001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: SAML2Constants.java,v 1.44 2009/11/24 21:53:02 madan_ranganath Exp $ 026 * 027 */ 028 029/* 030 * Portions Copyrighted 2010-2013 ForgeRock, Inc. 031 */ 032 033package com.sun.identity.saml2.common; 034 035import com.sun.identity.cot.COTConstants; 036 037/** 038 * This interface defines constants common to all SAMLv2 elements. 039 * 040 * @supported.all.api 041 */ 042public interface SAML2Constants { 043 044 /** 045 * XML name space URI 046 */ 047 public String NS_XML = "http://www.w3.org/2000/xmlns/"; 048 049 /** 050 * String used to declare SAMLv2 assertion namespace prefix. 051 */ 052 public String ASSERTION_PREFIX = "saml:"; 053 054 /** 055 * String used to declare SAMLv2 assertion namespace. 056 */ 057 public String ASSERTION_DECLARE_STR = 058 " xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\""; 059 060 /** 061 * SAMLv2 assertion namespace URI. 062 */ 063 public String ASSERTION_NAMESPACE_URI = 064 "urn:oasis:names:tc:SAML:2.0:assertion"; 065 066 /** 067 * Default namespace attribute for <code>Action</code>. 068 */ 069 public String ACTION_NAMESPACE_NEGATION = 070 "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation"; 071 072 /** 073 * String used to declare SAMLv2 protocol namespace prefix. 074 */ 075 public String PROTOCOL_PREFIX = "samlp:"; 076 077 /** 078 * String used to declare SAMLv2 protocol namespace. 079 */ 080 public String PROTOCOL_NAMESPACE = "urn:oasis:names:tc:SAML:2.0:protocol"; 081 082 /** 083 * String used to declare SAMLv2 protocol namespace. 084 */ 085 public String PROTOCOL_DECLARE_STR = 086 " xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\""; 087 088 /** 089 * String used to represent HTTP Redirect Binding. 090 */ 091 public String HTTP_REDIRECT = 092 "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"; 093 094 /** 095 * String used to represent SOAP Binding. 096 */ 097 public String SOAP = 098 "urn:oasis:names:tc:SAML:2.0:bindings:SOAP"; 099 100 /** 101 * String used to represent PAOS Binding. 102 */ 103 public static final String PAOS = 104 "urn:oasis:names:tc:SAML:2.0:bindings:PAOS"; 105 106 /** 107 * String used to represent HTTP POST Binding. 108 */ 109 public String HTTP_POST = 110 "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"; 111 112 /** 113 * String used to represent HTTP ARTIFACT Binding. 114 */ 115 public String HTTP_ARTIFACT = 116 "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"; 117 118 /** 119 * String used to represent URI Binding. 120 */ 121 public String URI = 122 "urn:oasis:names:tc:SAML:2.0:bindings:URI"; 123 124 /** 125 * String to represent Name Identifier Format name space 126 */ 127 public String NAMEID_FORMAT_NAMESPACE= 128 "urn:oasis:names:tc:SAML:2.0:nameid-format:"; 129 130 /** 131 * String to represent Name Identifier Format name space 132 * version 1.1 133 */ 134 public static final String NAMEID_FORMAT_NAMESPACE_V_1_1= 135 "urn:oasis:names:tc:SAML:1.1:nameid-format:"; 136 137 /** 138 * String to represent Encrypted Format Name Identifier 139 */ 140 public String ENCRYPTED = 141 NAMEID_FORMAT_NAMESPACE + "encrypted"; 142 143 144 /** 145 * String to represent Persitent Name Identifier 146 */ 147 public String PERSISTENT = 148 NAMEID_FORMAT_NAMESPACE + "persistent"; 149 150 /** 151 * String to represent Unspecified Name Identifier 152 */ 153 public String UNSPECIFIED = 154 NAMEID_FORMAT_NAMESPACE_V_1_1 + "unspecified"; 155 156 /** 157 * String to represent Email Address Name Identifier 158 */ 159 public String EMAIL_ADDRESS = 160 NAMEID_FORMAT_NAMESPACE_V_1_1 + "emailAddress"; 161 162 /** 163 * String to represent Entity Name Identifier 164 */ 165 public String ENTITY = 166 NAMEID_FORMAT_NAMESPACE + "entity"; 167 168 /** 169 * String to represent X509 Subejct Name Identifier 170 */ 171 public String X509_SUBJECT_NAME = 172 NAMEID_FORMAT_NAMESPACE_V_1_1 + "X509SubjectName"; 173 174 /** 175 * String to represent Windows Domain Qualified Name Identifier 176 */ 177 public String WINDOWS_DOMAIN_QUALIFIED_NAME = 178 NAMEID_FORMAT_NAMESPACE_V_1_1 + "WindowsDomainQualifiedName"; 179 180 /** 181 * String to represent Kerberos Principal Name Identifier 182 */ 183 public String KERBEROS_PRINCIPAL_NAME = 184 NAMEID_FORMAT_NAMESPACE + "kerberos"; 185 186 /** 187 * String to represent the authentication service url 188 */ 189 public String AUTH_URL = "AuthUrl"; 190 191 /** 192 * Used when the SAML endpoints are RP'd to a non-server/site URL, typically 193 * to DAS 194 */ 195 public String RP_URL = "RpUrl"; 196 197 /** 198 * Strings represent primitive top-level StatusCode values 199 */ 200 public String SUCCESS = 201 "urn:oasis:names:tc:SAML:2.0:status:Success"; 202 203 public String REQUESTER = 204 "urn:oasis:names:tc:SAML:2.0:status:Requester"; 205 206 public String RESPONDER = 207 "urn:oasis:names:tc:SAML:2.0:status:Responder"; 208 209 public String NOPASSIVE = 210 "urn:oasis:names:tc:SAML:2.0:status:NoPassive"; 211 212 public String VERSION_MISMATCH = 213 "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"; 214 215 public String UNKNOWN_PRINCIPAL = 216 "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal"; 217 218 public String AUTHN_FAILED = 219 "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"; 220 221 public String INVALID_ATTR_NAME_OR_VALUE = 222 "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue"; 223 224 public String INVALID_NAME_ID_POLICY = 225 "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy"; 226 227 public String NO_AUTHN_CONTEXT = 228 "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext"; 229 230 /** 231 * Basic name format 232 */ 233 public String BASIC_NAME_FORMAT = 234 "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"; 235 236 /** 237 * Basic attribute profile 238 */ 239 public String BASIC_ATTRIBUTE_PROFILE = 240 "urn:oasis:names:tc:SAML:2.0:profiles:attribute:basic"; 241 242 /** 243 * Attribute Query default profile 244 */ 245 public static final String DEFAULT_ATTR_QUERY_PROFILE = 246 "urn:oasis:names:tc:SAML:2.0:profiles:query"; 247 248 /** 249 * Attribute Query x509 Subject profile 250 */ 251 public static final String X509_SUBJECT_ATTR_QUERY_PROFILE = 252 "urn:oasis:names:tc:SAML:2.0:profiles:query:attribute:X509"; 253 254 /** 255 * Attribute Query default profile alias 256 */ 257 public static final String DEFAULT_ATTR_QUERY_PROFILE_ALIAS = 258 "default"; 259 260 /** 261 * Attribute Query x509 Subject profile alias 262 */ 263 public static final String X509_SUBJECT_ATTR_QUERY_PROFILE_ALIAS = 264 "x509Subject"; 265 266 /** 267 * Strings represent subject confirmation methods 268 */ 269 public String SUBJECT_CONFIRMATION_METHOD_BEARER = 270 "urn:oasis:names:tc:SAML:2.0:cm:bearer"; 271 272 /** 273 * Confirmation method for holder of key 274 */ 275 public String SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY = 276 "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"; 277 278 /** 279 * Confirmation method for sender vouches 280 */ 281 public String SUBJECT_CONFIRMATION_METHOD_SENDER_VOUCHES = 282 "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"; 283 284 /** 285 * Session Property name indicating if response is redirected or not 286 */ 287 public String RESPONSE_REDIRECTED = "SAML2ResponseRedirected"; 288 289 /** 290 * Length for SAMLv2 IDs. 291 */ 292 public int ID_LENGTH = 20; 293 294 /** 295 * SAMLv2 Version String 296 */ 297 public String VERSION_2_0 = "2.0"; 298 299 /** 300 * SAMLRequest query parameter name 301 */ 302 public String SAML_REQUEST = "SAMLRequest"; 303 304 /** 305 * SAMLResponse query parameter name 306 */ 307 public String SAML_RESPONSE = "SAMLResponse"; 308 309 310 /** 311 * Maximum value of unsigned integer/short type. 312 */ 313 public int MAX_INT_VALUE=65535; 314 315 /** 316 * Start Tag for XML String 317 */ 318 public String START_TAG="<"; 319 /** 320 * End Tag for XML String 321 */ 322 public String END_TAG =">"; 323 324 /** 325 * Constant for space 326 */ 327 public String SPACE=" "; 328 /** 329 * Constant for equal 330 */ 331 public String EQUAL= "="; 332 333 /** 334 * Constant for quote 335 */ 336 public String QUOTE = "\""; 337 338 /** 339 * Constant for newline 340 */ 341 public String NEWLINE= "\n"; 342 343 /** 344 * Constant for xml name space 345 */ 346 public String NAMESPACE_PREFIX="xmlns"; 347 348 /** 349 * Constant for SAML2 end tag 350 */ 351 public String SAML2_END_TAG="</samlp:"; 352 353 /** 354 * Constant for AuthnRequest 355 */ 356 public String AUTHNREQUEST="AuthnRequest"; 357 358 /** 359 * Constant for LogoutRequest 360 */ 361 public String LOGOUT_REQUEST="LogoutRequest"; 362 363 /** 364 * Constant for LogoutResponse 365 */ 366 public String LOGOUT_RESPONSE="LogoutResponse"; 367 368 /** 369 * Constant for AssertionIDRequest 370 */ 371 public String ASSERTION_ID_REQUEST = "AssertionIDRequest"; 372 373 /** 374 * Constant for AttributeQuery 375 */ 376 public String ATTRIBUTE_QUERY = "AttributeQuery"; 377 378 /** 379 * Constant for AuthnQuery 380 */ 381 public String AUTHN_QUERY = "AuthnQuery"; 382 383 /** 384 * Constant for NameIDMappingRequest 385 */ 386 public String NAME_ID_MAPPING_REQUEST = "NameIDMappingRequest"; 387 388 /** 389 * Constant for NameIDMappingResponse 390 */ 391 public String NAME_ID_MAPPING_RESPONSE = "NameIDMappingResponse"; 392 393 /** 394 * Constant for AssertionIDRef 395 */ 396 public String ASSERTION_ID_REF = "AssertionIDRef"; 397 398 /** 399 * Constant for Attribute 400 */ 401 public String ATTRIBUTE="Attribute"; 402 403 /** 404 * Constant for SessionIndex 405 */ 406 public String SESSION_INDEX="SessionIndex"; 407 408 /** 409 * Constant for BaseID 410 */ 411 public String BASEID="BaseID"; 412 413 /** 414 * Constant for NameID 415 */ 416 public String NAMEID="NameID"; 417 418 /** 419 * Constant for EncryptedID 420 */ 421 public String ENCRYPTEDID="EncryptedID"; 422 423 /** 424 * Constant for Reason 425 */ 426 public String REASON="Reason"; 427 428 /** 429 * Constant for NotOnOrAfter 430 */ 431 public String NOTONORAFTER="NotOnOrAfter"; 432 433 /** 434 * Constant for NotOnOrAfter 435 */ 436 public String NOTBEFORE="NotBefore"; 437 438 /** 439 * Constant for InResponseTo 440 */ 441 public String INRESPONSETO="InResponseTo"; 442 443 /** 444 * Constant for ID 445 */ 446 public String ID="ID"; 447 448 449 /** 450 * Constant for Version 451 */ 452 public String VERSION="Version"; 453 454 455 /** 456 * Constant for IssueInstant 457 */ 458 public String ISSUE_INSTANT="IssueInstant"; 459 460 /** 461 * Constant for Destination 462 */ 463 public String DESTINATION="Destination"; 464 465 /** 466 * Constant for Value 467 */ 468 public String VALUE="Value"; 469 470 /** 471 * Constant for Destination 472 */ 473 public String CONSENT="Consent"; 474 475 /** 476 * Constant for Issuer 477 */ 478 public String ISSUER="Issuer"; 479 480 481 /** 482 * Constant for Signature 483 */ 484 public String SIGNATURE="Signature"; 485 486 /** 487 * Constant for forceAuthn attribute 488 */ 489 public String FORCEAUTHN="ForceAuthn"; 490 491 /** 492 * Constant for IsPassive attribute 493 */ 494 public String ISPASSIVE="IsPassive"; 495 496 /** 497 * Constant for AllowCreate attribute 498 */ 499 public String ALLOWCREATE="AllowCreate"; 500 501 /** 502 * Constant for ProtocolBinding attribute 503 */ 504 public String PROTOBINDING="ProtocolBinding"; 505 506 /** 507 * Constant for mustUnderstand attribute 508 */ 509 public static final String MUST_UNDERSTAND = "mustUnderstand"; 510 511 /** 512 * Constant for actor attribute 513 */ 514 public static final String ACTOR = "actor"; 515 516 /** 517 * Constant for Binding parameter name 518 */ 519 public String BINDING="binding"; 520 521 /** 522 * Constant for reqBinding parameter name 523 */ 524 public String REQ_BINDING = "reqBinding"; 525 526 /** 527 * Constant for affiliationID parameter name 528 */ 529 public String AFFILIATION_ID = "affiliationID"; 530 531 /** 532 * Constant for Binding namespace 533 */ 534 public String BINDING_PREFIX = 535 "urn:oasis:names:tc:SAML:2.0:bindings:"; 536 537 /** 538 * Constant for AssertionConsumerServiceIndex attribute 539 */ 540 public String ASSERTION_CONSUMER_SVC_INDEX= 541 "AssertionConsumerServiceIndex"; 542 /** 543 * Constant for AssertionConsumerServiceURL attribute 544 */ 545 public String ASSERTION_CONSUMER_SVC_URL= 546 "AssertionConsumerServiceURL"; 547 /** 548 * Constant for AttributeConsumingServiceIndex attribute 549 */ 550 public String ATTR_CONSUMING_SVC_INDEX= 551 "AttributeConsumingServiceIndex"; 552 /** 553 * Constant for ProviderName attribute 554 */ 555 public String PROVIDER_NAME="ProviderName"; 556 557 /** 558 * Constant for Subject Element 559 */ 560 public String SUBJECT="Subject"; 561 562 /** 563 * Constant for AuthnRequest object 564 */ 565 public String AUTHN_REQUEST = "AuthnRequest"; 566 567 /** 568 * Constant for NameIDPolicy Element 569 */ 570 public String NAMEID_POLICY="NameIDPolicy"; 571 572 /** 573 * Constant for Conditions Element. 574 */ 575 public String CONDITIONS="Conditions"; 576 577 /** 578 * Constant for RequestedAuthnContext Element. 579 */ 580 public String REQ_AUTHN_CONTEXT="RequestedAuthnContext"; 581 582 /** 583 * Constant for Comparison Attribute 584 */ 585 public String COMPARISON ="Comparison"; 586 587 /** 588 * Constant for Scoping Element. 589 */ 590 public String SCOPING="Scoping"; 591 592 /** 593 * Constant for Extensions Element. 594 */ 595 public String EXTENSIONS="Extensions"; 596 597 /** 598 * Constant for StatusDetail Element. 599 */ 600 public String STATUS_DETAIL="StatusDetail"; 601 602 /** 603 * Constant for StatusCode Element. 604 */ 605 public String STATUS_CODE="StatusCode"; 606 607 /** 608 * Constant for Status Element. 609 */ 610 public String STATUS="Status"; 611 612 /** 613 * Constant for StatusMessage Element. 614 */ 615 public String STATUS_MESSAGE="StatusMessage"; 616 617 /** 618 * Constant for GetComplete Element. 619 */ 620 public String GETCOMPLETE="GetComplete"; 621 622 /** 623 * Constant for IDPEntry Element. 624 */ 625 public String IDPENTRY="IDPEntry"; 626 627 /** 628 * Constant for IDPList Element. 629 */ 630 public String IDPLIST="IDPList"; 631 632 /** 633 * Constant for NameIDPolicy Element. 634 */ 635 public String NAMEIDPOLICY="NameIDPolicy"; 636 637 /** 638 * Constant for RequesterID Element. 639 */ 640 public String REQUESTERID="RequesterID"; 641 642 // for SAMLPOSTProfileServlet 643 public String SOURCE_SITE_SOAP_ENTRY = "sourceSite"; 644 public String POST_ASSERTION = "assertion"; 645 public String CLEANUP_INTERVAL_NAME = 646 "iplanet-am-saml-cleanup-interval"; 647 648 /** 649 * NameID info attribute. 650 */ 651 public String NAMEID_INFO = "sun-fm-saml2-nameid-info"; 652 653 /** 654 * NameID info key attribute. 655 */ 656 public String NAMEID_INFO_KEY = "sun-fm-saml2-nameid-infokey"; 657 658 /** 659 * SAML2 data store provider name. 660 */ 661 public String SAML2 = "saml2"; 662 663 /** 664 * Auto federation attribute. 665 */ 666 public String AUTO_FED_ATTRIBUTE = 667 "autofedAttribute"; 668 669 /** 670 * Auto federation enable attribute. 671 */ 672 public String AUTO_FED_ENABLED = 673 "autofedEnabled"; 674 675 /** 676 * Transient federation users. 677 */ 678 public String TRANSIENT_FED_USER = 679 "transientUser"; 680 681 public String NAMEID_TRANSIENT_FORMAT = 682 NAMEID_FORMAT_NAMESPACE + "transient"; 683 684 /** 685 * certficate alias attribute. 686 */ 687 public String CERT_ALIAS = "sun-fm-saml2-cert-alias"; 688 689 /** 690 * NameID format map configuration. 691 */ 692 public String NAME_ID_FORMAT_MAP = "nameIDFormatMap"; 693 694 /** 695 * Attribute map configuration. 696 */ 697 public String ATTRIBUTE_MAP = "attributeMap"; 698 699 /** 700 * Service provider adapter implementation class 701 */ 702 public String SP_ADAPTER_CLASS = "spAdapter"; 703 704 /** 705 * Environment (attribute/value pair) for Service provider adapter 706 * implementation class. Those variables will be passed down as 707 * Map to the implementation class for initialization. 708 */ 709 public String SP_ADAPTER_ENV = "spAdapterEnv"; 710 711 /** 712 * Fedlet adapter implementation class. 713 */ 714 public String FEDLET_ADAPTER_CLASS = "fedletAdapter"; 715 716 /** 717 * Environment (attribute/value pair) for fedlet adapter 718 * implementation class. Those variables will be passed down as 719 * Map to the implementation class for initialization. 720 */ 721 public String FEDLET_ADAPTER_ENV = "fedletAdapterEnv"; 722 723 /** 724 * Service provider account mapper. 725 */ 726 public String SP_ACCOUNT_MAPPER = 727 "spAccountMapper"; 728 729 /** 730 * Use NameID value as local user ID in service provider account mapper. 731 */ 732 public String USE_NAMEID_AS_SP_USERID = "useNameIDAsSPUserID"; 733 734 /** 735 * Service provider attribute mapper. 736 */ 737 public String SP_ATTRIBUTE_MAPPER = 738 "spAttributeMapper"; 739 740 /** 741 * Identity provider account mapper. 742 */ 743 public String IDP_ACCOUNT_MAPPER = 744 "idpAccountMapper"; 745 746 /** 747 * Identity provider attribute mapper. 748 */ 749 public String IDP_ATTRIBUTE_MAPPER = 750 "idpAttributeMapper"; 751 752 /** 753 * Attribute authority mapper. 754 */ 755 public String ATTRIBUTE_AUTHORITY_MAPPER = 756 "attributeAuthorityMapper"; 757 758 /** 759 * Assertion ID request mapper. 760 */ 761 public String ASSERTION_ID_REQUEST_MAPPER = 762 "assertionIDRequestMapper"; 763 764 /** 765 * RelayState Parameter 766 */ 767 public String RELAY_STATE="RelayState"; 768 769 /** 770 * RelayState Alias Parameter 771 */ 772 public String RELAY_STATE_ALIAS="RelayStateAlias"; 773 774 /** 775 * Realm Parameter 776 */ 777 public String REALM="realm"; 778 779 /** 780 * AssertionConsumerServiceIndex Parameter 781 */ 782 public String ACS_URL_INDEX="AssertionConsumerServiceIndex"; 783 784 /** 785 * AttributeConsumingServiceIndex Parameter 786 */ 787 public String ATTR_INDEX="AttributeConsumingServiceIndex"; 788 789 /** 790 * NameIDPolicy Format Identifier Parameter 791 */ 792 public String NAMEID_POLICY_FORMAT="NameIDFormat"; 793 794 /** 795 * True Value String 796 */ 797 public String TRUE="true"; 798 799 /** 800 * False Value String 801 */ 802 public String FALSE="false"; 803 804 public String AUTH_LEVEL="AuthLevel"; 805 public String ORGANIZATION = "Organization"; 806 public String AUTH_LEVEL_ATTR="sunFMAuthContextComparison"; 807 public String AUTH_TYPE="authType"; 808 public String AUTH_LEVEL_ADVICE = "sunamcompositeadvice"; 809 810 public String AUTH_TYPE_ATTR ="sunFMAuthContextType"; 811 812 public String DECLARE_REF_AUTH_TYPE = "AuthContextDeclareRef"; 813 public String CLASS_REF_AUTH_TYPE = "AuthContextClassRef"; 814 815 public String AUTH_CONTEXT_DECL_REF ="AuthContextDeclRef"; 816 public String AUTH_CONTEXT_DECL_REF_ATTR 817 ="sunFMAuthContextDeclareRef"; 818 819 public String AUTH_CONTEXT_CLASS_REF ="AuthnContextClassRef"; 820 821 public String AUTH_CONTEXT_CLASS_REF_ATTR 822 ="sunFMAuthContextClassRef"; 823 824 /** 825 * Parameter name for SAML artifact in http request. 826 */ 827 public String SAML_ART = "SAMLart"; 828 829 /** 830 * Service Provider Role 831 */ 832 public String SP_ROLE = "SPRole"; 833 834 /** 835 * Identity Provider Role 836 */ 837 public String IDP_ROLE = "IDPRole"; 838 839 /** 840 * Constant value for entity acting as both SP and IDP role. 841 */ 842 public String DUAL_ROLE ="DualRole"; 843 844 845 /** 846 * Policy Decision Point Role 847 */ 848 String PDP_ROLE = "PDPRole"; 849 850 /** 851 * Policy Enforcement Point Role 852 */ 853 String PEP_ROLE = "PEPRole"; 854 855 /** 856 * Attribute Authority Role 857 */ 858 String ATTR_AUTH_ROLE = "AttrAuthRole"; 859 860 /** 861 * Attribute Query Role 862 */ 863 String ATTR_QUERY_ROLE = "AttrQueryRole"; 864 865 /** 866 * Authentication Authority Role 867 */ 868 String AUTHN_AUTH_ROLE = "AuthnAuthRole"; 869 870 /** 871 * Unknown Role 872 */ 873 public String UNKNOWN_ROLE = "UNKNOWN"; 874 875 876 /** 877 * Attribute to be configured in SPSSOConfig for SAML2 authentication 878 * module instance name. 879 */ 880 public String AUTH_MODULE_NAME = "saml2AuthModuleName"; 881 882 /** 883 * Attribute to be configured in SPSSOConfig for local authentication url. 884 */ 885 public String LOCAL_AUTH_URL = "localAuthURL"; 886 887 /** 888 * Attribute to be configured in SPSSOConfig for intermediate url. 889 */ 890 public String INTERMEDIATE_URL = "intermediateUrl"; 891 892 /** 893 * Attribute to be configure in SPSSOConfig for default relay state url. 894 */ 895 public String DEFAULT_RELAY_STATE = "defaultRelayState"; 896 897 /** 898 * This is an attribute in entity config for the 899 * entity description 900 */ 901 public String ENTITY_DESCRIPTION = "description"; 902 903 /** 904 * This is an attribute in entity config for the 905 * signing certificate alias 906 */ 907 public String SIGNING_CERT_ALIAS = "signingCertAlias"; 908 909 /** 910 * This is an attribute in entity config for the 911 * signing certificate encrypted keypass 912 */ 913 public String SIGNING_CERT_KEYPASS = "signingCertKeyPass"; 914 915 /** 916 * This is an attribute in entity config for the 917 * encryption certificate alias 918 */ 919 public String ENCRYPTION_CERT_ALIAS = "encryptionCertAlias"; 920 921 /** 922 * The entity role 923 */ 924 public String ROLE = "role"; 925 926 public String SIG_PROVIDER = 927 "com.sun.identity.saml2.xmlsig.SignatureProvider"; 928 929 public String ENC_PROVIDER = 930 "com.sun.identity.saml2.xmlenc.EncryptionProvider"; 931 932 /** 933 * Signing 934 */ 935 public String SIGNING = "signing"; 936 937 /** 938 * Encryption 939 */ 940 public String ENCRYPTION = "encryption"; 941 942 // Delimiter used to separate multiple NameIDKey values. 943 public String SECOND_DELIM = ";"; 944 945 /** 946 * Http request parameter used to indicate whether the intent is 947 * federation or not. Its values are "true" and "false". 948 */ 949 public String FEDERATE = "federate"; 950 951 /** xmlsig signing parameters*/ 952 public String CANONICALIZATION_METHOD = 953 "com.sun.identity.saml.xmlsig.c14nMethod"; 954 public String TRANSFORM_ALGORITHM = 955 "com.sun.identity.saml.xmlsig.transformAlg"; 956 public String XMLSIG_ALGORITHM = 957 "com.sun.identity.saml.xmlsig.xmlSigAlgorithm"; 958 959 public String DSA = "DSA"; 960 public String RSA = "RSA"; 961 962 public String SIG_ALG = "SigAlg"; 963 public String SHA1_WITH_DSA = "SHA1withDSA"; 964 public String SHA1_WITH_RSA = "SHA1withRSA"; 965 966 public String DEFAULT_ENCODING = "UTF-8"; 967 968 // SOAP fault code for requester error 969 public String CLIENT_FAULT = "Client"; 970 971 // SOAP fault code for responder error 972 public String SERVER_FAULT = "Server"; 973 974 public String SESSION = "session"; 975 976 // more constants defined for auth module 977 public String ASSERTIONS = "assertions"; 978 public String MAX_SESSION_TIME = "maxSessionTime"; 979 public String IN_RESPONSE_TO = "inResponseTo"; 980 981 public String SP_METAALIAS = "spMetaAlias"; 982 public String METAALIAS = "metaAlias"; 983 public String SPENTITYID = "spEntityID"; 984 public String IDPENTITYID = "idpEntityID"; 985 public String REQUESTTYPE = "requestType"; 986 987 // Encryption attributes 988 /** 989 * SP Entity Config attribute name. Used to specify whether it wants 990 * Assertion encrypted or not. 991 */ 992 public String WANT_ASSERTION_ENCRYPTED = "wantAssertionEncrypted"; 993 994 public String WANT_ATTRIBUTE_ENCRYPTED 995 = "wantAttributeEncrypted"; 996 public String WANT_NAMEID_ENCRYPTED = "wantNameIDEncrypted"; 997 998 // Signing attributes 999 /** 1000 * IDP Entity Config attribute name. Used to specify whether it wants 1001 * ArtifactResolve signed or not. 1002 */ 1003 public String WANT_ARTIFACT_RESOLVE_SIGNED = "wantArtifactResolveSigned"; 1004 1005 /** 1006 * SP Entity Config attribute name. Used to specify whether it wants 1007 * ArtifactResponse signed or not. 1008 */ 1009 public String WANT_ARTIFACT_RESPONSE_SIGNED = 1010 "wantArtifactResponseSigned"; 1011 public String WANT_LOGOUT_REQUEST_SIGNED 1012 = "wantLogoutRequestSigned"; 1013 public String WANT_LOGOUT_RESPONSE_SIGNED 1014 = "wantLogoutResponseSigned"; 1015 public String WANT_MNI_REQUEST_SIGNED = "wantMNIRequestSigned"; 1016 public String WANT_MNI_RESPONSE_SIGNED 1017 = "wantMNIResponseSigned"; 1018 public String WANT_POST_RESPONSE_SIGNED = "wantPOSTResponseSigned"; 1019 1020 /** 1021 * SP Entity Config attribute name. Used to specify IDPList child element 1022 * of ECP request. 1023 */ 1024 public static final String ECP_REQUEST_IDP_LIST = 1025 "ECPRequestIDPList"; 1026 1027 /** 1028 * SP Entity Config attribute name. Used to specify an implementation class 1029 * that finds IDPList child element of ECP request. 1030 */ 1031 public static final String ECP_REQUEST_IDP_LIST_FINDER_IMPL = 1032 "ECPRequestIDPListFinderImpl"; 1033 1034 /** 1035 * SP Entity Config attribute name. Used to specify attribute 'GetComplete' 1036 * of IDPList child element of ECP request 1037 */ 1038 public static final String ECP_REQUEST_IDP_LIST_GET_COMPLETE = 1039 "ECPRequestIDPListGetComplete"; 1040 1041 /** 1042 * Attribute Authority Config attribute name. Used to specify data store 1043 * attribute name that contains X509 subject DN. 1044 */ 1045 public String X509_SUBJECT_DATA_STORE_ATTR_NAME = 1046 "x509SubjectDataStoreAttrName"; 1047 1048 /** 1049 * Constant for SAML2IDPSessionIndex SSO token property 1050 */ 1051 public String IDP_SESSION_INDEX = "SAML2IDPSessionIndex"; 1052 /** 1053 * Constant for IDPMetaAlias SSO token property 1054 */ 1055 public String IDP_META_ALIAS="IDPMetaAlias"; 1056 1057 // Basic auth for SOAP binding 1058 public String BASIC_AUTH_ON = "basicAuthOn"; 1059 public String BASIC_AUTH_USER = "basicAuthUser"; 1060 public String BASIC_AUTH_PASSWD = "basicAuthPassword"; 1061 1062 /** 1063 * Service provider AuthnContext mapper. 1064 */ 1065 public String SP_AUTHCONTEXT_MAPPER = 1066 "spAuthncontextMapper"; 1067 1068 /** 1069 * Default value for Service provider AuthnContext mapper value. 1070 */ 1071 public String DEFAULT_SP_AUTHCONTEXT_MAPPER = 1072 "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper"; 1073 1074 /** 1075 * Service provider AuthnContext Class Reference and AuthLevel Mapping. 1076 */ 1077 public String SP_AUTH_CONTEXT_CLASS_REF_ATTR= 1078 "spAuthncontextClassrefMapping"; 1079 1080 /** 1081 * Constant for AuthnContext Class Reference namespace 1082 */ 1083 public String AUTH_CTX_PREFIX = 1084 "urn:oasis:names:tc:SAML:2.0:ac:classes:"; 1085 1086 /** 1087 * Default Service provider AuthnContext Class Reference and 1088 * AuthLevel Mapping value. 1089 */ 1090 public String SP_AUTHCONTEXT_CLASSREF_VALUE= 1091 "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|0|default"; 1092 /** 1093 * Service provider AuthnContext Comparison Type attribute name. 1094 */ 1095 public String SP_AUTHCONTEXT_COMPARISON_TYPE = 1096 "spAuthncontextComparisonType"; 1097 1098 /** 1099 * Default Service provider AuthnContext Comparison Type 1100 * attribute value. 1101 */ 1102 public String SP_AUTHCONTEXT_COMPARISON_TYPE_VALUE = "exact"; 1103 1104 /** 1105 * Service provider AuthnContext Comparison Parameter Name 1106 */ 1107 public String SP_AUTHCONTEXT_COMPARISON = "AuthComparison"; 1108 1109 // Time Skew for Assertion NotOnOrAfter. In seconds. 1110 public String ASSERTION_TIME_SKEW = "assertionTimeSkew"; 1111 public int ASSERTION_TIME_SKEW_DEFAULT = 300; 1112 1113 // key for SAML2 SDK class mapping 1114 public String SDK_CLASS_MAPPING = 1115 "com.sun.identity.saml2.sdk.mapping."; 1116 1117 // Default assertion effective time in seconds 1118 public int ASSERTION_EFFECTIVE_TIME = 600; 1119 1120 // Default assertion NotBefore skew in seconds 1121 public int NOTBEFORE_ASSERTION_SKEW_DEFAULT = 600; 1122 1123 // Assertion effective time attribute name 1124 public String ASSERTION_EFFECTIVE_TIME_ATTRIBUTE = 1125 "assertionEffectiveTime"; 1126 1127 // NotBefore Assertion skew attribute name 1128 public String ASSERTION_NOTBEFORE_SKEW_ATTRIBUTE = 1129 "assertionNotBeforeTimeSkew"; 1130 1131 // IDP authn context mapper class attribute name 1132 public String IDP_AUTHNCONTEXT_MAPPER_CLASS = 1133 "idpAuthncontextMapper"; 1134 1135 // IDP ECP Session mapper class attribute name 1136 public static final String IDP_ECP_SESSION_MAPPER_CLASS = 1137 "idpECPSessionMapper"; 1138 1139 // Default IDP authn context mapper class name 1140 public String DEFAULT_IDP_AUTHNCONTEXT_MAPPER_CLASS = 1141 "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper"; 1142 1143 // Default IDP account mapper class name 1144 public String DEFAULT_IDP_ACCOUNT_MAPPER_CLASS = 1145 "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper"; 1146 1147 // Default SP account mapper class name 1148 public String DEFAULT_SP_ACCOUNT_MAPPER_CLASS = 1149 "com.sun.identity.saml2.plugins.DefaultSPAccountMapper"; 1150 1151 // Default IDP attribute mapper class name 1152 public String DEFAULT_IDP_ATTRIBUTE_MAPPER_CLASS = 1153 "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper"; 1154 1155 // Default Attribute Authority mapper class name 1156 public static final String DEFAULT_ATTRIBUTE_AUTHORITY_MAPPER_CLASS = 1157 "com.sun.identity.saml2.plugins.DefaultAttributeAuthorityMapper"; 1158 1159 // Default Assertion ID request mapper class name 1160 public static final String DEFAULT_ASSERTION_ID_REQUEST_MAPPER_CLASS = 1161 "com.sun.identity.saml2.plugins.DefaultAssertionIDRequestMapper"; 1162 1163 // Default IDP ECP Session mapper class name 1164 public static final String DEFAULT_IDP_ECP_SESSION_MAPPER_CLASS = 1165 "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper"; 1166 1167 // IDP authn context class reference mapping attribute name 1168 public String IDP_AUTHNCONTEXT_CLASSREF_MAPPING = 1169 "idpAuthncontextClassrefMapping"; 1170 1171 // AuthnContext Class Reference names 1172 public String CLASSREF_PASSWORD_PROTECTED_TRANSPORT = 1173 "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"; 1174 1175 // COT List 1176 public String COT_LIST = COTConstants.COT_LIST; 1177 1178 // http parameter to default.jsp 1179 public String MESSAGE = "message"; 1180 1181 // Cache Cleanup interval attribute name in AMConfig.properties. 1182 // value in seconds 1183 public String CACHE_CLEANUP_INTERVAL = 1184 "com.sun.identity.saml2.cacheCleanUpInterval"; 1185 1186 // default Cache cleanup interval in seconds 1187 public int CACHE_CLEANUP_INTERVAL_DEFAULT = 3600; 1188 1189 // IDP SLO parameter name for logout all sessions 1190 public String LOGOUT_ALL = "logoutAll"; 1191 1192 // IDP response info ID 1193 public String RES_INFO_ID = "resInfoID"; 1194 1195 // Default query parameter to use for RelayState if 1196 // RelayState is no specified and if RelayState cannot 1197 // be obtained from query parameters list specified in 1198 // RelayStateAlias 1199 1200 public String GOTO = "goto"; 1201 1202 // Delimiter for values of multi-valued property set in SSO token 1203 public char DELIMITER = '|'; 1204 1205 // Escape string for the <code>DELIMITER</code> contained in the values 1206 // of multi-valued property set in SSO token 1207 public String ESCAPE_DELIMITER = "|"; 1208 1209 /** 1210 * Namespace declaration for XML Encryption 1211 */ 1212 public String NS_XMLENC = "http://www.w3.org/2001/04/xmlenc#"; 1213 1214 /** 1215 * Namespace declaration for XML Digital Signature 1216 */ 1217 public String NS_XMLSIG = "http://www.w3.org/2000/09/xmldsig#"; 1218 1219 /** 1220 * Want XACML Authorization Decision Query Signed. 1221 */ 1222 String WANT_XACML_AUTHZ_DECISION_QUERY_SIGNED = 1223 "wantXACMLAuthzDecisionQuerySigned"; 1224 1225 /** 1226 * Want Authorization Decision Response Signed. 1227 */ 1228 String WANT_XACML_AUTHZ_DECISION_RESPONSED_SIGNED = 1229 "wantXACMLAuthzDecisionResponseSigned"; 1230 1231 /** 1232 * Generate Discovery Bootstrapping 1233 */ 1234 public String DISCO_BOOTSTRAPPING_ENABLED = 1235 "discoveryBootstrappingEnabled"; 1236 1237 /** 1238 * Constant for Response Artifact message encoding property 1239 */ 1240 public String RESPONSE_ARTIFACT_MESSAGE_ENCODING = 1241 "responseArtifactMessageEncoding"; 1242 1243 /** 1244 * URI encoding 1245 */ 1246 public String URI_ENCODING = "URI"; 1247 1248 /** 1249 * FORM encoding 1250 */ 1251 public String FORM_ENCODING = "FORM"; 1252 1253 /** 1254 * Cache Assertion 1255 */ 1256 public String ASSERTION_CACHE_ENABLED = 1257 "assertionCacheEnabled"; 1258 1259 /** 1260 * Attribute name format for ID-WSF 1.1 Discovery bootstrap 1261 */ 1262 public String DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME_FORMAT = 1263 "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"; 1264 1265 /** 1266 * Attribute name for ID-WSF 1.1 Discovery bootstrap 1267 */ 1268 public String DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME = 1269 "urn:liberty:disco:2003-08:DiscoveryResourceOffering"; 1270 1271 /** 1272 * Constant for Discovery bootstrap credentials SSO token 1273 * property 1274 */ 1275 public String DISCOVERY_BOOTSTRAP_CREDENTIALS = 1276 "DiscoveryBootstrapCrendentials"; 1277 1278 /** 1279 * XML Schema Instance namespace URI 1280 */ 1281 public String NS_XSI = 1282 "http://www.w3.org/2001/XMLSchema-instance"; 1283 1284 /** 1285 * String used to declare XML Schema Instance namespace. 1286 */ 1287 public String XSI_DECLARE_STR = 1288 "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\""; 1289 1290 /** 1291 * List of SAE appliation name to encrypted secret mapping. 1292 */ 1293 public String SAE_APP_SECRET_LIST = "saeAppSecretList"; 1294 1295 /** 1296 * List of valid Relay State Urls 1297 */ 1298 public String RELAY_STATE_URL_LIST = "relayStateUrlList"; 1299 1300 /** 1301 * IDP SAE endpoint url. 1302 */ 1303 public String SAE_IDP_URL = "saeIDPUrl"; 1304 1305 /** 1306 * SP SAE endpoint url. 1307 */ 1308 public String SAE_SP_URL = "saeSPUrl"; 1309 1310 /** 1311 * SP SAE logout url. 1312 */ 1313 public String SAE_SP_LOGOUT_URL = "saeSPLogoutUrl"; 1314 1315 /** 1316 * SAE : Extended meta param : SPApp url 1317 */ 1318 public String SAE_XMETA_URL = "url"; 1319 1320 /** 1321 * SAE : Extended meta param : shared secret for symmetric crypto 1322 */ 1323 public String SAE_XMETA_SECRET = "secret"; 1324 1325 /** 1326 * SAE : Derived from SAML2 meta 1327 */ 1328 public String SAE_XMETA_PKEY_ALIAS = "privatekeyalias"; 1329 1330 /** 1331 * HTTP parameters that will be passed to SAE auth modules. 1332 */ 1333 public String SAE_REALM = "realm"; 1334 public String SAE_IDP_ENTITYID = "idpEntityID"; 1335 public String SAE_IDPAPP_URL = "idpAppUrl"; 1336 1337 /** 1338 * Enable IDP Proxy 1339 */ 1340 public String ENABLE_IDP_PROXY = "enableIDPProxy"; 1341 1342 /** 1343 * Always proxy the Authn Request 1344 */ 1345 public String ALWAYS_IDP_PROXY = "alwaysIdpProxy"; 1346 1347 /** 1348 *IDP Proxy Name List 1349 */ 1350 public String IDP_PROXY_LIST = "idpProxyList"; 1351 1352 /** 1353 * IDP Proxy Count 1354 */ 1355 public String IDP_PROXY_COUNT = "idpProxyCount"; 1356 1357 /** 1358 * Use Introduction for IDP Proxy 1359 */ 1360 public String USE_INTRODUCTION_FOR_IDP_PROXY = 1361 "useIntroductionForIDPProxy"; 1362 1363 /** 1364 * Idp finder URL 1365 */ 1366 public String IDP_FINDER_URL ="/idpfinder"; 1367 1368 /** 1369 * IDP Proxy finder name 1370 */ 1371 public String IDP_PROXY_FINDER_NAME = 1372 "com.sun.identity.saml2.idpproxy"; 1373 1374 /** 1375 * Default class name of IDP Proxy finder 1376 */ 1377 public String DEFAULT_IDP_PROXY_FINDER = 1378 "com.sun.identity.saml2.plugins.SAML2IDPProxyImpl"; 1379 1380 /** 1381 * IDP Proxy finder attribute name in the IDP Extended metadata 1382 */ 1383 public String IDP_PROXY_FINDER_ATTR_NAME = "idpProxyFinder"; 1384 1385 /** 1386 * IDP Proxy finder implmentation classe attribute name 1387 * in the IDP Extended metadata 1388 */ 1389 public static final String PROXY_IDP_FINDER_CLASS = "proxyIDPFinderClass"; 1390 1391 /** 1392 * Flag to indicate if the IdP must enable the IdP Finder 1393 * This is the name of the attribute flag in the IDP Extended metadata 1394 */ 1395 public static final String ENABLE_PROXY_IDP_FINDER_FOR_ALL_SPS = 1396 "enableProxyIDPFinderForAllSPs"; 1397 1398 /** 1399 * Attribute Name in the extended metadata that takes the value of 1400 * the JSP that will present the list of IdPs to the user 1401 */ 1402 public static final String PROXY_IDP_FINDER_JSP = 1403 "proxyIDPFinderJSP"; 1404 1405 /** 1406 * Default IDP Proxy Finder JSP 1407 */ 1408 public static final String DEFAULT_PROXY_IDP_FINDER = "proxyidpfinder.jsp"; 1409 1410 /** 1411 * IDP Adapter class attribute name 1412 */ 1413 public static final String IDP_ADAPTER_CLASS = "idpAdapter"; 1414 1415 /** 1416 * Default IDP Adapter class 1417 */ 1418 public static final String DEFAULT_IDP_ADAPTER = "com.sun.identity.saml2.plugins.DefaultIDPAdapter"; 1419 1420 /** 1421 * Key used to save IDP Session in a map 1422 */ 1423 public String IDP_SESSION = "IDPSESSION"; 1424 1425 /** 1426 * Key used to save session partners in a map 1427 */ 1428 public String PARTNERS = "PARTNERS"; 1429 1430 /** 1431 * String used to declare ECP namespace prefix. 1432 */ 1433 public static final String ECP_PREFIX = "ecp:"; 1434 1435 /** 1436 * ECP namespace URI. 1437 */ 1438 public static final String ECP_NAMESPACE = 1439 "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"; 1440 1441 /** 1442 * String used to declare ECP namespace. 1443 */ 1444 public static final String ECP_DECLARE_STR = 1445 "xmlns:ecp=\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\""; 1446 1447 /** 1448 * Constant for ECP end tag 1449 */ 1450 public static final String ECP_END_TAG="</ecp:"; 1451 1452 /** 1453 * ECP service name in PAOS header 1454 */ 1455 public static final String PAOS_ECP_SERVICE = 1456 "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"; 1457 1458 /** 1459 * String used to declare SOAP envelope namespace prefix. 1460 */ 1461 public static final String SOAP_ENV_PREFIX = "soap-env:"; 1462 1463 /** 1464 * SOAP envelope namespace URI. 1465 */ 1466 public static final String SOAP_ENV_NAMESPACE = 1467 "http://schemas.xmlsoap.org/soap/envelope/"; 1468 1469 /** 1470 * String used to declare SOAP envelope namespace. 1471 */ 1472 public static final String SOAP_ENV_DECLARE_STR = 1473 "xmlns:soap-env=\"http://schemas.xmlsoap.org/soap/envelope/\""; 1474 1475 /** 1476 * SOAP actor. 1477 */ 1478 public static final String SOAP_ACTOR_NEXT = 1479 "http://schemas.xmlsoap.org/soap/actor/next"; 1480 1481 /** 1482 * Check Certificate status 1483 */ 1484 public static final String CHECK_SAML2_CERTIFICATE_STATUS = 1485 "com.sun.identity.saml2.crl.check"; 1486 1487 /** 1488 * Check CA Certificate status 1489 */ 1490 public static final String CHECK_SAML2_CA_STATUS = 1491 "com.sun.identity.saml2.crl.check.ca"; 1492 1493 /** 1494 * Wild card to indicate mapping any attribute name as it is in 1495 * the Assertion 1496 */ 1497 public String ATTR_WILD_CARD = "*"; 1498 1499 /** 1500 * Key name for Response object 1501 */ 1502 public String RESPONSE = "Response"; 1503 1504 /** 1505 * Key name for Assertion object 1506 */ 1507 public String ASSERTION = "Assertion"; 1508 1509 /** 1510 * One Time Use. 1511 */ 1512 public String ONETIME="ONE"; 1513 /** 1514 * Is Bearer assertion 1515 */ 1516 public String IS_BEARER="isBearer"; 1517 1518 /** 1519 * String to represent the logout url for external application. 1520 * SAML2 component will send request to the external logout URL 1521 * using back channel HTTP POST mechanism. 1522 * This is used when the single logout is initiated from remote party 1523 * (SP or IDP). 1524 */ 1525 public String APP_LOGOUT_URL = "appLogoutUrl"; 1526 1527 /** 1528 * URL parameter name in external application logout URL for requesting 1529 * user session property. Value is a session property name whose 1530 * value will be posted to application as http header and content for its 1531 * logout use. 1532 */ 1533 public String APP_SESSION_PROPERTY = "appsessionproperty"; 1534 1535 /** 1536 * IDP Session Synchronize Enabled 1537 */ 1538 public String IDP_SESSION_SYNC_ENABLED = 1539 "idpSessionSyncEnabled"; 1540 1541 /** 1542 * SP Session Synchronize Enabled 1543 */ 1544 public String SP_SESSION_SYNC_ENABLED = 1545 "spSessionSyncEnabled"; 1546 1547 /** 1548 * Map key used in fedlet case to specify federation info key. 1549 */ 1550 public String INFO_KEY = "infoKey"; 1551 1552 /** 1553 * Single Sign-On service. 1554 */ 1555 public String SSO_SERVICE = "sso"; 1556 1557 /** 1558 * NameIDMapping service. 1559 */ 1560 public String NAMEID_MAPPING_SERVICE = "nip"; 1561 1562 /** 1563 * AssertionIDRequest service. 1564 */ 1565 public String ASSERTION_ID_REQUEST_SERVICE = "air"; 1566 1567 /** 1568 * ArtifactResolution service. 1569 */ 1570 public String ARTIFACT_RESOLUTION_SERVICE = "ars"; 1571 1572 /** 1573 * SingleLogout service. 1574 */ 1575 public String SLO_SERVICE = "slo"; 1576 1577 /** 1578 * ManageNameID service. 1579 */ 1580 public String MNI_SERVICE = "mni"; 1581 1582 /** 1583 * AssertionConsumer service. 1584 */ 1585 public String ACS_SERVICE = "acs"; 1586 1587 /** 1588 * Map key used in SLO request redirect code 1589 */ 1590 public static final String AM_REDIRECT_URL = "AM_REDIRECT_URL"; 1591 1592 /** 1593 * Map key used in SLO request redirect code 1594 */ 1595 public static final String OUTPUT_DATA = "OUTPUT_DATA"; 1596 1597 public static final String RESPONSE_CODE = "RESPONSE_CODE"; 1598 1599 /** 1600 * Flag to Indicate that we do not want to write the Federation info 1601 * in the SP local User Data Store. This flag is set in the local SP 1602 * extended metadata configuration 1603 */ 1604 public static final String SP_DO_NOT_WRITE_FEDERATION_INFO = 1605 "spDoNotWriteFederationInfo"; 1606}