001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: SAMLConstants.java,v 1.17 2009/06/12 22:21:39 mallas Exp $ 026 * 027 */ 028 029/* 030 * Portions Copyrighted 2010-2011 ForgeRock AS 031 */ 032package com.sun.identity.saml.common; 033 034import java.util.HashSet; 035import java.util.Set; 036 037/** 038 * This is a common class defining some constants common to all SAML elements. 039 * 040 * @supported.api 041 */ 042public final class SAMLConstants 043{ 044 public static Set passwordAuthMethods = null; 045 public static Set tokenAuthMethods = null; 046 static { 047 passwordAuthMethods = new HashSet(); 048 passwordAuthMethods.add("nt"); 049 passwordAuthMethods.add("ldap"); 050 passwordAuthMethods.add("membership"); 051 passwordAuthMethods.add("anonymous"); 052 tokenAuthMethods = new HashSet(); 053 tokenAuthMethods.add("radius"); 054 } 055 056 /** 057 * String to identify a quote. 058 */ 059 public static final String QUOTE = "\""; 060 061 /** 062 * String to identify a new line charactor. 063 */ 064 public static final String NL = "\n"; 065 066 /** 067 * String to identify a left angle. 068 */ 069 public static final String LEFT_ANGLE = "<"; 070 071 /** 072 * String to identify a right angle. 073 */ 074 public static final String RIGHT_ANGLE = ">"; 075 076 /** 077 * String to identify "/>". 078 */ 079 public static final String END_ELEMENT = "/>"; 080 081 /** 082 * String to identify "</". 083 */ 084 public static final String START_END_ELEMENT = "</"; 085 086 /** 087 * String to identify a space charactor. 088 */ 089 public static final String SPACE = " "; 090 091 /** 092 * SAML assertion namespace URI. 093 * 094 * @supported.api 095 */ 096 public static final String assertionSAMLNameSpaceURI = 097 "urn:oasis:names:tc:SAML:1.0:assertion"; 098 /** 099 * SOAP 1.1 namespace URI. 100 * 101 * @supported.api 102 */ 103 public static final String SOAP_URI = 104 "http://schemas.xmlsoap.org/soap/envelope/"; 105 106 /** 107 * SOAP 1.2 namespace URI. 108 * 109 * @supported.api 110 */ 111 public static final String SOAP12_URI = 112 "http://www.w3.org/2003/05/soap-envelope"; 113 /** 114 * SOAP envelope prefix. 115 */ 116 public static final String SOAP_ENV_PREFIX = "soap-env"; 117 118 /** 119 * SAML request-response protocol namespace URI. 120 * 121 * @supported.api 122 */ 123 public static final String PROTOCOL_NAMESPACE_URI = 124 "urn:oasis:names:tc:SAML:1.0:protocol"; 125 126 /** 127 * XML Digital Signature namespace. 128 * 129 * @supported.api 130 */ 131 public static final String XMLSIG_NAMESPACE_URI = 132 "http://www.w3.org/2000/09/xmldsig#"; 133 134 /** 135 * Element name for xml signature. 136 */ 137 public static final String XMLSIG_ELEMENT_NAME = "Signature"; 138 139 /** 140 * Pointer to Signature name space. 141 */ 142 public static final String DSSAMLNameSpace = 143 "xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\""; 144 145 /** 146 * String which gets incorporated into 147 * <code>toString(includeNS, declareNS)</code> when 148 * <code>declareNS</code> is true for any assertion element. 149 */ 150 public static final String assertionDeclareStr = 151 " xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\""; 152 153 /** 154 * String used in the <code>toString(includeNS, declareNS)</code> method. 155 */ 156 public static final String PROTOCOL_NAMESPACE_STRING = 157 " xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\""; 158 159 /** 160 * <code>NameQualifier</code> in <code>NameIdetifier</code> for 161 * <code>X509SubjectName</code>. 162 */ 163 public static final String X509SUBJECTNAME = 164 assertionSAMLNameSpaceURI+"#X509SubjectName"; 165 166 /** 167 * String used in the <code>ActionNamespace</code> attribute to refer to 168 * common sets of actions to perform on resources. 169 * 170 * Title: Read/Write/Execute/Delete/Control 171 * Defined actions: <code>Read Write Execute Delete Control</code> 172 * These actions are interpreted in the normal manner, i.e. 173 * <ul> 174 * <li><code>Read</code>: The subject may read the resource </li> 175 * <li><code>Write</code>: The subject may modify the resource </li> 176 * <li><code>Execute</code>: The subject may execute the resource </li> 177 * <li><code>Delete</code>: The subject may delete the resource </li> 178 * <li><code>Control</code>: The subject may specify the access control 179 * policy for the resource.</li> 180 * </ul> 181 * 182 * @supported.api 183 */ 184 public static final String ACTION_NAMESPACE = 185 "urn:oasis:names:tc:SAML:1.0:action:rwedc"; 186 187 /** 188 * String used in the <code>ActionNamespace</code> attribute to refer to 189 * common sets of actions to perform on resources. 190 * 191 * Title: Read/Write/Execute/Delete/Control with Negation 192 * Defined actions: 193 * <code>Read Write Execute Delete Control ~Read ~Write ~Execute ~Delete 194 * ~Control</code> 195 * <ul> 196 * <li><code>Read</code>: The subject may read the resource </li> 197 * <li><code>Write</code>: The subject may modify the resource </li> 198 * <li><code>Execute</code>: The subject may execute the resource </li> 199 * <li><code>Delete</code>: The subject may delete the resource </li> 200 * <li><code>Control</code>: The subject may specify the access control 201 * policy for the resource </li> 202 * <li><code>~Read</code>: The subject may NOT read the resource </li> 203 * <li><code>~Write</code>: The subject may NOT modify the resource </li> 204 * <li><code>~Execute</code>: The subject may NOT execute the resource </li> 205 * <li><code>~Delete</code>: The subject may NOT delete the resource </li> 206 * <li><code>~Control</code>: The subject may NOT specify the access 207 * control policy for the resource </li> 208 * </ul> 209 * An application MUST NOT authorize both an action and its negated form. 210 * 211 * @supported.api 212 */ 213 public static final String ACTION_NAMESPACE_NEGATION = 214 "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation"; 215 216 /** 217 * String used in the <code>ActionNamespace</code> attribute to refer to 218 * common sets of actions to perform on resources. 219 * 220 * Title: <code>Get/Head/Put/Post</code> 221 * Defined actions: 222 * <code>GET HEAD PUT POST</code> 223 * These actions bind to the corresponding HTTP operations. For example a 224 * subject authorized to perform the GET action on a resource is authorized 225 * to retrieve it. The GET and HEAD actions loosely correspond to the 226 * conventional read permission and the PUT and POST actions to the write 227 * permission. The correspondence is not exact however since a HTTP GET 228 * operation may cause data to be modified and a POST operation may cause 229 * modification to a resource other than the one specified in the request. 230 * For this reason a separate Action URI specifier is provided. 231 * 232 * @supported.api 233 */ 234 public static final String ACTION_NAMESPACE_GHPP = 235 "urn:oasis:names:tc:SAML:1.0:ghpp"; 236 237 /** 238 * String used in the <code>ActionNamespace<code> attribute to refer to 239 * common sets of actions to perform on resources. 240 * 241 * Title: UNIX File Permissions 242 * Defined actions: 243 * The defined actions are the set of UNIX file access permissions 244 * expressed in the numeric (octal) notation. The action string is a four 245 * digit numeric code: extended user group world 246 * Where the extended access permission has the value 247 * <ul> 248 * <li><code>+2 if sgid is set</code> 249 * <li><code>+4 if suid is set</code> 250 * The user group and world access permissions have the value 251 * <li><code>+1 if execute permission is granted</code> 252 * <li><code>+2 if write permission is granted</code> 253 * <li><code>+4 if read permission is granted</code> 254 * For example 0754 denotes the UNIX file access permission: user read, 255 * write and execute, group read and execute and world read. 256 * 257 * @supported.api 258 */ 259 public static final String ACTION_NAMESPACE_UNIX = 260 "urn:oasis:names:tc:SAML:1.0:action:unix"; 261 262 /** 263 * saml namespace prefix with ":". 264 */ 265 public static final String ASSERTION_PREFIX = "saml:"; 266 267 /** 268 * samlp namespace prefix with ":". 269 */ 270 public static final String PROTOCOL_PREFIX = "samlp:"; 271 272 /** 273 * Assertion version 1.0. 274 */ 275 public static final String ASSERTION_VERSION_1_0 = "1.0"; 276 277 /** 278 * Assertion version 1.1. 279 */ 280 public static final String ASSERTION_VERSION_1_1 = "1.1"; 281 282 /** 283 * Major version of assertion. 284 */ 285 public static final int ASSERTION_MAJOR_VERSION = 1; 286 /** 287 * Default Assertion minor version. 288 */ 289 public static int ASSERTION_MINOR_VERSION = 1; 290 291 /** 292 * Assertion minor version 0. 293 */ 294 public static final int ASSERTION_MINOR_VERSION_ZERO = 0; 295 296 /** 297 * Assertion minor version 1. 298 */ 299 public static final int ASSERTION_MINOR_VERSION_ONE = 1; 300 301 /** 302 * Protocol version 1.0. 303 */ 304 public static final String PROTOCOL_VERSION_1_0 = "1.0"; 305 306 /** 307 * Protocol version 1.1. 308 */ 309 public static final String PROTOCOL_VERSION_1_1 = "1.1"; 310 311 /** 312 * Protocol major version 1. 313 */ 314 public static final int PROTOCOL_MAJOR_VERSION = 1; 315 316 /** 317 * Default protocol minor version 1. 318 */ 319 public static int PROTOCOL_MINOR_VERSION = 1; 320 321 /** 322 * Protocol minor version 0. 323 */ 324 public static final int PROTOCOL_MINOR_VERSION_ZERO = 0; 325 326 /** 327 * Protocol minor version 1. 328 */ 329 public static final int PROTOCOL_MINOR_VERSION_ONE = 1; 330 331 /** 332 * Assertion handle, request id, and response id have this length. 333 * If server id cannot be found, assertion id has this length also. 334 * request id, response id, and assertion id will be base64 encoded for 335 * printing. 336 */ 337 public static final int ID_LENGTH = 20; 338 339 /** 340 * Length for server id. Used in load balancing. 341 */ 342 public static final int SERVER_ID_LENGTH = 2; 343 344 /** 345 * Default encoding used in the xml string conversion. 346 */ 347 public static final String DEFAULT_ENCODING = "UTF-8"; 348 349 /** 350 * SAML artifact confirmation method identifier URI. 351 * 352 * @supported.api 353 */ 354 public static String CONFIRMATION_METHOD_ARTIFACT = 355 "urn:oasis:names:tc:SAML:1.0:cm:artifact"; 356 357 /** 358 * Deprecated SAML Artifact confirmation method identifier URI. 359 * 360 * @supported.api 361 */ 362 public static final String DEPRECATED_CONFIRMATION_METHOD_ARTIFACT = 363 "urn:oasis:names:tc:SAML:1.0:cm:artifact-01"; 364 365 /** 366 * OpenSSO confirmation method identifier URI. 367 * 368 * @supported.api 369 */ 370 public static final String CONFIRMATION_METHOD_IS = 371 "urn:com:sun:identity"; 372 373 /** 374 * SAML Bearer confirmation method identifier URI. 375 * 376 * @supported.api 377 */ 378 public static final String CONFIRMATION_METHOD_BEARER = 379 "urn:oasis:names:tc:SAML:1.0:cm:bearer"; 380 381 /** 382 * SAML "Holder of Key" confirmation method identifier URI. 383 * 384 * @supported.api 385 */ 386 public static final String CONFIRMATION_METHOD_HOLDEROFKEY = 387 "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key"; 388 389 /** 390 * SAML "Sender Vouches" confirmation method identifier URI. 391 * 392 * @supported.api 393 */ 394 public static final String CONFIRMATION_METHOD_SENDERVOUCHES = 395 "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches"; 396 397 // used by SAML service schema related operations 398 399 /** 400 * SAML service name. 401 */ 402 public static final String SAML_SERVICE_NAME = "SAML1"; 403 404 /** 405 * 1.0 version of SAML service. 406 */ 407 public static final String SAML_SERVICE_VERSION = "1.0"; 408 409 /** 410 * SAML service attribute that specifies time skew for not before attribute 411 * in assertion. 412 */ 413 public static final String NOTBEFORE_TIMESKEW_NAME = 414 "iplanet-am-saml-notbefore-timeskew"; 415 416 /** 417 * SAML service attribute that specifies artifact timeout period. 418 */ 419 public static final String ARTIFACT_TIMEOUT_NAME = 420 "iplanet-am-saml-artifact-timeout"; 421 422 /** 423 * SAML service attribute that specifies assertion timeout period. 424 */ 425 public static final String ASSERTION_TIMEOUT_NAME = 426 "iplanet-am-saml-assertion-timeout"; 427 428 /** 429 * SAML service attribute that specifies whether needs to remove 430 * assertion after it's being dereferenced or not. 431 */ 432 public static final String REMOVE_ASSERTION_NAME = 433 "com.sun.identity.saml.removeassertion"; 434 435 /** 436 * Default not before time skew. It's in seconds. 437 */ 438 public static final int NOTBEFORE_TIMESKEW_DEFAULT = 300; 439 440 /** 441 * Default artifact timeout period. It's in seconds. 442 */ 443 public static final int ARTIFACT_TIMEOUT_DEFAULT = 120; 444 445 /** 446 * Default assertion timeout period. It's in seconds. 447 */ 448 public static final int ASSERTION_TIMEOUT_DEFAULT = 60; 449 450 /** 451 * SAML service attribute that specifies list of saml site IDs. 452 */ 453 public static final String SITE_ID_LIST = "iplanet-am-saml-siteid-list"; 454 455 /** 456 * SAML service attribute that specifies list of instances. 457 */ 458 public static final String INSTANCE_LIST = "iplanet-am-saml-instance-list"; 459 460 /** 461 * This site's ID. 462 */ 463 public static final String SITE_ID = "mysiteid"; 464 465 /** 466 * SAML service attribute that specifies list of issuer names. 467 */ 468 public static final String ISSUER_NAME_LIST = 469 "iplanet-am-saml-issuername-list"; 470 471 /** 472 * This site's issuer name. 473 */ 474 public static final String ISSUER_NAME = "mysitename"; 475 476 /** 477 * SAML service attribute name for list of site ID and issuer names. 478 */ 479 public static final String SITE_ID_ISSUER_NAME_LIST = 480 "iplanet-am-saml-siteid-issuername-list"; 481 482 /** 483 * Constant for instance id. 484 */ 485 public static final String INSTANCEID = "INSTANCEID"; 486 487 /** 488 * Constant for site id. 489 */ 490 public static final String SITEID = "SITEID"; 491 492 /** 493 * Constant for issuer name. 494 */ 495 public static final String ISSUERNAME = "ISSUERNAME"; 496 497 /** 498 * SAML service attribute that specifies site's certificate alias. 499 */ 500 public static final String SITE_CERT_ALIAS = 501 "iplanet-am-saml-sitecertalias"; 502 503 /** 504 * SAML service attribute that specifies whether to sign a request or not. 505 */ 506 public static final String SIGN_REQUEST = 507 "iplanet-am-saml-signrequest"; 508 509 /** 510 * Default is to not sign request. 511 */ 512 public static final String SIGN_REQUEST_DEFAULT = "false"; 513 514 /** 515 * SAML service attribute that specifies whether to sign a response or not. 516 */ 517 public static final String SIGN_RESPONSE = 518 "iplanet-am-saml-signresponse"; 519 520 /** 521 * Default is to not sign response. 522 */ 523 public static final String SIGN_RESPONSE_DEFAULT = "false"; 524 525 /** 526 * SAML service attribute that specifies whether to sign an assertion 527 * or not. 528 */ 529 public static final String SIGN_ASSERTION = 530 "iplanet-am-saml-signassertion"; 531 532 /** 533 * Default is to not sign the assertion. 534 */ 535 public static final String SIGN_ASSERTION_DEFAULT = "false"; 536 537 /** 538 * SAML service attribute that specifies the name for artifact. 539 */ 540 public static final String ARTIFACT_NAME = "iplanet-am-saml-artifact-name"; 541 542 /** 543 * SAML service attribute that specifies the name id format attribute map. 544 */ 545 public static final String NAME_ID_FORMAT_MAP = 546 "iplanet-am-saml-name-id-format-attr-map"; 547 548 /** 549 * SAML service attribute that specifies the attribute map. 550 */ 551 public static final String ATTRIBUTE_MAP = 552 "iplanet-am-saml-attr-map"; 553 554 /** 555 * Default SAML artifact name. 556 * 557 * @supported.api 558 */ 559 public static final String ARTIFACT_NAME_DEFAULT = "SAMLart" ; 560 561 /** 562 * SAML service attribute that specifies target parameter. 563 */ 564 public static final String TARGET_SPECIFIER = 565 "iplanet-am-saml-target-specifier" ; 566 567 /** 568 * Default parameter for target. 569 */ 570 public static final String TARGET_SPECIFIER_DEFAULT = "TARGET" ; 571 572 /** 573 * SAML service attribute that specifies list of trusted partners. 574 * A sample trusted server list entry is like 575 * target=.iplanet.com:8080| 576 * SAMLUrl=http://dsame.red.iplanet.com:8080/amserver/SAMLAwareServlet| 577 * POSTUrl=http://dsame.red.iplanet.com:8080/amserver/SAMLPOSTProfileServlet 578 */ 579 public static final String TRUSTED_SERVER_LIST = 580 "iplanet-am-saml-trusted-server-list"; 581 582 /** 583 * SAML service attribute that specifies partner urls. 584 * A sample Parter URL list entry is like: 585 * SourceID=encoded 20 bytes| 586 * SOAPUrl=http://dsame2.red.iplanet.com:8080/amserver/SAMLSOAPReceiver 587 */ 588 public static final String PARTNER_URLS = "iplanet-am-saml-partner-urls"; 589 590 /** 591 * Constants for target. 592 */ 593 public static final String TARGET = "TARGET"; 594 595 /** 596 * Constants for url which handles saml web browser artifact profile. 597 */ 598 public static final String SAMLURL = "SAMLURL"; 599 600 /** 601 * Constants for url which handles saml web browser post profile. 602 */ 603 public static final String POSTURL = "POSTURL"; 604 605 606 /** 607 * A SAML service attribute parameter. The 20-byte sequence defined as in 608 * the SiteID and Issuer name. 609 * 610 * @supported.api 611 */ 612 public static final String SOURCEID = "SOURCEID"; 613 614 /** 615 * A SAML service attribute parameter that defines partner's name. 616 * 617 * iPlanet-PUBLIC-STATIC 618 */ 619 public static final String PARTNERNAME = "PARTNERNAME"; 620 621 /** 622 * A SAML service attribute parameter that defines the URL that provides 623 * the SAML service. The servlet specified in the URL implements the 624 * Web-browser SSO with Artifact profile defined in the OASIS-SAML 625 * Bindings and Profiles specification. 626 * 627 * @supported.api 628 */ 629 public static final String SOAPUrl = "SOAPURL"; 630 631 /** 632 * A SAML service attribute parameter that defines the authentication type 633 * used in SAML. It should be one of the following: 634 * NOAUTH 635 * BASICAUTH 636 * SSL 637 * SSLWITHBASICAUTH 638 * This parameter is optional, and if not specified, the default is NOAUTH. 639 * If BASICAUTH or SSLWITHBASICAUTH is specified, the User parameter is 640 * require and the SOAPUrl should be HTTPS. 641 * 642 * @supported.api 643 */ 644 public static final String AUTHTYPE = "AUTHTYPE"; 645 646 /** 647 * A SAML service attribute parameter that defines the uid of the partner 648 * which is used to protect the partner's SOAP Receiver 649 * 650 * @supported.api 651 */ 652 public static final String UID = "USER"; 653 654 /** 655 * A SAML service attribute parameter that defines the user id of the 656 * partner which is used for Basic Authentication. 657 * 658 * @supported.api 659 */ 660 public static final String AUTH_UID = "AUTHUSER"; 661 662 /** 663 * A SAML service attribute parameter that defines the password of the 664 * partner which is used for Basic Authentication. 665 * 666 * @supported.api 667 */ 668 public static final String AUTH_PASSWORD = "AUTHPASSWORD"; 669 670 /** 671 * A SAML service attribute parameter that specifies a pluggable class 672 * which defines how the subject of an Assertion is related to an identity 673 * at the destination site. By default, it is: 674 * com.sun.identity.saml.plugins.DefaultAccountMapper 675 * 676 * @supported.api 677 */ 678 public static final String ACCOUNTMAPPER = "ACCOUNTMAPPER"; 679 680 /** 681 * A SAML service attribute parameter that specifies a pluggable class 682 * which defines how the subject of an Assertion is related to an identity 683 * at the destination site and a target URL. By default, it is: 684 * com.sun.identity.saml.plugins.DefaultPartnerAccountMapper 685 * 686 * @supported.api 687 */ 688 public static final String PARTNERACCOUNTMAPPER = "PARTNERACCOUNTMAPPER"; 689 690 /** 691 * A SAML service attribute parameter that specifies the class with the 692 * path where the siteAttributeMapper is located. Applications can develop 693 * a siteAttributeMapper to obtain attributes to be included in the 694 * assertion during SSO. If no siteAttributeMapper is found, then no 695 * attributes will be included in the assertion during SSO. 696 * 697 * @supported.api 698 */ 699 public static final String SITEATTRIBUTEMAPPER = "siteattributemapper"; 700 public static final String SITEATTRIBUTEMAPPERDEFAULT = 701 "com.sun.identity.saml.plugins.DefaultSiteAttributeMapper"; 702 703 /** 704 * A SAML service attribute parameter that specifies the class with the 705 * path where the partnerSiteAttributeMapper is located. Applications can 706 * develop a partnerSiteAttributeMapper to obtain attributes to be included 707 * in the assertion during SSO based on target URL. If no 708 * partnerSiteAttributeMapper is found, then no attributes will be included 709 * in the assertion during SSO. 710 * 711 * @supported.api 712 */ 713 public static final String PARTNERSITEATTRIBUTEMAPPER = 714 "partnersiteattributemapper"; 715 716 717 /** 718 * A SAML service attribute parameter that specifies the class with the 719 * path where the nameIdentifierMapper is located. Applications can develop 720 * a nameIdentifierMapper to obtain a name identifier to be included in the 721 * assertion during SSO. If no nameIdentifierMapper is found, then a 722 * default implementation will be used. 723 * 724 * @supported.api 725 */ 726 public static final String NAMEIDENTIFIERMAPPER = "nameidentifiermapper"; 727 728 /** 729 * A SAML service attribute parameter that lists the IP addresses and/or 730 * the certAlias for all of the hosts, within the specified partner site, 731 * that can send requests to this site. This ensures that the requester is 732 * indeed the intended receiver for the SAML artifact. 733 * 734 * @supported.api 735 */ 736 public static final String HOST_LIST = "hostlist"; 737 738 /** 739 * A POST attribute name that specifies an assertion. 740 * 741 * @supported.api 742 */ 743 public static final String POST_ASSERTION_NAME = "ASSERTION"; 744 745 /** 746 * A POST attribute name that specifies attribute names of an assertion. 747 * 748 * @supported.api 749 */ 750 public static final String POST_ATTR_NAMES = "ATTRIBUTENAMES"; 751 752 /** 753 * A SAML service attribute parameter that specifies a certAlias name used 754 * for verifying the signature in an assertion, when the assertion is 755 * signed by a partner and the certificate of the partner can not be found 756 * in the KeyInfo portion of the signed assertion. 757 * 758 * @supported.api 759 */ 760 public static final String CERTALIAS = "CERTALIAS"; 761 762 /** 763 * A SAML service attribute parameter that defines the creator of an 764 * assertion generated within OpenSSO. The syntax is 765 * hostname:port. 766 * 767 * @supported.api 768 */ 769 public static final String ISSUER = "ISSUER"; 770 771 /** 772 * A SAML service attribute parameter that specifies the class with the 773 * path to where the attributeMapper is located. Applications can develop 774 * an attributeMapper to obtain either an Session ID or an assertion 775 * containing AuthenticationStatement from the query. The mapper is then 776 * used to retrieve the attributes for the subject. If no attributeMapper 777 * is specified, DefaultAttributeMapper will be used. 778 * 779 * @supported.api 780 */ 781 public static final String ATTRIBUTEMAPPER = "ATTRIBUTEMAPPER"; 782 783 /** 784 * A SAML service attribute parameter that specifies the class with the 785 * path to where the actionMapper is located. Applications can develop an 786 * actionMapper to obtain either an Session ID or an assertion containing 787 * AuthenticationStatement from the query. The mapper is then used to 788 * retrieve the authorization decisions for the actions defined in the 789 * query. If no actionMapper is specified, DefaultActionMapper will be 790 * used. 791 * 792 * @supported.api 793 */ 794 public static final String ACTIONMAPPER = "ACTIONMAPPER"; 795 796 /** 797 * A SAML service attribute parameter that specifies SAML version 798 * 799 * @supported.api 800 */ 801 public static final String VERSION = "VERSION"; 802 803 /** 804 * SAML service attribute that specifies action service mapping. 805 */ 806 public static final String ACTION_SERVICE_MAPPING = 807 "iplanet-am-saml-action-service-mapping"; 808 809 /** 810 * SAML service attribute that specifies POST to Target URLs. 811 */ 812 public static final String POST_TO_TARGET_URLS = 813 "iplanet-am-saml-post-to-target-urls"; 814 815 /** 816 * SAML service attribute that specifies maximum number of assertions 817 * the server can have at a given time. 818 */ 819 public static final String ASSERTION_MAX_NUMBER_NAME = 820 "iplanet-am-saml-assertion-max-number"; 821 /** 822 * Default maximum number of assertions of the server. It means no limit. 823 */ 824 public static final int ASSERTION_MAX_NUMBER_DEFAULT = 0; 825 826 /** 827 * SAML service attribute that specifies server clean up interval. 828 */ 829 public static final String CLEANUP_INTERVAL_NAME = 830 "iplanet-am-saml-cleanup-interval"; 831 /** 832 * System property name that specifies cleanup interval for internal 833 * cache, such as assertions, artifacts and keystore etc. 834 * This property is mapped to the CLEANUP_INTERVAL_NAME attribute in 835 * SAML service on the server side. 836 */ 837 public static final String CLEANUP_INTERVAL_PROPERTY = 838 "com.sun.identity.saml.cleanup.interval"; 839 840 /** 841 * Default server cleanup interval. It is in seconds. 842 */ 843 public static final int CLEANUP_INTERVAL_DEFAULT = 180; 844 845 /** 846 * Kerberos authentication method. 847 */ 848 public static final String AUTH_METHOD_KERBEROS = "Kerberos"; 849 850 /** 851 * Certificate authentication method. 852 */ 853 public static final String AUTH_METHOD_CERT = "Cert"; 854 855 /** 856 * Certificate authentication method URI. 857 */ 858 public static final String AUTH_METHOD_CERT_URI = "urn:ietf:rfc:2246"; 859 860 /** 861 * Password authentication method URI. 862 */ 863 public static final String AUTH_METHOD_PASSWORD_URI = 864 "urn:oasis:names:tc:SAML:1.0:am:password"; 865 866 /** 867 * Hardware token authentication method uri. 868 */ 869 public static final String AUTH_METHOD_HARDWARE_TOKEN_URI = 870 "urn:oasis:names:tc:SAML:1.0:am:HardwareToken"; 871 872 /** 873 * Kerberos authentication method uri. 874 */ 875 public static final String AUTH_METHOD_KERBEROS_URI = "urn:ietf:rfc:1510"; 876 877 /** 878 * Private authentication method prefix. 879 */ 880 public static final String AUTH_METHOD_URI_PREFIX = 881 "urn:com:sun:identity:"; 882 883 /** 884 * SAML service attribute which identifies basic authentication user. 885 */ 886 public static final String USER = "iplanet-am-saml-user"; 887 888 /** 889 * SAML service attribute which identifies basic authentication password. 890 */ 891 public static final String PASSWORD="iplanet-am-saml-password"; 892 893 /** 894 * A SAML authentication type that uses HTTP protocol and username/password 895 * 896 * @supported.api 897 */ 898 public static final String BASICAUTH= "BASICAUTH"; 899 900 /** 901 * A SAML authentication type that uses HTTPS protocol and 902 * username/password 903 * 904 * @supported.api 905 */ 906 public static final String SSLWITHBASICAUTH = "SSLWITHBASICAUTH"; 907 908 /** 909 * A SAML authentication type that uses HTTP protocol 910 * 911 * @supported.api 912 */ 913 public static final String NOAUTH = "NOAUTH"; 914 915 /** 916 * A SAML authentication type that uses HTTPS protocol 917 * 918 * @supported.api 919 */ 920 public static final String SSL = "SSL"; 921 922 /** 923 * Parameter for Name Identifier format used in SAML web browser post 924 * profile and SAML web browser artifact profile. 925 */ 926 public static final String NAME_ID_FORMAT="NameIDFormat"; 927 928 /** 929 * Constant for servlet which does SAML web browser artifact profile. 930 */ 931 public static final String SAML_AWARE_NAMING="samlawareservlet"; 932 933 /** 934 * Constant for endpoint which accepts SOAP request. 935 */ 936 public static final String SAML_SOAP_NAMING="samlsoapreceiver"; 937 938 /** 939 * Constant for servlet which does SAML web browser post profile. 940 */ 941 public static final String SAML_POST_NAMING="samlpostservlet"; 942 943 /** 944 * Constant for process which handles all assertion related requests. 945 */ 946 public static final String SAML_AM_NAMING = "samlassertionmanager"; 947 948 /** 949 * Parameter for SAML response used in SAML web browser post profile. 950 */ 951 public static final String POST_SAML_RESPONSE_PARAM = "SAMLResponse"; 952 953 /** 954 * Parameter for SAML TARGET. 955 */ 956 public static final String POST_TARGET_PARAM = "TARGET"; 957 958 // for SAMLPOSTProfileServlet 959 960 /** 961 * Constant which identifies source site. 962 */ 963 public static final String SOURCE_SITE_SOAP_ENTRY = "sourceSite"; 964 965 /** 966 * Constant for assertion parameter. 967 */ 968 public static final String POST_ASSERTION = "assertion"; 969 970 /** 971 * Constant for subject. 972 */ 973 public static final String SUBJECT = "subject"; 974 975 /** 976 * Success status code. 977 */ 978 public static final String STATUS_CODE_SUCCESS = "samlp:Success"; 979 980 /** 981 * Success status code with no namespace prefix. 982 */ 983 public static final String STATUS_CODE_SUCCESS_NO_PREFIX = ":Success"; 984 985 /** 986 * http protocol. 987 */ 988 public static final String HTTP="http"; 989 990 /** 991 * https protocol. 992 */ 993 public static final String HTTPS="https"; 994 995 // Used for xml digital signing 996 public static final String CANONICALIZATION_METHOD = 997 "com.sun.identity.saml.xmlsig.c14nMethod"; 998 public static final String TRANSFORM_ALGORITHM= 999 "com.sun.identity.saml.xmlsig.transformAlg"; 1000 public static final String XMLSIG_ALGORITHM = 1001 "com.sun.identity.saml.xmlsig.xmlSigAlgorithm"; 1002 public static final String JKS_KEY_PROVIDER = 1003 "com.sun.identity.saml.xmlsig.JKSKeyProvider"; 1004 public static final String KEY_PROVIDER_IMPL_CLASS = 1005 "com.sun.identity.saml.xmlsig.keyprovider.class"; 1006 public static final String SIGNATURE_PROVIDER_IMPL_CLASS = 1007 "com.sun.identity.saml.xmlsig.signatureprovider.class"; 1008 public static final String AM_SIGNATURE_PROVIDER = 1009 "com.sun.identity.saml.xmlsig.AMSignatureProvider"; 1010 1011 // constants for XML Signature SignatureMethodURI 1012 1013 /** 1014 * MAC Algorithm HMAC-SHA1 URI - Required. 1015 * 1016 * @supported.api 1017 */ 1018 public static final String ALGO_ID_MAC_HMAC_SHA1 = 1019 "http://www.w3.org/2000/09/xmldsig#hmac-sha1"; 1020 1021 /** 1022 * Signature Algorithm DSAwithSHA1 URI - Required. 1023 * 1024 * @supported.api 1025 */ 1026 public static final String ALGO_ID_SIGNATURE_DSA = 1027 "http://www.w3.org/2000/09/xmldsig#dsa-sha1"; 1028 1029 /** 1030 * Signature Algorithm RSAwithSHA1 URI - Recommended. 1031 * 1032 * @supported.api 1033 */ 1034 public static final String ALGO_ID_SIGNATURE_RSA = 1035 "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; 1036 /** 1037 * Signature Algorithm RSAwithSHA1 URI. 1038 * 1039 * @supported.api 1040 */ 1041 public static final String ALGO_ID_SIGNATURE_RSA_SHA1 = 1042 "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; 1043 1044 /** 1045 * Signature Algorithm RSA-MD5 URI. 1046 * 1047 * @supported.api 1048 */ 1049 public static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 = 1050 "http://www.w3.org/2001/04/xmldsig-more#rsa-md5"; 1051 1052 /** 1053 * Signature Algorithm RSA-RIPEMD160 URI. 1054 * 1055 * @supported.api 1056 */ 1057 public static final String ALGO_ID_SIGNATURE_RSA_RIPEMD160 = 1058 "http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"; 1059 1060 /** 1061 * Signature Algorithm RSA-SHA256 URI. 1062 * 1063 * @supported.api 1064 */ 1065 public static final String ALGO_ID_SIGNATURE_RSA_SHA256 = 1066 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; 1067 1068 /** 1069 * Signature Algorithm RSA-SHA384 URI. 1070 * 1071 * @supported.api 1072 */ 1073 public static final String ALGO_ID_SIGNATURE_RSA_SHA384 = 1074 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"; 1075 1076 /** 1077 * Signature Algorithm RSA-SHA512 URI. 1078 * 1079 * @supported.api 1080 */ 1081 public static final String ALGO_ID_SIGNATURE_RSA_SHA512 = 1082 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"; 1083 1084 /** 1085 * MAC Algorithm HMAC-MD5 URI. 1086 * 1087 * @supported.api 1088 */ 1089 public static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 = 1090 "http://www.w3.org/2001/04/xmldsig-more#hmac-md5"; 1091 1092 /** 1093 * MAC Algorithm HMAC-RIPEMD160 URI. 1094 * 1095 * @supported.api 1096 */ 1097 public static final String ALGO_ID_MAC_HMAC_RIPEMD160 = 1098 "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"; 1099 1100 /** 1101 * MAC Algorithm HMAC-SHA256 URI. 1102 * 1103 * @supported.api 1104 */ 1105 public static final String ALGO_ID_MAC_HMAC_SHA256 = 1106 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"; 1107 1108 /** 1109 * MAC Algorithm HMAC-SHA384 URI. 1110 * 1111 * @supported.api 1112 */ 1113 public static final String ALGO_ID_MAC_HMAC_SHA384 = 1114 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"; 1115 1116 /** 1117 * MAC Algorithm HMAC-SHA512 URI. 1118 * 1119 * @supported.api 1120 */ 1121 public static final String ALGO_ID_MAC_HMAC_SHA512 = 1122 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"; 1123 1124 /** 1125 * Attribute that identifies server protocol in 1126 * <code>AMConfig.properties</code> file. 1127 */ 1128 public static final String SERVER_PROTOCOL = 1129 "com.iplanet.am.server.protocol"; 1130 1131 /** 1132 * Attribute that identifies server host in 1133 * <code>AMConfig.properties</code> file. 1134 */ 1135 public static final String SERVER_HOST = "com.iplanet.am.server.host"; 1136 1137 /** 1138 * Attribute that identifies server port in 1139 * <code>AMConfig.properties</code> file. 1140 */ 1141 public static final String SERVER_PORT = "com.iplanet.am.server.port"; 1142 1143 /** 1144 * Attribute that identifies server port in 1145 * <code>AMConfig.properties</code> file. 1146 */ 1147 public static final String SERVER_URI = 1148 "com.iplanet.am.services.deploymentDescriptor"; 1149 1150 /** 1151 * Attribute that identifies default version for saml assertion in 1152 * <code>AMConfig.properties</code> file. 1153 */ 1154 public static final String SAML_ASSERTION_VERSION = 1155 "com.sun.identity.saml.assertion.version"; 1156 1157 /** 1158 * Attribute that identifies default version for saml protocol in 1159 * <code>AMConfig.properties</code> file. 1160 */ 1161 public static final String SAML_PROTOCOL_VERSION = 1162 "com.sun.identity.saml.protocol.version"; 1163 1164 /** 1165 * XML canonicalization Algorithm URI. 1166 * 1167 * @supported.api 1168 */ 1169 public static final String ALGO_ID_C14N_OMIT_COMMENTS = 1170 "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; 1171 1172 /** 1173 * XML canonicalization with comments Algorithm URI. 1174 * 1175 * @supported.api 1176 */ 1177 public static final String ALGO_ID_C14N_WITH_COMMENTS = 1178 ALGO_ID_C14N_OMIT_COMMENTS + "#WithComments"; 1179 1180 /** 1181 * Exclusive XML canonicalization Algorithm URI. 1182 * 1183 * @supported.api 1184 */ 1185 public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS = 1186 "http://www.w3.org/2001/10/xml-exc-c14n#"; 1187 1188 /** 1189 * Exclusive XML canonicalization with comments Algorithm URI. 1190 * 1191 * @supported.api 1192 */ 1193 public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS = 1194 ALGO_ID_C14N_EXCL_OMIT_COMMENTS + "WithComments"; 1195 1196 //constants for XML Signature -Transform algorithm 1197 //supported in Apache xml security package 1.0.5 1198 1199 /** 1200 * XML canonicalization Transform URI. 1201 * 1202 * @supported.api 1203 */ 1204 public static final String TRANSFORM_C14N_OMIT_COMMENTS = 1205 ALGO_ID_C14N_OMIT_COMMENTS; 1206 1207 /** 1208 * XML canonicalization with comments Transform URI. 1209 * 1210 * @supported.api 1211 */ 1212 public static final String TRANSFORM_C14N_WITH_COMMENTS = 1213 ALGO_ID_C14N_WITH_COMMENTS; 1214 1215 /** 1216 * Exclusive XML canonicalization Transform URI. 1217 * 1218 * @supported.api 1219 */ 1220 public static final String TRANSFORM_C14N_EXCL_OMIT_COMMENTS = 1221 ALGO_ID_C14N_EXCL_OMIT_COMMENTS; 1222 1223 /** 1224 * Exclusive XML canonicalization with comments Transform URI. 1225 * 1226 * @supported.api 1227 */ 1228 public static final String TRANSFORM_C14N_EXCL_WITH_COMMENTS = 1229 ALGO_ID_C14N_EXCL_WITH_COMMENTS; 1230 1231 /** 1232 * XSLT Transform URI. 1233 * 1234 * @supported.api 1235 */ 1236 public static final String TRANSFORM_XSLT = 1237 "http://www.w3.org/TR/1999/REC-xslt-19991116"; 1238 1239 /** 1240 * Base64 decoding Transform URI. 1241 * 1242 * @supported.api 1243 */ 1244 public static final String TRANSFORM_BASE64_DECODE = 1245 XMLSIG_NAMESPACE_URI + "base64"; 1246 1247 /** 1248 * XPath Transform URI. 1249 * 1250 * @supported.api 1251 */ 1252 public static final String TRANSFORM_XPATH = 1253 "http://www.w3.org/TR/1999/REC-xpath-19991116"; 1254 1255 /** 1256 * Enveloped Signature Transform URI. 1257 * 1258 * @supported.api 1259 */ 1260 public static final String TRANSFORM_ENVELOPED_SIGNATURE = 1261 XMLSIG_NAMESPACE_URI + "enveloped-signature"; 1262 1263 /** 1264 * XPointer Transform URI. 1265 * 1266 * @supported.api 1267 */ 1268 public static final String TRANSFORM_XPOINTER = 1269 "http://www.w3.org/TR/2001/WD-xptr-20010108"; 1270 1271 /** 1272 * XPath Filter v2.0 Transform URI. 1273 * 1274 * @supported.api 1275 */ 1276 public static final String TRANSFORM_XPATH2FILTER04 = 1277 "http://www.w3.org/2002/04/xmldsig-filter2"; 1278 1279 /** 1280 * XPath Filter v2.0 Transform URI. 1281 * 1282 * @supported.api 1283 */ 1284 public static final String TRANSFORM_XPATH2FILTER = 1285 "http://www.w3.org/2002/06/xmldsig-filter2"; 1286 1287 /** 1288 * XPath Filter v2.0 CHGP Transform URI. 1289 * 1290 * @supported.api 1291 */ 1292 public static final String TRANSFORM_XPATHFILTERCHGP = 1293 "http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter"; 1294 1295 /** 1296 * XML schema namespace. 1297 * 1298 * @supported.api 1299 */ 1300 public static final String NS_XMLNS = "http://www.w3.org/2000/xmlns/"; 1301 1302 /** 1303 * SOAP security namespace. 1304 * 1305 * @supported.api 1306 */ 1307 public static final String NS_SEC = "urn:liberty:sec:2003-08"; 1308 1309 /** 1310 * SOAP utility namespace. 1311 * 1312 * @supported.api 1313 */ 1314 public static final String NS_WSSE = 1315 "http://schemas.xmlsoap.org/ws/2003/06/secext"; 1316 1317 /** 1318 * Liberty security namespace. 1319 * 1320 * @supported.api 1321 */ 1322 public static final String NS_WSU = 1323 "http://schemas.xmlsoap.org/ws/2003/06/utility"; 1324 1325 /** 1326 * String that identifies wsu prefix. 1327 */ 1328 public static final String PREFIX_WSU = "wsu"; 1329 1330 /** 1331 * String that identifies ds prefix. 1332 */ 1333 public static final String PREFIX_DS = "ds"; 1334 1335 /** 1336 * String that identifies tag name "SecurityTokenReference". 1337 */ 1338 public static final String TAG_SECURITYTOKENREFERENCE = 1339 "SecurityTokenReference"; 1340 1341 /** 1342 * String that identifies tag xmlns. 1343 */ 1344 public static final String TAG_XMLNS = "xmlns"; 1345 1346 /** 1347 * String that identifies "xmlns:sec". 1348 */ 1349 public static final String TAG_XMLNS_SEC = "xmlns:sec"; 1350 1351 /** 1352 * Usage tag name. 1353 */ 1354 public static final String TAG_USAGE = "Usage"; 1355 1356 /** 1357 * MessageAuthentication tag name with namespace prefix. 1358 */ 1359 public static final String TAG_SEC_MESSAGEAUTHENTICATION = 1360 "sec:MessageAuthentication"; 1361 1362 /** 1363 * Tag name for <code>BinarySecurityToken</code> with namespace prefix. 1364 */ 1365 public static final String TAG_WSSE_BINARYSECURITYTOKEN = 1366 "wsse:BinarySecurityToken"; 1367 1368 /** 1369 * Tag name for <code>Security</code>. 1370 */ 1371 public static final String TAG_SECURITY = "Security"; 1372 1373 /** 1374 * Tag name for <code>AssertionIDReference</code>. 1375 */ 1376 public static final String TAG_ASSERTIONIDREFERENCE = 1377 "AssertionIDReference"; 1378 1379 /** 1380 * Tag name for <code>Assertion</code>. 1381 */ 1382 public static final String TAG_ASSERTION = "Assertion"; 1383 1384 /** 1385 * String that identifies <code>AssertionID</code>. 1386 */ 1387 public static final String TAG_ASSERTION_ID = "AssertionID"; 1388 1389 /** 1390 * Tag name for <code>BinarySecurityToken</code>. 1391 */ 1392 public static final String BINARYSECURITYTOKEN = "BinarySecurityToken"; 1393 1394 /** 1395 * Tag name for "Id". 1396 */ 1397 public static final String TAG_ID = "Id"; 1398 1399 /** 1400 * Tag name for <code>Reference</code>. 1401 */ 1402 public static final String TAG_REFERENCE = "Reference"; 1403 1404 /** 1405 * Tag name for <code>URI</code>. 1406 */ 1407 public static final String TAG_URI = "URI"; 1408 1409 /** 1410 * Tag name for <code>ValueType</code>. 1411 */ 1412 public static final String TAG_VALUETYPE = "ValueType"; 1413 1414 /** 1415 * Tag name for <code>KeyInfo</code>. 1416 */ 1417 public static final String TAG_KEYINFO = "KeyInfo"; 1418 1419 /** 1420 * Tag name for <code>KeyName</code>. 1421 */ 1422 public static final String TAG_KEYNAME = "KeyName"; 1423 1424 /** 1425 * Tag name for <code>KeyValue<code>. 1426 */ 1427 public static final String TAG_KEYVALUE = "KeyValue"; 1428 1429 /** 1430 * Tag name for <code>PKCS7</code> with wsse namespace prefix. 1431 */ 1432 public static final String TAG_PKCS7 = "wsse:PKCS7"; 1433 1434 /** 1435 * Tag name for <code>X509Data</code>. 1436 */ 1437 public static final String TAG_X509DATA = "X509Data"; 1438 1439 /** 1440 * Tag name for <code>X509Certificate</code>. 1441 */ 1442 public static final String TAG_X509CERTIFICATE = "X509Certificate"; 1443 1444 /** 1445 * Beginning of certificate string. 1446 */ 1447 public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----\n"; 1448 1449 /** 1450 * End of certificate string. 1451 */ 1452 public static final String END_CERT = "\n-----END CERTIFICATE-----"; 1453 1454 /** 1455 * <code>DSAKeyValue</code> tag name. 1456 */ 1457 public static final String TAG_DSAKEYVALUE = "DSAKeyValue"; 1458 1459 /** 1460 * <code>RSAKeyValue</code> tag name. 1461 */ 1462 public static final String TAG_RSAKEYVALUE = "RSAKeyValue"; 1463 1464 /** 1465 * Attribute which identifies certificate alias of this site. 1466 * This value is configured through <code>AMConfig.properties</code>. 1467 */ 1468 public static final String MYCERTALIAS = 1469 "com.sun.identity.saml.xmlsig.certalias"; 1470 1471 /** 1472 * User Name attribute key in the Attribute Map. 1473 */ 1474 public static final String USER_NAME = "USER_NAME"; 1475 1476 /** 1477 * SAML component name to be used to get datastore provider. 1478 */ 1479 public static final String SAML = "saml"; 1480 /** 1481 * SAML component default name space. 1482 */ 1483 public static final String ATTR_NAME_SPACE = 1484 "urn:com:sun:identity:attrnamespace"; 1485 1486 public static final String TAG_USERNAME_TOKEN = "UsernameToken"; 1487 /** 1488 * Keyname for escaping special characters in <code>AttributeValue</code>. 1489 * If true, escaping special characters. Otherwise, will not. Default 1490 * value is "true". 1491 */ 1492 public static final String ESCAPE_ATTR_VALUE = 1493 "com.sun.identity.saml.escapeattributevalue"; 1494 1495 /** 1496 * HTTP POST binding. 1497 */ 1498 public static final String HTTP_POST = "HTTP-POST"; 1499 1500 /** 1501 * HTTP Redirect binding. 1502 */ 1503 public static final String HTTP_REDIRECT = "HTTP-Redirect"; 1504 1505 /** 1506 * Property to identity the HTTP binding for displaying error page. 1507 */ 1508 public static final String ERROR_PAGE_HTTP_BINDING = 1509 "com.sun.identity.saml.errorpage.httpbinding"; 1510 1511 /** 1512 * Property to identify the error page url. 1513 */ 1514 public static final String ERROR_PAGE_URL = 1515 "com.sun.identity.saml.errorpage.url"; 1516 /** 1517 * Default error page url. 1518 */ 1519 public static final String DEFAULT_ERROR_PAGE_URL = 1520 "/saml2/jsp/saml2error.jsp"; 1521 /** 1522 * HTTP status code. 1523 */ 1524 public static final String HTTP_STATUS_CODE = "httpstatuscode"; 1525 1526 /** 1527 * Error message. 1528 */ 1529 public static final String ERROR_MESSAGE = "errormessage"; 1530 1531 /** 1532 * Error code. 1533 */ 1534 public static final String ERROR_CODE = "errorcode"; 1535 1536 /** 1537 * Accept Language HTTP header 1538 */ 1539 public static final String ACCEPT_LANG_HEADER = "Accept-Language"; 1540}
Copyright © 2010-2017, ForgeRock All Rights Reserved.