUTH_ROLE = "AuthnAuthRole";

    /**
     * Unknown Role
     */
    public String UNKNOWN_ROLE = "UNKNOWN";
    

    /**
     * Attribute to be configured in SPSSOConfig for SAML2 authentication
     * module instance name.
     */
    public String AUTH_MODULE_NAME = "saml2AuthModuleName";

    /**
     * Attribute to be configured in SPSSOConfig for local authentication url.
     */
    public String LOCAL_AUTH_URL = "localAuthURL";

    /**
     * Attribute to be configured in SPSSOConfig for intermediate url.
     */
    public String INTERMEDIATE_URL = "intermediateUrl";

    /**
     * Attribute to be configure in SPSSOConfig for default relay state url.
     */
    public String DEFAULT_RELAY_STATE = "defaultRelayState";

    /**
     * This is an attribute in entity config for the
     * entity description
     */
    public String ENTITY_DESCRIPTION = "description";

    /**
     * This is an attribute in entity config for the
     * signing certificate alias
     */
    public String SIGNING_CERT_ALIAS = "signingCertAlias";

    /**
     * This is an attribute in entity config for the
     * signing certificate encrypted keypass
     */
    public String SIGNING_CERT_KEYPASS = "signingCertKeyPass";

    /**
     * This is an attribute in entity config for the
     * encryption certificate alias
     */
    public String ENCRYPTION_CERT_ALIAS = "encryptionCertAlias";
    
    /**
     * The entity role
     */
    public String ROLE = "role";

    public String SIG_PROVIDER =
    "com.sun.identity.saml2.xmlsig.SignatureProvider";

    public String ENC_PROVIDER =
    "com.sun.identity.saml2.xmlenc.EncryptionProvider";
    
    /**
     * Signing  
     */
    public String SIGNING = "signing";
    
    /**
     * Encryption  
     */
    public String ENCRYPTION = "encryption";
    
    // Delimiter used to separate multiple NameIDKey values.
    public String SECOND_DELIM = ";";

    /**
     * Http request parameter used to indicate whether the intent is
     * federation or not. Its values are "true" and "false".
     */
    public String FEDERATE = "federate";
    
    /** xmlsig signing parameters*/
    public String CANONICALIZATION_METHOD =
         "com.sun.identity.saml.xmlsig.c14nMethod";
    public String TRANSFORM_ALGORITHM =
         "com.sun.identity.saml.xmlsig.transformAlg";
    public String XMLSIG_ALGORITHM =
         "com.sun.identity.saml.xmlsig.xmlSigAlgorithm";
    /**
     * Property name for the global default query signature algorithm for RSA keys.
     */
    public String QUERY_SIGNATURE_ALGORITHM_RSA = "org.forgerock.openam.saml2.query.signature.alg.rsa";
    /**
     * Property name for the global default query signature algorithm for DSA keys.
     */
    public String QUERY_SIGNATURE_ALGORITHM_DSA = "org.forgerock.openam.saml2.query.signature.alg.dsa";
    /**
     * Property name for the global default query signature algorithm for EC keys.
     */
    public String QUERY_SIGNATURE_ALGORITHM_EC = "org.forgerock.openam.saml2.query.signature.alg.ec";
    public String DSA = "DSA";
    public String RSA = "RSA";      

    public String SIG_ALG = "SigAlg"; 
    public String SHA1_WITH_DSA = "SHA1withDSA";
    public String SHA1_WITH_RSA = "SHA1withRSA";

    public String DEFAULT_ENCODING = "UTF-8";

    // SOAP fault code for requester error
    public String CLIENT_FAULT = "Client";

    // SOAP fault code for responder error
    public String SERVER_FAULT = "Server";

    public String SESSION = "session";

    // more constants defined for auth module
    public String ASSERTIONS = "assertions";
    public String MAX_SESSION_TIME = "maxSessionTime";
    public String IN_RESPONSE_TO = "inResponseTo";

    public String SP_METAALIAS = "spMetaAlias";
    public String METAALIAS = "metaAlias";
    public String SPENTITYID = "spEntityID";
    public String IDPENTITYID = "idpEntityID";
    public String REQUESTTYPE = "requestType";
    
    // Encryption attributes
    /**
     * SP Entity Config attribute name. Used to specify whether it wants
     * Assertion encrypted or not.
     */
    public String WANT_ASSERTION_ENCRYPTED = "wantAssertionEncrypted";

    public String WANT_ATTRIBUTE_ENCRYPTED 
                                   = "wantAttributeEncrypted";
    public String WANT_NAMEID_ENCRYPTED = "wantNameIDEncrypted";

    // Signing attributes
    /**
     * IDP Entity Config attribute name. Used to specify whether it wants
     * ArtifactResolve signed or not.
     */
    public String WANT_ARTIFACT_RESOLVE_SIGNED = "wantArtifactResolveSigned";

    /**
     * SP Entity Config attribute name. Used to specify whether it wants
     * ArtifactResponse signed or not.
     */
    public String WANT_ARTIFACT_RESPONSE_SIGNED =
                              "wantArtifactResponseSigned";
    public String WANT_LOGOUT_REQUEST_SIGNED  
                                   = "wantLogoutRequestSigned";
    public String WANT_LOGOUT_RESPONSE_SIGNED   
                                   = "wantLogoutResponseSigned";
    public String WANT_MNI_REQUEST_SIGNED = "wantMNIRequestSigned";
    public String WANT_MNI_RESPONSE_SIGNED 
                                   = "wantMNIResponseSigned";
    public String WANT_POST_RESPONSE_SIGNED = "wantPOSTResponseSigned";
    
    /**
     * SP Entity Config attribute name. Used to specify IDPList child element
     * of ECP request.
     */
    public static final String ECP_REQUEST_IDP_LIST =
        "ECPRequestIDPList";

    /**
     * SP Entity Config attribute name. Used to specify an implementation class
     * that finds IDPList child element of ECP request.
     */
    public static final String ECP_REQUEST_IDP_LIST_FINDER_IMPL =
        "ECPRequestIDPListFinderImpl";

    /**
     * SP Entity Config attribute name. Used to specify attribute 'GetComplete'
     * of IDPList child element of ECP request
     */
    public static final String ECP_REQUEST_IDP_LIST_GET_COMPLETE =
        "ECPRequestIDPListGetComplete";

    /**
     * Attribute Authority Config attribute name. Used to specify data store
     * attribute name that contains X509 subject DN.
     */
    public String X509_SUBJECT_DATA_STORE_ATTR_NAME =
        "x509SubjectDataStoreAttrName";

    /**
     * Constant for SAML2IDPSessionIndex SSO token property
     */
    public String IDP_SESSION_INDEX = "SAML2IDPSessionIndex";
    /**
     * Constant for IDPMetaAlias SSO token property
     */
    public String IDP_META_ALIAS="IDPMetaAlias";

    // Basic auth for SOAP binding
    public String BASIC_AUTH_ON = "basicAuthOn";
    public String BASIC_AUTH_USER = "basicAuthUser";
    public String BASIC_AUTH_PASSWD = "basicAuthPassword";

    /**
     * Service provider AuthnContext mapper.
     */
    public String SP_AUTHCONTEXT_MAPPER =
                        "spAuthncontextMapper";

    /**
     * Default value for Service provider AuthnContext mapper value.
     */
    public String DEFAULT_SP_AUTHCONTEXT_MAPPER =
        "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper";

    /**
     * Service provider AuthnContext Class Reference and AuthLevel Mapping.
     */
    public String SP_AUTH_CONTEXT_CLASS_REF_ATTR=
                        "spAuthncontextClassrefMapping";

    /**
     * Constant for AuthnContext Class Reference namespace
     */
    public String AUTH_CTX_PREFIX =
    "urn:oasis:names:tc:SAML:2.0:ac:classes:";

    /**
     * Default Service provider AuthnContext Class Reference and 
     * AuthLevel Mapping value.
     */
    public String SP_AUTHCONTEXT_CLASSREF_VALUE=
        "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|0|default";
    /**
     * Service provider AuthnContext Comparison Type attribute name.
     */
    public String SP_AUTHCONTEXT_COMPARISON_TYPE =
                        "spAuthncontextComparisonType";

    /**
     * Default Service provider AuthnContext Comparison Type 
     * attribute value.
     */
    public String SP_AUTHCONTEXT_COMPARISON_TYPE_VALUE = "exact";

    /**
     * Flag to indicate if the RequestedAuthnContext should be included in an AuthnRequest.
     */
    public String INCLUDE_REQUESTED_AUTHN_CONTEXT = "includeRequestedAuthnContext";

    /**
     * Service provider AuthnContext Comparison Parameter Name
     */
    public String SP_AUTHCONTEXT_COMPARISON = "AuthComparison";

    // Time Skew for Assertion NotOnOrAfter. In seconds.
    public String ASSERTION_TIME_SKEW = "assertionTimeSkew";
    public int ASSERTION_TIME_SKEW_DEFAULT = 300;

    // key for SAML2 SDK class mapping
    public String SDK_CLASS_MAPPING = 
        "com.sun.identity.saml2.sdk.mapping.";

    // Default assertion effective time in seconds
    public int ASSERTION_EFFECTIVE_TIME = 600;

    // Default assertion NotBefore skew in seconds
    public int NOTBEFORE_ASSERTION_SKEW_DEFAULT = 600;

    // Assertion effective time attribute name
    public String ASSERTION_EFFECTIVE_TIME_ATTRIBUTE = 
                            "assertionEffectiveTime";

    // NotBefore Assertion skew attribute name
    public String ASSERTION_NOTBEFORE_SKEW_ATTRIBUTE =
                             "assertionNotBeforeTimeSkew";

    // IDP authn context mapper class attribute name
    public String IDP_AUTHNCONTEXT_MAPPER_CLASS =
                            "idpAuthncontextMapper";

    // IDP ECP Session mapper class attribute name
    public static final String IDP_ECP_SESSION_MAPPER_CLASS =
                            "idpECPSessionMapper";

    // Default IDP authn context mapper class name
    public String DEFAULT_IDP_AUTHNCONTEXT_MAPPER_CLASS =
        "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper";

    // Default IDP account mapper class name
    public String DEFAULT_IDP_ACCOUNT_MAPPER_CLASS =
        "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper";

    // Default SP account mapper class name
    public String DEFAULT_SP_ACCOUNT_MAPPER_CLASS =
        "com.sun.identity.saml2.plugins.DefaultSPAccountMapper";

    /**
     * Default SP attribute mapper class name
     */
    public String DEFAULT_SP_ATTRIBUTE_MAPPER_CLASS = "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper";

    // Default IDP attribute mapper class name
    public String DEFAULT_IDP_ATTRIBUTE_MAPPER_CLASS =
        "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper";

    // Default Attribute Authority mapper class name
    public static final String DEFAULT_ATTRIBUTE_AUTHORITY_MAPPER_CLASS =
        "com.sun.identity.saml2.plugins.DefaultAttributeAuthorityMapper";

    // Default Assertion ID request mapper class name
    public static final String DEFAULT_ASSERTION_ID_REQUEST_MAPPER_CLASS =
        "com.sun.identity.saml2.plugins.DefaultAssertionIDRequestMapper";

    // Default IDP ECP Session mapper class name
    public static final String DEFAULT_IDP_ECP_SESSION_MAPPER_CLASS =
        "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper";

    // IDP authn context class reference mapping attribute name
    public String IDP_AUTHNCONTEXT_CLASSREF_MAPPING =
                            "idpAuthncontextClassrefMapping";

    // AuthnContext Class Reference names
    public String CLASSREF_PASSWORD_PROTECTED_TRANSPORT =
        "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport";
        
    // COT List
    public String COT_LIST = COTConstants.COT_LIST;

    // http parameter to default.jsp
    public String MESSAGE = "message";

    // Cache Cleanup interval attribute name in AMConfig.properties.
    // value in seconds
    public String CACHE_CLEANUP_INTERVAL = 
                "com.sun.identity.saml2.cacheCleanUpInterval";

    // default Cache cleanup interval in seconds
    public int CACHE_CLEANUP_INTERVAL_DEFAULT = 3600;

    // IDP SLO parameter name for logout all sessions
    public String LOGOUT_ALL = "logoutAll";

    // IDP response info ID
    public String RES_INFO_ID = "resInfoID";
     
    // Default query parameter to use for RelayState if
    // RelayState is no specified and if RelayState cannot
    // be obtained from query parameters list specified in 
    // RelayStateAlias 

    public String GOTO = "goto";
    
    // Delimiter for values of multi-valued property set in SSO token
    public char DELIMITER = '|';

    // Escape string for the <code>DELIMITER</code> contained in the values
    // of multi-valued property set in SSO token
    public String ESCAPE_DELIMITER = "&#124;";

    /**
     * Namespace declaration for XML Encryption
     */
    public String NS_XMLENC = "http://www.w3.org/2001/04/xmlenc#";

    /**
     * Namespace declaration for XML Digital Signature
     */
    public String NS_XMLSIG = "http://www.w3.org/2000/09/xmldsig#";

    /**
     * Want XACML Authorization Decision Query Signed.
     */
    String WANT_XACML_AUTHZ_DECISION_QUERY_SIGNED =
        "wantXACMLAuthzDecisionQuerySigned";

    /**
     * Want Authorization Decision Response Signed.
     */
    String WANT_XACML_AUTHZ_DECISION_RESPONSED_SIGNED =
        "wantXACMLAuthzDecisionResponseSigned";

    /**
     * Generate Discovery Bootstrapping
     */
    public String DISCO_BOOTSTRAPPING_ENABLED =
        "discoveryBootstrappingEnabled";

    /**
     * Constant for Response Artifact message encoding property
     */
    public String RESPONSE_ARTIFACT_MESSAGE_ENCODING =
        "responseArtifactMessageEncoding";

    /**
     * URI encoding
     */
    public String URI_ENCODING = "URI";

    /**
     * FORM encoding 
     */
    public String FORM_ENCODING = "FORM";

    /**
     * Cache Assertion
     */
    public String ASSERTION_CACHE_ENABLED =
        "assertionCacheEnabled";

    /**
     * Attribute name format for ID-WSF 1.1 Discovery bootstrap
     */    
    public String DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME_FORMAT =
        "urn:oasis:names:tc:SAML:2.0:attrname-format:uri";

    /**
     * Attribute name for ID-WSF 1.1 Discovery bootstrap
     */    
    public String DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME =
        "urn:liberty:disco:2003-08:DiscoveryResourceOffering";

    /**
     * Constant for Discovery bootstrap credentials SSO token
     * property
     */
    public String DISCOVERY_BOOTSTRAP_CREDENTIALS =
        "DiscoveryBootstrapCrendentials";
    
    /**
     * XML Schema Instance namespace URI
     */
    public String NS_XSI = 
        "http://www.w3.org/2001/XMLSchema-instance";

    /**
     * String used to declare XML Schema Instance namespace.
     */
    public String XSI_DECLARE_STR =
        "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"";

    /**
     * List of SAE appliation name to encrypted secret mapping.
     */
    public String SAE_APP_SECRET_LIST = "saeAppSecretList";

    /**
     * List of valid Relay State Urls
     */
    public String RELAY_STATE_URL_LIST = "relayStateUrlList";

    /**
     * IDP SAE endpoint url.
     */
    public String SAE_IDP_URL = "saeIDPUrl";

    /**
     * SP SAE endpoint url.
     */
    public String SAE_SP_URL = "saeSPUrl";

    /**
     * SP SAE logout url.
     */
    public String SAE_SP_LOGOUT_URL = "saeSPLogoutUrl";

    /**
     * SAE : Extended meta param : SPApp url
     */
    public String SAE_XMETA_URL = "url";

    /**
     * SAE : Extended meta param : shared secret for symmetric crypto
     */
    public String SAE_XMETA_SECRET = "secret";

    /**
     * SAE : Derived from SAML2 meta
     */
    public String SAE_XMETA_PKEY_ALIAS = "privatekeyalias";

    /**
     * HTTP parameters that will be passed to SAE auth modules.
     */
    public String SAE_REALM = "realm";
    public String SAE_IDP_ENTITYID = "idpEntityID";
    public String SAE_IDPAPP_URL = "idpAppUrl";
            
    /**
     * Enable IDP Proxy
     */
    public String ENABLE_IDP_PROXY = "enableIDPProxy";

    /**
     * Always proxy the Authn Request
     */
    public String ALWAYS_IDP_PROXY = "alwaysIdpProxy";

    /**
     *IDP Proxy Name List
     */
    public String IDP_PROXY_LIST = "idpProxyList";
 
    /**
     * IDP Proxy Count
     */
    public String IDP_PROXY_COUNT = "idpProxyCount";
 
    /**
     * Use Introduction for IDP Proxy
     */
    public String USE_INTRODUCTION_FOR_IDP_PROXY =
        "useIntroductionForIDPProxy";      

    /**
     * Idp finder URL
     */
    public String IDP_FINDER_URL ="/idpfinder";
    
    /**
     * IDP Proxy finder name
     */
    public String IDP_PROXY_FINDER_NAME = 
         "com.sun.identity.saml2.idpproxy"; 
         
    /**
     * Default class name of IDP Proxy finder   
     */     
    public String  DEFAULT_IDP_PROXY_FINDER = 
        "com.sun.identity.saml2.plugins.SAML2IDPProxyImpl";

    /**
     * IDP Proxy finder attribute name in the IDP Extended metadata
     */
    public String IDP_PROXY_FINDER_ATTR_NAME = "idpProxyFinder";

    /**
     * IDP Proxy finder implmentation classe attribute name
     * in the IDP Extended metadata
     */
    public static final String PROXY_IDP_FINDER_CLASS = "proxyIDPFinderClass";
    
    /**
     * Flag to indicate if the IdP must enable the IdP Finder
     * This is the name of the attribute flag in the IDP Extended metadata
     */
    public static final String ENABLE_PROXY_IDP_FINDER_FOR_ALL_SPS =
            "enableProxyIDPFinderForAllSPs";
    
    /**
     * Attribute Name in the extended metadata that takes the value of
     * the JSP that will present the list of IdPs to the user
     */
    public static final String PROXY_IDP_FINDER_JSP =
            "proxyIDPFinderJSP";

    /**
     * Default IDP Proxy Finder JSP
     */
    public static final String DEFAULT_PROXY_IDP_FINDER = "proxyidpfinder.jsp";

    /**
     * IDP Adapter class attribute name
     */
    public static final String IDP_ADAPTER_CLASS = "idpAdapter";

    /**
     * Default IDP Adapter class
     */
    public static final String DEFAULT_IDP_ADAPTER = "com.sun.identity.saml2.plugins.DefaultIDPAdapter";

    /**
     * Key used to save IDP Session in a map
     */    
    public String IDP_SESSION = "IDPSESSION"; 
    
    /**
     * Key used to save session partners in a map 
     */
    public String  PARTNERS = "PARTNERS";        

    /**
     * String used to declare ECP namespace prefix.
     */
    public static final String ECP_PREFIX = "ecp:";
    
    /**
     * ECP namespace URI.
     */
    public static final String ECP_NAMESPACE =
        "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp";
    
    /**
     * String used to declare ECP namespace.
     */
    public static final String ECP_DECLARE_STR =
        "xmlns:ecp=\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\"";

    /**
     * Constant for ECP end tag
     */
    public static final String ECP_END_TAG="</ecp:";

    /**
     * ECP service name in PAOS header
     */
    public static final String PAOS_ECP_SERVICE =
        "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp";

    /**
     * String used to declare SOAP envelope namespace prefix.
     */
    public static final String SOAP_ENV_PREFIX = "soap-env:";
    
    /**
     * SOAP envelope namespace URI.
     */
    public static final String SOAP_ENV_NAMESPACE =
        "http://schemas.xmlsoap.org/soap/envelope/";
    
    /**
     * String used to declare SOAP envelope namespace.
     */
    public static final String SOAP_ENV_DECLARE_STR =
        "xmlns:soap-env=\"http://schemas.xmlsoap.org/soap/envelope/\"";

    /**
     * SOAP actor.
     */
    public static final String SOAP_ACTOR_NEXT =
        "http://schemas.xmlsoap.org/soap/actor/next";
    
    /**
     * Check Certificate status
     */
    public static final String CHECK_SAML2_CERTIFICATE_STATUS =
        "com.sun.identity.saml2.crl.check";

    /**
     * Check CA Certificate status
     */
    public static final String CHECK_SAML2_CA_STATUS =
        "com.sun.identity.saml2.crl.check.ca";

    /**
     * Wild card to indicate mapping any attribute name as it is in
     * the Assertion
     */
    public String ATTR_WILD_CARD = "*";

    /**
     * Key name for Response object
     */
    public String RESPONSE = "Response"; 

    /**
     * Key name for Assertion object
     */
    public String ASSERTION = "Assertion"; 
    
    /**
     * One Time Use.
     */
    public String ONETIME="ONE"; 
    /**
     * Is Bearer assertion
     */
    public String IS_BEARER="isBearer";  

    /**
     * String to represent the logout url for external application.
     * SAML2 component will send request to the external logout URL 
     * using back channel HTTP POST mechanism.
     * This is used when the single logout is initiated from remote party
     * (SP or IDP).
     */
    public String APP_LOGOUT_URL = "appLogoutUrl";

    /**
     * URL parameter name in external application logout URL for requesting 
     * user session property. Value is a session property name whose
     * value will be posted to application as http header and content for its 
     * logout use.
     */
    public String APP_SESSION_PROPERTY = "appsessionproperty";
  
    /**
     * IDP Session Synchronize Enabled
     */
    public String IDP_SESSION_SYNC_ENABLED =
            "idpSessionSyncEnabled";

    /**
     * SP Session Synchronize Enabled
     */
    public String SP_SESSION_SYNC_ENABLED =
            "spSessionSyncEnabled";

    /**
     * Map key used in fedlet case to specify federation info key.
     */
    public String INFO_KEY = "infoKey";

    /**
     * Single Sign-On service.
     */
    public String SSO_SERVICE = "sso";

    /**
     * NameIDMapping service.
     */
    public String NAMEID_MAPPING_SERVICE = "nip";

    /**
     * AssertionIDRequest service.
     */
    public String ASSERTION_ID_REQUEST_SERVICE = "air";

    /**
     * ArtifactResolution service.
     */
    public String ARTIFACT_RESOLUTION_SERVICE = "ars";

    /**
     * SingleLogout service.
     */
    public String SLO_SERVICE = "slo";

    /**
     * ManageNameID service.
     */
    public String MNI_SERVICE = "mni";

    /**
     * AssertionConsumer service.
     */
    public String ACS_SERVICE = "acs";

    /**
     * Map key used in SLO request redirect code
     */
    public static final String AM_REDIRECT_URL = "AM_REDIRECT_URL";

    /**
     * Map key used in SLO request redirect code
     */
    public static final String OUTPUT_DATA = "OUTPUT_DATA";

    public static final String RESPONSE_CODE = "RESPONSE_CODE";

    /**
     * Flag to Indicate that we do not want to write the Federation info in the local User Data Store. This flag is
     * set in the local/remote SP extended metadata configuration.
     */
    public static final String SP_DO_NOT_WRITE_FEDERATION_INFO = "spDoNotWriteFederationInfo";

    /**
     * Flag to indicate that we do not want to write the federation info in the IdP's local User Data Store. This flag
     * is set in the local IdP extended metadata configuration.
     */
    String IDP_DISABLE_NAMEID_PERSISTENCE = "idpDisableNameIDPersistence";

    /**
     * Property to determine whether SAML SP Decryption Debug mode has been enabled.
     */
    String SAML_DECRYPTION_DEBUG_MODE = "openam.saml.decryption.debug.mode";

    /**
     * Property name used to store the remote IdP's SAML response as an attribute of the HttpServletRequest.
     */
    String SAML_PROXY_IDP_RESPONSE_KEY = "openam.saml.idpproxy.idp.response";

    /**
     * property name used to store whether or not saml single logout in enabled.
     */
    String SINGLE_LOGOUT = "openam.saml.singlelogout.enabled";

    /**
     * Default Value for the SAML2 Server Port
     */
    int DEFAULT_SERVER_PORT = 18080;
}