/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: SAML2Constants.java,v 1.44 2009/11/24 21:53:02 madan_ranganath Exp $
*
* Portions Copyrighted 2010-2015 ForgeRock AS.
*/
/**
* This interface defines constants common to all SAMLv2 elements.
*
* @supported.all.api
*/
public interface SAML2Constants {
/**
* XML name space URI
*/
/**
* String used to declare SAMLv2 assertion namespace prefix.
*/
/**
* String used to declare SAMLv2 assertion namespace.
*/
" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"";
/**
* SAMLv2 assertion namespace URI.
*/
"urn:oasis:names:tc:SAML:2.0:assertion";
/**
* Default namespace attribute for <code>Action</code>.
*/
"urn:oasis:names:tc:SAML:1.0:action:rwedc-negation";
/**
* String used to declare SAMLv2 protocol namespace prefix.
*/
/**
* String used to declare SAMLv2 protocol namespace.
*/
/**
* String used to declare SAMLv2 protocol namespace.
*/
" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"";
/**
* String used to represent HTTP Redirect Binding.
*/
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
/**
* String used to represent SOAP Binding.
*/
"urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
/**
* String used to represent PAOS Binding.
*/
"urn:oasis:names:tc:SAML:2.0:bindings:PAOS";
/**
* String used to represent HTTP POST Binding.
*/
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
/**
* String used to represent HTTP ARTIFACT Binding.
*/
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact";
/**
* String used to represent URI Binding.
*/
"urn:oasis:names:tc:SAML:2.0:bindings:URI";
/**
* String to represent Name Identifier Format name space
*/
"urn:oasis:names:tc:SAML:2.0:nameid-format:";
/**
* String to represent Name Identifier Format name space
* version 1.1
*/
"urn:oasis:names:tc:SAML:1.1:nameid-format:";
/**
* String to represent Encrypted Format Name Identifier
*/
NAMEID_FORMAT_NAMESPACE + "encrypted";
/**
* String to represent Persitent Name Identifier
*/
NAMEID_FORMAT_NAMESPACE + "persistent";
/**
* String to represent Unspecified Name Identifier
*/
NAMEID_FORMAT_NAMESPACE_V_1_1 + "unspecified";
/**
* String to represent Email Address Name Identifier
*/
NAMEID_FORMAT_NAMESPACE_V_1_1 + "emailAddress";
/**
* String to represent Entity Name Identifier
*/
NAMEID_FORMAT_NAMESPACE + "entity";
/**
* String to represent X509 Subejct Name Identifier
*/
NAMEID_FORMAT_NAMESPACE_V_1_1 + "X509SubjectName";
/**
* String to represent Windows Domain Qualified Name Identifier
*/
NAMEID_FORMAT_NAMESPACE_V_1_1 + "WindowsDomainQualifiedName";
/**
* String to represent Kerberos Principal Name Identifier
*/
NAMEID_FORMAT_NAMESPACE + "kerberos";
/**
* String to represent the authentication service url
*/
/**
* Used when the SAML endpoints are RP'd to a non-server/site URL, typically
* to DAS
*/
/**
* Strings represent primitive top-level StatusCode values
*/
"urn:oasis:names:tc:SAML:2.0:status:Success";
"urn:oasis:names:tc:SAML:2.0:status:Requester";
"urn:oasis:names:tc:SAML:2.0:status:Responder";
"urn:oasis:names:tc:SAML:2.0:status:NoPassive";
"urn:oasis:names:tc:SAML:2.0:status:VersionMismatch";
"urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal";
"urn:oasis:names:tc:SAML:2.0:status:AuthnFailed";
"urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue";
"urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy";
"urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext";
/**
* Basic name format
*/
"urn:oasis:names:tc:SAML:2.0:attrname-format:basic";
/**
* Basic attribute profile
*/
"urn:oasis:names:tc:SAML:2.0:profiles:attribute:basic";
/**
* Attribute Query default profile
*/
"urn:oasis:names:tc:SAML:2.0:profiles:query";
/**
* Attribute Query x509 Subject profile
*/
"urn:oasis:names:tc:SAML:2.0:profiles:query:attribute:X509";
/**
* Attribute Query default profile alias
*/
"default";
/**
* Attribute Query x509 Subject profile alias
*/
"x509Subject";
/**
* Strings represent subject confirmation methods
*/
"urn:oasis:names:tc:SAML:2.0:cm:bearer";
/**
* Confirmation method for holder of key
*/
"urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
/**
* Confirmation method for sender vouches
*/
"urn:oasis:names:tc:SAML:2.0:cm:sender-vouches";
/**
* Session Property name indicating if response is redirected or not
*/
/**
* Length for SAMLv2 IDs.
*/
/**
* SAMLv2 Version String
*/
/**
* SAMLRequest query parameter name
*/
/**
* SAMLResponse query parameter name
*/
/**
*/
/**
* Start Tag for XML String
*/
/**
* End Tag for XML String
*/
/**
* Constant for space
*/
/**
* Constant for equal
*/
/**
* Constant for quote
*/
/**
* Constant for newline
*/
/**
* Constant for xml name space
*/
/**
* Constant for SAML2 end tag
*/
/**
* Constant for AuthnRequest
*/
/**
* Constant for LogoutRequest
*/
/**
* Constant for LogoutResponse
*/
/**
* Constant for AssertionIDRequest
*/
/**
* Constant for AttributeQuery
*/
/**
* Constant for AuthnQuery
*/
/**
* Constant for NameIDMappingRequest
*/
/**
* Constant for NameIDMappingResponse
*/
/**
* Constant for AssertionIDRef
*/
/**
* Constant for Attribute
*/
/**
* Constant for SessionIndex
*/
/**
* Constant for BaseID
*/
/**
* Constant for NameID
*/
/**
* Constant for EncryptedID
*/
/**
* Constant for Reason
*/
/**
* Constant for NotOnOrAfter
*/
/**
* Constant for NotOnOrAfter
*/
/**
* Constant for InResponseTo
*/
/**
* Constant for ID
*/
/**
* Constant for Version
*/
/**
* Constant for IssueInstant
*/
/**
* Constant for Destination
*/
/**
* Constant for Value
*/
/**
* Constant for Destination
*/
/**
* Constant for Issuer
*/
/**
* Constant for Signature
*/
/**
* Constant for forceAuthn attribute
*/
/**
* Constant for IsPassive attribute
*/
/**
* Constant for AllowCreate attribute
*/
/**
* Constant for ProtocolBinding attribute
*/
/**
* Constant for mustUnderstand attribute
*/
/**
* Constant for actor attribute
*/
/**
* Constant for Binding parameter name
*/
/**
* Constant for reqBinding parameter name
*/
/**
* Constant for affiliationID parameter name
*/
/**
* Constant for Binding namespace
*/
"urn:oasis:names:tc:SAML:2.0:bindings:";
/**
* Constant for AssertionConsumerServiceIndex attribute
*/
"AssertionConsumerServiceIndex";
/**
* Constant for AssertionConsumerServiceURL attribute
*/
"AssertionConsumerServiceURL";
/**
* Constant for AttributeConsumingServiceIndex attribute
*/
"AttributeConsumingServiceIndex";
/**
* Constant for ProviderName attribute
*/
/**
* Constant for Subject Element
*/
/**
* Constant for AuthnRequest object
*/
/**
* Constant for NameIDPolicy Element
*/
/**
* Constant for Conditions Element.
*/
/**
* Constant for RequestedAuthnContext Element.
*/
/**
* Constant for Comparison Attribute
*/
/**
* Constant for Scoping Element.
*/
/**
* Constant for Extensions Element.
*/
/**
* Constant for StatusDetail Element.
*/
/**
* Constant for StatusCode Element.
*/
/**
* Constant for Status Element.
*/
/**
* Constant for StatusMessage Element.
*/
/**
* Constant for GetComplete Element.
*/
/**
* Constant for IDPEntry Element.
*/
/**
* Constant for IDPList Element.
*/
/**
* Constant for NameIDPolicy Element.
*/
/**
* Constant for RequesterID Element.
*/
// for SAMLPOSTProfileServlet
"iplanet-am-saml-cleanup-interval";
/**
* NameID info attribute.
*/
/**
* NameID info key attribute.
*/
/**
* SAML2 data store provider name.
*/
/**
* Auto federation attribute.
*/
"autofedAttribute";
/**
* Auto federation enable attribute.
*/
"autofedEnabled";
/**
* Transient federation users.
*/
"transientUser";
NAMEID_FORMAT_NAMESPACE + "transient";
/**
* certficate alias attribute.
*/
/**
* NameID format map configuration.
*/
/**
* Attribute map configuration.
*/
/**
* Service provider adapter implementation class
*/
/**
* implementation class. Those variables will be passed down as
* Map to the implementation class for initialization.
*/
/**
* Fedlet adapter implementation class.
*/
/**
* implementation class. Those variables will be passed down as
* Map to the implementation class for initialization.
*/
/**
* Service provider account mapper.
*/
"spAccountMapper";
/**
* Use NameID value as local user ID in service provider account mapper.
*/
/**
* Service provider attribute mapper.
*/
"spAttributeMapper";
/**
* Identity provider account mapper.
*/
"idpAccountMapper";
/**
* Identity provider attribute mapper.
*/
"idpAttributeMapper";
/**
* Attribute authority mapper.
*/
"attributeAuthorityMapper";
/**
* Assertion ID request mapper.
*/
"assertionIDRequestMapper";
/**
* RelayState Parameter
*/
/**
* RelayState Alias Parameter
*/
/**
* Realm Parameter
*/
/**
* AssertionConsumerServiceIndex Parameter
*/
/**
* AttributeConsumingServiceIndex Parameter
*/
/**
* NameIDPolicy Format Identifier Parameter
*/
/**
* True Value String
*/
/**
* False Value String
*/
="sunFMAuthContextDeclareRef";
="sunFMAuthContextClassRef";
/**
* Parameter name for SAML artifact in http request.
*/
/**
* Service Provider Role
*/
/**
* Identity Provider Role
*/
/**
* Constant value for entity acting as both SP and IDP role.
*/
/**
* Policy Decision Point Role
*/
/**
* Policy Enforcement Point Role
*/
/**
* Attribute Authority Role
*/
/**
* Attribute Query Role
*/
/**
* Authentication Authority Role
*/
/**
* Unknown Role
*/
/**
* Attribute to be configured in SPSSOConfig for SAML2 authentication
* module instance name.
*/
/**
* Attribute to be configured in SPSSOConfig for local authentication url.
*/
/**
* Attribute to be configured in SPSSOConfig for intermediate url.
*/
/**
* Attribute to be configure in SPSSOConfig for default relay state url.
*/
/**
* This is an attribute in entity config for the
* entity description
*/
/**
* This is an attribute in entity config for the
* signing certificate alias
*/
/**
* This is an attribute in entity config for the
* signing certificate encrypted keypass
*/
/**
* This is an attribute in entity config for the
* encryption certificate alias
*/
/**
* The entity role
*/
"com.sun.identity.saml2.xmlsig.SignatureProvider";
"com.sun.identity.saml2.xmlenc.EncryptionProvider";
/**
* Signing
*/
/**
* Encryption
*/
// Delimiter used to separate multiple NameIDKey values.
/**
* Http request parameter used to indicate whether the intent is
* federation or not. Its values are "true" and "false".
*/
/** xmlsig signing parameters*/
"com.sun.identity.saml.xmlsig.c14nMethod";
"com.sun.identity.saml.xmlsig.transformAlg";
"com.sun.identity.saml.xmlsig.xmlSigAlgorithm";
/**
* Property name for the global default query signature algorithm for RSA keys.
*/
/**
* Property name for the global default query signature algorithm for DSA keys.
*/
/**
* Property name for the global default query signature algorithm for EC keys.
*/
// SOAP fault code for requester error
// SOAP fault code for responder error
// more constants defined for auth module
// Encryption attributes
/**
* SP Entity Config attribute name. Used to specify whether it wants
* Assertion encrypted or not.
*/
= "wantAttributeEncrypted";
// Signing attributes
/**
* IDP Entity Config attribute name. Used to specify whether it wants
* ArtifactResolve signed or not.
*/
/**
* SP Entity Config attribute name. Used to specify whether it wants
* ArtifactResponse signed or not.
*/
"wantArtifactResponseSigned";
= "wantLogoutRequestSigned";
= "wantLogoutResponseSigned";
= "wantMNIResponseSigned";
/**
* SP Entity Config attribute name. Used to specify IDPList child element
* of ECP request.
*/
"ECPRequestIDPList";
/**
* SP Entity Config attribute name. Used to specify an implementation class
* that finds IDPList child element of ECP request.
*/
"ECPRequestIDPListFinderImpl";
/**
* SP Entity Config attribute name. Used to specify attribute 'GetComplete'
* of IDPList child element of ECP request
*/
"ECPRequestIDPListGetComplete";
/**
* Attribute Authority Config attribute name. Used to specify data store
* attribute name that contains X509 subject DN.
*/
"x509SubjectDataStoreAttrName";
/**
* Constant for SAML2IDPSessionIndex SSO token property
*/
/**
* Constant for IDPMetaAlias SSO token property
*/
// Basic auth for SOAP binding
/**
* Service provider AuthnContext mapper.
*/
"spAuthncontextMapper";
/**
* Default value for Service provider AuthnContext mapper value.
*/
"com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper";
/**
* Service provider AuthnContext Class Reference and AuthLevel Mapping.
*/
"spAuthncontextClassrefMapping";
/**
* Constant for AuthnContext Class Reference namespace
*/
"urn:oasis:names:tc:SAML:2.0:ac:classes:";
/**
* Default Service provider AuthnContext Class Reference and
* AuthLevel Mapping value.
*/
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|0|default";
/**
* Service provider AuthnContext Comparison Type attribute name.
*/
"spAuthncontextComparisonType";
/**
* Default Service provider AuthnContext Comparison Type
* attribute value.
*/
/**
* Flag to indicate if the RequestedAuthnContext should be included in an AuthnRequest.
*/
/**
* Service provider AuthnContext Comparison Parameter Name
*/
// Time Skew for Assertion NotOnOrAfter. In seconds.
// key for SAML2 SDK class mapping
"com.sun.identity.saml2.sdk.mapping.";
// Default assertion effective time in seconds
// Default assertion NotBefore skew in seconds
// Assertion effective time attribute name
"assertionEffectiveTime";
// NotBefore Assertion skew attribute name
"assertionNotBeforeTimeSkew";
// IDP authn context mapper class attribute name
"idpAuthncontextMapper";
// IDP ECP Session mapper class attribute name
"idpECPSessionMapper";
// Default IDP authn context mapper class name
"com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper";
// Default IDP account mapper class name
"com.sun.identity.saml2.plugins.DefaultIDPAccountMapper";
// Default SP account mapper class name
"com.sun.identity.saml2.plugins.DefaultSPAccountMapper";
/**
* Default SP attribute mapper class name
*/
public String DEFAULT_SP_ATTRIBUTE_MAPPER_CLASS = "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper";
// Default IDP attribute mapper class name
"com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper";
// Default Attribute Authority mapper class name
"com.sun.identity.saml2.plugins.DefaultAttributeAuthorityMapper";
// Default Assertion ID request mapper class name
"com.sun.identity.saml2.plugins.DefaultAssertionIDRequestMapper";
// Default IDP ECP Session mapper class name
"com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper";
// IDP authn context class reference mapping attribute name
"idpAuthncontextClassrefMapping";
// AuthnContext Class Reference names
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport";
// COT List
// http parameter to default.jsp
// Cache Cleanup interval attribute name in AMConfig.properties.
// value in seconds
"com.sun.identity.saml2.cacheCleanUpInterval";
// default Cache cleanup interval in seconds
// IDP SLO parameter name for logout all sessions
// IDP response info ID
// Default query parameter to use for RelayState if
// RelayState is no specified and if RelayState cannot
// be obtained from query parameters list specified in
// RelayStateAlias
// Delimiter for values of multi-valued property set in SSO token
// Escape string for the <code>DELIMITER</code> contained in the values
// of multi-valued property set in SSO token
/**
* Namespace declaration for XML Encryption
*/
/**
* Namespace declaration for XML Digital Signature
*/
/**
* Want XACML Authorization Decision Query Signed.
*/
"wantXACMLAuthzDecisionQuerySigned";
/**
* Want Authorization Decision Response Signed.
*/
"wantXACMLAuthzDecisionResponseSigned";
/**
* Generate Discovery Bootstrapping
*/
"discoveryBootstrappingEnabled";
/**
* Constant for Response Artifact message encoding property
*/
"responseArtifactMessageEncoding";
/**
* URI encoding
*/
/**
* FORM encoding
*/
/**
* Cache Assertion
*/
"assertionCacheEnabled";
/**
* Attribute name format for ID-WSF 1.1 Discovery bootstrap
*/
"urn:oasis:names:tc:SAML:2.0:attrname-format:uri";
/**
* Attribute name for ID-WSF 1.1 Discovery bootstrap
*/
"urn:liberty:disco:2003-08:DiscoveryResourceOffering";
/**
* Constant for Discovery bootstrap credentials SSO token
* property
*/
"DiscoveryBootstrapCrendentials";
/**
* XML Schema Instance namespace URI
*/
/**
* String used to declare XML Schema Instance namespace.
*/
"xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"";
/**
* List of SAE appliation name to encrypted secret mapping.
*/
/**
* List of valid Relay State Urls
*/
/**
* IDP SAE endpoint url.
*/
/**
* SP SAE endpoint url.
*/
/**
* SP SAE logout url.
*/
/**
* SAE : Extended meta param : SPApp url
*/
/**
* SAE : Extended meta param : shared secret for symmetric crypto
*/
/**
* SAE : Derived from SAML2 meta
*/
/**
* HTTP parameters that will be passed to SAE auth modules.
*/
/**
* Enable IDP Proxy
*/
/**
* Always proxy the Authn Request
*/
/**
*IDP Proxy Name List
*/
/**
* IDP Proxy Count
*/
/**
* Use Introduction for IDP Proxy
*/
"useIntroductionForIDPProxy";
/**
* Idp finder URL
*/
/**
* IDP Proxy finder name
*/
"com.sun.identity.saml2.idpproxy";
/**
* Default class name of IDP Proxy finder
*/
"com.sun.identity.saml2.plugins.SAML2IDPProxyImpl";
/**
* IDP Proxy finder attribute name in the IDP Extended metadata
*/
/**
* IDP Proxy finder implmentation classe attribute name
* in the IDP Extended metadata
*/
/**
* Flag to indicate if the IdP must enable the IdP Finder
* This is the name of the attribute flag in the IDP Extended metadata
*/
"enableProxyIDPFinderForAllSPs";
/**
* Attribute Name in the extended metadata that takes the value of
* the JSP that will present the list of IdPs to the user
*/
"proxyIDPFinderJSP";
/**
* Default IDP Proxy Finder JSP
*/
/**
* IDP Adapter class attribute name
*/
/**
* Default IDP Adapter class
*/
public static final String DEFAULT_IDP_ADAPTER = "com.sun.identity.saml2.plugins.DefaultIDPAdapter";
/**
* Key used to save IDP Session in a map
*/
/**
* Key used to save session partners in a map
*/
/**
* String used to declare ECP namespace prefix.
*/
/**
* ECP namespace URI.
*/
"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp";
/**
* String used to declare ECP namespace.
*/
"xmlns:ecp=\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\"";
/**
* Constant for ECP end tag
*/
/**
* ECP service name in PAOS header
*/
"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp";
/**
* String used to declare SOAP envelope namespace prefix.
*/
/**
* SOAP envelope namespace URI.
*/
/**
* String used to declare SOAP envelope namespace.
*/
"xmlns:soap-env=\"http://schemas.xmlsoap.org/soap/envelope/\"";
/**
* SOAP actor.
*/
/**
* Check Certificate status
*/
"com.sun.identity.saml2.crl.check";
/**
* Check CA Certificate status
*/
"com.sun.identity.saml2.crl.check.ca";
/**
* Wild card to indicate mapping any attribute name as it is in
* the Assertion
*/
/**
* Key name for Response object
*/
/**
* Key name for Assertion object
*/
/**
* One Time Use.
*/
/**
* Is Bearer assertion
*/
/**
* String to represent the logout url for external application.
* SAML2 component will send request to the external logout URL
* using back channel HTTP POST mechanism.
* This is used when the single logout is initiated from remote party
* (SP or IDP).
*/
/**
* URL parameter name in external application logout URL for requesting
* user session property. Value is a session property name whose
* value will be posted to application as http header and content for its
* logout use.
*/
/**
* IDP Session Synchronize Enabled
*/
"idpSessionSyncEnabled";
/**
* SP Session Synchronize Enabled
*/
"spSessionSyncEnabled";
/**
* Map key used in fedlet case to specify federation info key.
*/
/**
* Single Sign-On service.
*/
/**
* NameIDMapping service.
*/
/**
* AssertionIDRequest service.
*/
/**
* ArtifactResolution service.
*/
/**
* SingleLogout service.
*/
/**
* ManageNameID service.
*/
/**
* AssertionConsumer service.
*/
/**
* Map key used in SLO request redirect code
*/
/**
* Map key used in SLO request redirect code
*/
/**
* Flag to Indicate that we do not want to write the Federation info in the local User Data Store. This flag is
*/
/**
* Flag to indicate that we do not want to write the federation info in the IdP's local User Data Store. This flag
* is set in the local IdP extended metadata configuration.
*/
/**
* Property to determine whether SAML SP Decryption Debug mode has been enabled.
*/
/**
* Property name used to store the remote IdP's SAML response as an attribute of the HttpServletRequest.
*/
/**
* property name used to store whether or not saml single logout in enabled.
*/
/**
* Default Value for the SAML2 Server Port
*/
}