001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: SAMLConstants.java,v 1.17 2009/06/12 22:21:39 mallas Exp $
026 *
027 */
028
029/*
030 * Portions Copyrighted 2010-2011 ForgeRock AS
031 */
032package com.sun.identity.saml.common;
033
034import java.util.HashSet;
035import java.util.Set;
036
037/**
038 * This is a common class defining some constants common to all SAML elements.
039 *
040 * @supported.api
041 */
042public final class SAMLConstants 
043{
044    public static Set passwordAuthMethods = null;
045    public static Set tokenAuthMethods = null;
046    static {
047        passwordAuthMethods = new HashSet();
048        passwordAuthMethods.add("nt");
049        passwordAuthMethods.add("ldap");
050        passwordAuthMethods.add("membership");
051        passwordAuthMethods.add("anonymous");
052        tokenAuthMethods = new HashSet();
053        tokenAuthMethods.add("radius");
054    }
055
056    /**
057     * String to identify a quote.
058     */
059    public static final String QUOTE                    = "\"";
060
061    /**
062     * String to identify a new line charactor.
063     */
064    public static final String NL                       = "\n";
065
066    /**
067     * String to identify a left angle.
068     */
069    public static final String LEFT_ANGLE              = "<";
070
071    /**
072     * String to identify a right angle.
073     */
074    public static final String RIGHT_ANGLE              = ">";
075
076    /**
077     * String to identify "/>".
078     */
079    public static final String END_ELEMENT              = "/>";
080
081    /**
082     * String to identify "&lt;/".
083     */
084    public static final String START_END_ELEMENT = "</";
085
086    /**
087     * String to identify a space charactor.
088     */
089    public static final String SPACE                = " ";
090
091    /**
092     * SAML assertion namespace URI.
093     *
094     * @supported.api
095     */
096    public static final String assertionSAMLNameSpaceURI = 
097                "urn:oasis:names:tc:SAML:1.0:assertion";
098    /**
099     * SOAP 1.1 namespace URI.
100     *
101     * @supported.api
102     */
103    public static final String SOAP_URI =
104                "http://schemas.xmlsoap.org/soap/envelope/";
105    
106    /**
107     * SOAP 1.2 namespace URI.
108     *
109     * @supported.api
110     */
111    public static final String SOAP12_URI =
112                "http://www.w3.org/2003/05/soap-envelope";
113    /**
114     * SOAP envelope prefix.
115     */
116    public static final String SOAP_ENV_PREFIX = "soap-env";
117
118    /**
119     * SAML request-response protocol namespace URI.
120     *
121     * @supported.api
122     */
123    public static final String PROTOCOL_NAMESPACE_URI =
124                        "urn:oasis:names:tc:SAML:1.0:protocol";
125
126    /**
127     * XML Digital Signature namespace.
128     *
129     * @supported.api
130     */
131    public static final String XMLSIG_NAMESPACE_URI =
132                        "http://www.w3.org/2000/09/xmldsig#";
133
134    /**
135     * Element name for xml signature.
136     */
137    public static final String XMLSIG_ELEMENT_NAME = "Signature";
138
139    /**
140     * Pointer to Signature name space.
141     */
142    public static final String DSSAMLNameSpace = 
143        "xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"";
144   
145    /**
146     * String which gets incorporated into
147     * <code>toString(includeNS, declareNS)</code> when 
148     * <code>declareNS</code> is true for any assertion element.
149     */
150    public static final String assertionDeclareStr = 
151        " xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"";
152
153    /**
154     * String used in the <code>toString(includeNS, declareNS)</code> method.
155     */
156    public static final String PROTOCOL_NAMESPACE_STRING =
157        " xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\"";
158
159    /** 
160     * <code>NameQualifier</code> in <code>NameIdetifier</code> for
161     * <code>X509SubjectName</code>.
162     */
163    public static final String X509SUBJECTNAME =
164        assertionSAMLNameSpaceURI+"#X509SubjectName";
165
166    /**
167     * String used in the <code>ActionNamespace</code> attribute to refer to
168     * common sets of actions to perform on resources. 
169     *
170     * Title: Read/Write/Execute/Delete/Control
171     * Defined actions: <code>Read Write Execute Delete Control</code>
172     * These actions are interpreted in the normal manner, i.e. 
173     * <ul>
174     * <li><code>Read</code>: The subject may read the resource </li>
175     * <li><code>Write</code>: The subject may modify the resource </li>
176     * <li><code>Execute</code>: The subject may execute the resource </li>
177     * <li><code>Delete</code>: The subject may delete the resource </li>
178     * <li><code>Control</code>: The subject may specify the access control
179     *     policy for the resource.</li>
180     * </ul>
181     *
182     * @supported.api
183     */
184    public static final String ACTION_NAMESPACE = 
185        "urn:oasis:names:tc:SAML:1.0:action:rwedc";
186
187    /**
188     * String used in the <code>ActionNamespace</code> attribute to refer to
189     * common sets of actions to perform on resources. 
190     *
191     * Title: Read/Write/Execute/Delete/Control with Negation
192     * Defined actions:
193     * <code>Read Write Execute Delete Control ~Read ~Write ~Execute ~Delete
194     * ~Control</code>
195     * <ul>
196     * <li><code>Read</code>: The subject may read the resource </li>
197     * <li><code>Write</code>: The subject may modify the resource </li>
198     * <li><code>Execute</code>: The subject may execute the resource </li>
199     * <li><code>Delete</code>: The subject may delete the resource </li>
200     * <li><code>Control</code>: The subject may specify the access control
201     *     policy for the resource </li>
202     * <li><code>~Read</code>:  The subject may NOT read the resource </li>
203     * <li><code>~Write</code>: The subject may NOT modify the resource </li>
204     * <li><code>~Execute</code>: The subject may NOT execute the resource </li>
205     * <li><code>~Delete</code>: The subject may NOT delete the resource </li>
206     * <li><code>~Control</code>: The subject may NOT specify the access
207     *     control policy for the resource </li>
208     * </ul>
209     * An application MUST NOT authorize both an action and its negated form.
210     *
211     * @supported.api
212     */
213    public static final String ACTION_NAMESPACE_NEGATION = 
214                "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation";
215
216    /**
217     * String used in the <code>ActionNamespace</code> attribute to refer to
218     * common sets of actions to perform on resources. 
219     *
220     * Title: <code>Get/Head/Put/Post</code>
221     * Defined actions: 
222     *          <code>GET HEAD PUT POST</code>
223     * These actions bind to the corresponding HTTP operations. For example a
224     * subject authorized to perform the GET action on a resource is authorized
225     * to retrieve it. The GET and HEAD actions loosely correspond to the 
226     * conventional read permission and the PUT and POST actions to the write 
227     * permission. The correspondence is not exact however since a HTTP GET 
228     * operation may cause data to be modified and a POST operation may cause
229     * modification to a resource other than the one specified in the request. 
230     * For this reason a separate Action URI specifier is provided. 
231     *
232     * @supported.api
233     */
234    public static final String ACTION_NAMESPACE_GHPP = 
235                "urn:oasis:names:tc:SAML:1.0:ghpp";
236
237    /**
238     * String used in the <code>ActionNamespace<code> attribute to refer to
239     * common sets of actions to perform on resources. 
240     *
241     * Title: UNIX File Permissions
242     * Defined actions: 
243     * The defined actions are the set of UNIX file access permissions
244     * expressed in the numeric (octal) notation. The action string is a four
245     * digit numeric code: extended user group world 
246     * Where the extended access permission has the value  
247     * <ul>
248     * <li><code>+2 if sgid is set</code>
249     * <li><code>+4 if suid is set</code>
250     * The user group and world access permissions have the value 
251     * <li><code>+1 if execute permission is granted</code>
252     * <li><code>+2 if write permission is granted</code>
253     * <li><code>+4 if read permission is granted</code>
254     * For example 0754 denotes the UNIX file access permission: user read,
255     * write and execute, group read and execute and world read. 
256     *
257     * @supported.api
258     */
259    public static final String ACTION_NAMESPACE_UNIX = 
260                "urn:oasis:names:tc:SAML:1.0:action:unix";
261
262    /**
263     * saml namespace prefix with ":".
264     */
265    public static final String ASSERTION_PREFIX = "saml:";
266
267    /**
268     * samlp namespace prefix with ":".
269     */
270    public static final String PROTOCOL_PREFIX = "samlp:";
271
272    /**
273     * Assertion version 1.0.
274     */
275    public static final String ASSERTION_VERSION_1_0 = "1.0";
276
277    /**
278     * Assertion version 1.1.
279     */
280    public static final String ASSERTION_VERSION_1_1 = "1.1";
281
282    /**
283     * Major version of assertion.
284     */
285    public static final int ASSERTION_MAJOR_VERSION = 1;
286    /**
287     * Default Assertion minor version.
288     */
289    public static int ASSERTION_MINOR_VERSION = 1;
290
291    /**
292     * Assertion minor version 0.
293     */
294    public static final int ASSERTION_MINOR_VERSION_ZERO = 0;
295
296    /**
297     * Assertion minor version 1.
298     */
299    public static final int ASSERTION_MINOR_VERSION_ONE = 1;
300
301    /**
302     * Protocol version 1.0.
303     */
304    public static final String PROTOCOL_VERSION_1_0 = "1.0";
305
306    /**
307     * Protocol version 1.1.
308     */
309    public static final String PROTOCOL_VERSION_1_1 = "1.1";
310
311    /**
312     * Protocol major version 1.
313     */
314    public static final int PROTOCOL_MAJOR_VERSION = 1;
315
316    /**
317     * Default protocol minor version 1.
318     */
319    public static int PROTOCOL_MINOR_VERSION = 1;
320
321    /**
322     * Protocol minor version 0.
323     */
324    public static final int PROTOCOL_MINOR_VERSION_ZERO = 0; 
325
326    /**
327     * Protocol minor version 1.
328     */
329    public static final int PROTOCOL_MINOR_VERSION_ONE = 1;  
330 
331    /**
332     * Assertion handle, request id, and response id have this length.
333     * If server id cannot be found, assertion id has this length also.
334     * request id, response id, and assertion id will be base64 encoded for
335     * printing.
336     */
337    public static final int ID_LENGTH = 20;
338
339    /**
340     * Length for server id. Used in load balancing.
341     */
342    public static final int SERVER_ID_LENGTH = 2;
343
344    /**
345     * Default encoding used in the xml string conversion.
346     */
347    public static final String DEFAULT_ENCODING = "UTF-8";
348
349    /**
350     * SAML artifact confirmation method identifier URI.
351     *
352     * @supported.api
353     */
354    public static String CONFIRMATION_METHOD_ARTIFACT =
355                "urn:oasis:names:tc:SAML:1.0:cm:artifact";
356
357    /**
358     * Deprecated SAML Artifact confirmation method identifier URI.
359     *
360     * @supported.api
361     */
362    public static final String DEPRECATED_CONFIRMATION_METHOD_ARTIFACT =
363                "urn:oasis:names:tc:SAML:1.0:cm:artifact-01";
364
365    /**
366     * OpenSSO confirmation method identifier URI.
367     *
368     * @supported.api
369     */
370    public static final String CONFIRMATION_METHOD_IS =
371                "urn:com:sun:identity";
372
373    /**
374     * SAML Bearer confirmation method identifier URI.
375     *
376     * @supported.api
377     */
378    public static final String CONFIRMATION_METHOD_BEARER =
379                "urn:oasis:names:tc:SAML:1.0:cm:bearer";
380
381    /**
382     * SAML "Holder of Key" confirmation method identifier URI.
383     *
384     * @supported.api
385     */
386    public static final String CONFIRMATION_METHOD_HOLDEROFKEY =
387                "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key";
388
389    /**
390     * SAML "Sender Vouches" confirmation method identifier URI.
391     *
392     * @supported.api
393     */
394    public static final String CONFIRMATION_METHOD_SENDERVOUCHES =
395                "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches";
396
397    // used by SAML service schema related operations
398
399    /**
400     * SAML service name.
401     */
402    public static final String SAML_SERVICE_NAME = "SAML1";
403
404    /**
405     * 1.0 version of SAML service.
406     */
407    public static final String SAML_SERVICE_VERSION = "1.0";
408
409    /**
410     * SAML service attribute that specifies time skew for not before attribute
411     * in assertion.
412     */
413    public static final String NOTBEFORE_TIMESKEW_NAME =
414                                        "iplanet-am-saml-notbefore-timeskew";
415
416    /**
417     * SAML service attribute that specifies artifact timeout period.
418     */
419    public static final String ARTIFACT_TIMEOUT_NAME =
420                                        "iplanet-am-saml-artifact-timeout";
421
422    /**
423     * SAML service attribute that specifies assertion timeout period.
424     */
425    public static final String ASSERTION_TIMEOUT_NAME =
426                                        "iplanet-am-saml-assertion-timeout";
427
428    /**
429     * SAML service attribute that specifies whether needs to remove
430     * assertion after it's being dereferenced or not.
431     */
432    public static final String REMOVE_ASSERTION_NAME =
433                                        "com.sun.identity.saml.removeassertion";
434
435    /**
436     * Default not before time skew. It's in seconds.
437     */
438    public static final int NOTBEFORE_TIMESKEW_DEFAULT = 300;
439
440    /**
441     * Default artifact timeout period. It's in seconds.
442     */
443    public static final int ARTIFACT_TIMEOUT_DEFAULT = 120;
444
445    /**
446     * Default assertion timeout period. It's in seconds.
447     */
448    public static final int ASSERTION_TIMEOUT_DEFAULT = 60;
449
450    /**
451     * SAML service attribute that specifies list of saml site IDs.
452     */
453    public static final String SITE_ID_LIST = "iplanet-am-saml-siteid-list"; 
454
455    /**
456     * SAML service attribute that specifies list of instances.
457     */
458    public static final String INSTANCE_LIST = "iplanet-am-saml-instance-list"; 
459
460    /**
461     * This site's ID.
462     */
463    public static final String SITE_ID = "mysiteid"; 
464
465    /**
466     * SAML service attribute that specifies list of issuer names.
467     */
468    public static final String ISSUER_NAME_LIST =
469                                        "iplanet-am-saml-issuername-list";
470
471    /**
472     * This site's issuer name.
473     */
474    public static final String ISSUER_NAME = "mysitename";
475
476    /**
477     * SAML service attribute name for list of site ID and issuer names.
478     */
479    public static final String SITE_ID_ISSUER_NAME_LIST =
480                                   "iplanet-am-saml-siteid-issuername-list";
481
482    /**
483     * Constant for instance id.
484     */
485    public static final String INSTANCEID = "INSTANCEID";
486
487    /**
488     * Constant for site id.
489     */
490    public static final String SITEID = "SITEID";
491
492    /**
493     * Constant for issuer name.
494     */
495    public static final String ISSUERNAME = "ISSUERNAME";
496
497    /**
498     * SAML service attribute that specifies site's certificate alias.
499     */
500    public static final String SITE_CERT_ALIAS =
501                                        "iplanet-am-saml-sitecertalias";
502
503    /**
504     * SAML service attribute that specifies whether to sign a request or not.
505     */
506    public static final String SIGN_REQUEST =
507                                        "iplanet-am-saml-signrequest";
508
509    /**
510     * Default is to not sign request.
511     */
512    public static final String SIGN_REQUEST_DEFAULT = "false";
513
514    /**
515     * SAML service attribute that specifies whether to sign a response or not.
516     */
517    public static final String SIGN_RESPONSE =
518                                        "iplanet-am-saml-signresponse";
519
520    /**
521     * Default is to not sign response.
522     */
523    public static final String SIGN_RESPONSE_DEFAULT = "false";
524
525    /**
526     * SAML service attribute that specifies whether to sign an assertion
527     * or not.
528     */
529    public static final String SIGN_ASSERTION =
530                                        "iplanet-am-saml-signassertion";
531
532    /**
533     * Default is to not sign the assertion.
534     */
535    public static final String SIGN_ASSERTION_DEFAULT = "false";
536
537    /**
538     * SAML service attribute that specifies the name for artifact.
539     */
540    public static final String ARTIFACT_NAME = "iplanet-am-saml-artifact-name";
541
542    /**
543     * SAML service attribute that specifies the name id format attribute map.
544     */
545    public static final String NAME_ID_FORMAT_MAP =
546            "iplanet-am-saml-name-id-format-attr-map";
547
548    /**
549     * SAML service attribute that specifies the attribute map.
550     */
551    public static final String ATTRIBUTE_MAP =
552            "iplanet-am-saml-attr-map";
553
554    /**
555     * Default SAML artifact name.
556     *
557     * @supported.api
558     */
559    public static final String ARTIFACT_NAME_DEFAULT = "SAMLart" ;
560
561    /**
562     * SAML service attribute that specifies target parameter.
563     */
564    public static final String TARGET_SPECIFIER = 
565                                           "iplanet-am-saml-target-specifier" ; 
566
567    /**
568     * Default parameter for target.
569     */
570    public static final String TARGET_SPECIFIER_DEFAULT = "TARGET" ;
571
572    /**
573     * SAML service attribute that specifies list of trusted partners.
574     * A sample trusted server list entry is like
575     * target=.iplanet.com:8080|
576     *      SAMLUrl=http://dsame.red.iplanet.com:8080/amserver/SAMLAwareServlet|
577     * POSTUrl=http://dsame.red.iplanet.com:8080/amserver/SAMLPOSTProfileServlet
578     */
579    public static final String TRUSTED_SERVER_LIST =
580                                        "iplanet-am-saml-trusted-server-list"; 
581
582    /**
583     * SAML service attribute that specifies partner urls.
584     * A sample Parter URL list entry is like: 
585     * SourceID=encoded 20 bytes|
586     * SOAPUrl=http://dsame2.red.iplanet.com:8080/amserver/SAMLSOAPReceiver
587     */
588    public static final String PARTNER_URLS = "iplanet-am-saml-partner-urls"; 
589
590    /**
591     * Constants for target.
592     */
593    public static final String TARGET = "TARGET"; 
594
595    /**
596     * Constants for url which handles saml web browser artifact profile.
597     */
598    public static final String SAMLURL = "SAMLURL"; 
599
600    /**
601     * Constants for url which handles saml web browser post profile.
602     */
603    public static final String POSTURL = "POSTURL";
604    
605
606    /**
607     * A SAML service attribute parameter. The 20-byte sequence defined as in
608     * the SiteID and Issuer name.
609     *
610     * @supported.api
611     */
612    public static final String SOURCEID = "SOURCEID"; 
613
614    /**
615     * A SAML service attribute parameter that defines partner's name.
616     *
617     * iPlanet-PUBLIC-STATIC
618     */
619    public static final String PARTNERNAME = "PARTNERNAME"; 
620
621    /**
622     * A SAML service attribute parameter that defines the URL that provides
623     * the SAML service. The servlet specified in the URL implements the
624     * Web-browser SSO with Artifact profile defined in the OASIS-SAML
625     * Bindings and Profiles specification.
626     *
627     * @supported.api
628     */
629    public static final String SOAPUrl = "SOAPURL"; 
630
631    /**
632     * A SAML service attribute parameter that defines the authentication type
633     * used in SAML. It should be one of the following:
634     *     NOAUTH
635     *     BASICAUTH
636     *     SSL
637     *     SSLWITHBASICAUTH
638     * This parameter is optional, and if not specified, the default is NOAUTH.
639     * If BASICAUTH or SSLWITHBASICAUTH is specified, the User parameter is
640     * require and the SOAPUrl should be HTTPS. 
641     *
642     * @supported.api
643     */
644    public static final String AUTHTYPE = "AUTHTYPE"; 
645
646    /**
647     * A SAML service attribute parameter that defines the uid of the partner
648     * which is used to protect the partner's SOAP Receiver
649     *
650     * @supported.api
651     */
652    public static final String UID = "USER"; 
653
654    /**
655     * A SAML service attribute parameter that defines the user id of the
656     * partner which is used for Basic Authentication.
657     *
658     * @supported.api
659     */
660    public static final String AUTH_UID = "AUTHUSER"; 
661
662    /**
663     * A SAML service attribute parameter that defines the password of the
664     * partner which is used for Basic Authentication.
665     *
666     * @supported.api
667     */
668    public static final String AUTH_PASSWORD = "AUTHPASSWORD"; 
669
670    /**
671     * A SAML service attribute parameter that specifies a pluggable class
672     * which defines how the subject of an Assertion is related to an identity
673     * at the destination site. By default, it is:
674     *     com.sun.identity.saml.plugins.DefaultAccountMapper
675     *
676     * @supported.api
677     */
678    public static final String ACCOUNTMAPPER = "ACCOUNTMAPPER";
679
680    /**
681     * A SAML service attribute parameter that specifies a pluggable class
682     * which defines how the subject of an Assertion is related to an identity
683     * at the destination site and a target URL. By default, it is:
684     *     com.sun.identity.saml.plugins.DefaultPartnerAccountMapper
685     *
686     * @supported.api
687     */
688    public static final String PARTNERACCOUNTMAPPER = "PARTNERACCOUNTMAPPER";
689
690    /**
691     * A SAML service attribute parameter that specifies the class with the
692     * path where the siteAttributeMapper is located. Applications can develop
693     * a siteAttributeMapper to obtain attributes to be included in the
694     * assertion during SSO. If no siteAttributeMapper is found, then no
695     * attributes will be included in the assertion during SSO. 
696     *
697     * @supported.api
698     */
699    public static final String SITEATTRIBUTEMAPPER = "siteattributemapper";
700    public static final String SITEATTRIBUTEMAPPERDEFAULT =
701            "com.sun.identity.saml.plugins.DefaultSiteAttributeMapper";
702    
703    /**
704     * A SAML service attribute parameter that specifies the class with the
705     * path where the partnerSiteAttributeMapper is located. Applications can
706     * develop a partnerSiteAttributeMapper to obtain attributes to be included
707     * in the assertion during SSO based on target URL. If no
708     * partnerSiteAttributeMapper is found, then no attributes will be included
709     * in the assertion during SSO. 
710     *
711     * @supported.api
712     */
713    public static final String PARTNERSITEATTRIBUTEMAPPER =
714                                "partnersiteattributemapper";
715
716
717    /**
718     * A SAML service attribute parameter that specifies the class with the
719     * path where the nameIdentifierMapper is located. Applications can develop
720     * a nameIdentifierMapper to obtain a name identifier to be included in the
721     * assertion during SSO. If no nameIdentifierMapper is found, then a
722     * default implementation will be used.
723     *
724     * @supported.api
725     */
726    public static final String NAMEIDENTIFIERMAPPER = "nameidentifiermapper";
727
728    /**
729     * A SAML service attribute parameter that lists the IP addresses and/or
730     * the certAlias for all of the hosts, within the specified partner site,
731     * that can send requests to this site. This ensures that the requester is
732     * indeed the intended receiver for the SAML artifact. 
733     *
734     * @supported.api
735     */
736    public static final String HOST_LIST = "hostlist";
737
738    /**
739     * A POST attribute name that specifies an assertion.
740     *
741     * @supported.api
742     */
743    public static final String POST_ASSERTION_NAME = "ASSERTION";
744
745    /**
746     * A POST attribute name that specifies attribute names of an assertion.
747     *
748     * @supported.api
749     */
750    public static final String POST_ATTR_NAMES = "ATTRIBUTENAMES";
751
752    /**
753     * A SAML service attribute parameter that specifies a certAlias name used
754     * for verifying the signature in an assertion, when the assertion is
755     * signed by a partner and the certificate of the partner can not be found
756     * in the KeyInfo portion of the signed assertion.
757     *
758     * @supported.api
759     */
760    public static final String CERTALIAS = "CERTALIAS";
761
762    /**
763     * A SAML service attribute parameter that defines the creator of an
764     * assertion generated within OpenSSO. The syntax is
765     * hostname:port.
766     *
767     * @supported.api
768     */
769    public static final String ISSUER = "ISSUER";
770
771    /**
772     * A SAML service attribute parameter that specifies the class with the
773     * path to where the attributeMapper is located. Applications can develop
774     * an attributeMapper to obtain either an Session  ID or an assertion
775     * containing AuthenticationStatement from the query. The mapper is then
776     * used to retrieve the attributes for the subject. If no attributeMapper
777     * is specified, DefaultAttributeMapper will be used. 
778     *
779     * @supported.api
780     */
781    public static final String ATTRIBUTEMAPPER = "ATTRIBUTEMAPPER";
782
783    /**
784     * A SAML service attribute parameter that specifies the class with the
785     * path to where the actionMapper is located. Applications can develop an
786     * actionMapper to obtain either an Session ID or an assertion containing
787     * AuthenticationStatement from the query. The mapper is then used to
788     * retrieve the authorization decisions for the actions defined in the
789     * query. If no actionMapper is specified, DefaultActionMapper will be
790     * used. 
791     *
792     * @supported.api
793     */
794    public static final String ACTIONMAPPER = "ACTIONMAPPER";
795
796    /**
797     * A SAML service attribute parameter that specifies SAML version
798     *
799     * @supported.api
800     */
801    public static final String VERSION = "VERSION";
802
803    /**
804     * SAML service attribute that specifies action service mapping.
805     */
806    public static final String ACTION_SERVICE_MAPPING =
807                                "iplanet-am-saml-action-service-mapping";
808
809    /**
810     * SAML service attribute that specifies POST to Target URLs.
811     */
812    public static final String POST_TO_TARGET_URLS = 
813        "iplanet-am-saml-post-to-target-urls";
814
815    /**
816     * SAML service attribute that specifies maximum number of assertions
817     * the server can have at a given time.
818     */
819    public static final String ASSERTION_MAX_NUMBER_NAME =
820                                "iplanet-am-saml-assertion-max-number";
821    /**
822     * Default maximum number of assertions of the server. It means no limit.
823     */
824    public static final int ASSERTION_MAX_NUMBER_DEFAULT = 0;
825
826    /**
827     * SAML service attribute that specifies server clean up interval.
828     */
829    public static final String CLEANUP_INTERVAL_NAME =
830                                "iplanet-am-saml-cleanup-interval";
831    /**
832     * System property name that specifies cleanup interval for internal
833     * cache, such as assertions, artifacts and keystore etc. 
834     * This property is mapped to the CLEANUP_INTERVAL_NAME attribute in 
835     * SAML service on the server side.
836     */
837    public static final String CLEANUP_INTERVAL_PROPERTY =
838                            "com.sun.identity.saml.cleanup.interval";
839
840    /**
841     * Default server cleanup interval. It is in seconds.
842     */
843    public static final int CLEANUP_INTERVAL_DEFAULT = 180;
844
845    /**
846     * Kerberos authentication method.
847     */
848    public static final String AUTH_METHOD_KERBEROS = "Kerberos";
849
850    /**
851     * Certificate authentication method.
852     */
853    public static final String AUTH_METHOD_CERT = "Cert";
854
855    /**
856     * Certificate authentication method URI.
857     */
858    public static final String AUTH_METHOD_CERT_URI = "urn:ietf:rfc:2246";
859
860    /**
861     * Password authentication method URI.
862     */
863    public static final String AUTH_METHOD_PASSWORD_URI = 
864        "urn:oasis:names:tc:SAML:1.0:am:password";
865
866    /**
867     * Hardware token authentication method uri.
868     */
869    public static final String AUTH_METHOD_HARDWARE_TOKEN_URI = 
870        "urn:oasis:names:tc:SAML:1.0:am:HardwareToken";
871
872    /**
873     * Kerberos authentication method uri.
874     */
875    public static final String AUTH_METHOD_KERBEROS_URI = "urn:ietf:rfc:1510";
876
877    /**
878     * Private authentication method prefix.
879     */
880    public static final String AUTH_METHOD_URI_PREFIX =
881                                "urn:com:sun:identity:";
882
883    /**
884     * SAML service attribute which identifies basic authentication user.
885     */
886    public static final String USER = "iplanet-am-saml-user"; 
887
888    /**
889     * SAML service attribute which identifies basic authentication password.
890     */
891    public static final String PASSWORD="iplanet-am-saml-password"; 
892
893    /**
894     * A SAML authentication type that uses HTTP protocol and username/password
895     *
896     * @supported.api
897     */
898    public static final String BASICAUTH= "BASICAUTH";
899
900    /**
901     * A SAML authentication type that uses HTTPS protocol and
902     * username/password
903     *
904     * @supported.api
905     */
906    public static final String SSLWITHBASICAUTH = "SSLWITHBASICAUTH"; 
907
908    /**
909     * A SAML authentication type that uses HTTP protocol
910     *
911     * @supported.api
912     */
913    public static final String NOAUTH = "NOAUTH";
914
915    /**
916     * A SAML authentication type that uses HTTPS protocol
917     *
918     * @supported.api
919     */
920    public static final String SSL = "SSL"; 
921
922    /**
923     * Parameter for Name Identifier format used in SAML web browser post
924     * profile and SAML web browser artifact profile.
925     */
926    public static final String NAME_ID_FORMAT="NameIDFormat";
927
928    /**
929     * Constant for servlet which does SAML web browser artifact profile.
930     */
931    public static final String SAML_AWARE_NAMING="samlawareservlet";
932
933    /**
934     * Constant for endpoint which accepts SOAP request.
935     */
936    public static final String SAML_SOAP_NAMING="samlsoapreceiver"; 
937
938    /**
939     * Constant for servlet which does SAML web browser post profile.
940     */
941    public static final String SAML_POST_NAMING="samlpostservlet";
942
943    /**
944     * Constant for process which handles all assertion related requests.
945     */
946    public static final String SAML_AM_NAMING = "samlassertionmanager";
947
948    /**
949     * Parameter for SAML response used in SAML web browser post profile.
950     */
951    public static final String POST_SAML_RESPONSE_PARAM = "SAMLResponse";
952
953    /**
954     * Parameter for SAML TARGET.
955     */
956    public static final String POST_TARGET_PARAM = "TARGET";
957
958    // for SAMLPOSTProfileServlet
959
960    /**
961     * Constant which identifies source site.
962     */
963    public static final String SOURCE_SITE_SOAP_ENTRY = "sourceSite";
964
965    /**
966     * Constant for assertion parameter.
967     */
968    public static final String POST_ASSERTION = "assertion";
969
970    /**
971     * Constant for subject.
972     */
973    public static final String SUBJECT = "subject";
974
975    /**
976     * Success status code.
977     */
978    public static final String STATUS_CODE_SUCCESS = "samlp:Success";
979
980    /**
981     * Success status code with no namespace prefix.
982     */
983    public static final String STATUS_CODE_SUCCESS_NO_PREFIX = ":Success";
984
985    /**
986     * http protocol.
987     */
988    public static final String HTTP="http"; 
989
990    /**
991     * https protocol.
992     */
993    public static final String HTTPS="https";
994 
995    // Used for xml digital signing
996    public static final String CANONICALIZATION_METHOD =
997        "com.sun.identity.saml.xmlsig.c14nMethod";
998    public static final String TRANSFORM_ALGORITHM=
999        "com.sun.identity.saml.xmlsig.transformAlg";
1000    public static final String XMLSIG_ALGORITHM =
1001        "com.sun.identity.saml.xmlsig.xmlSigAlgorithm";    
1002    public static final String JKS_KEY_PROVIDER = 
1003        "com.sun.identity.saml.xmlsig.JKSKeyProvider"; 
1004    public static final String KEY_PROVIDER_IMPL_CLASS =
1005        "com.sun.identity.saml.xmlsig.keyprovider.class";
1006    public static final String SIGNATURE_PROVIDER_IMPL_CLASS =
1007        "com.sun.identity.saml.xmlsig.signatureprovider.class";
1008    public static final String AM_SIGNATURE_PROVIDER =
1009        "com.sun.identity.saml.xmlsig.AMSignatureProvider";
1010   
1011    // constants for XML Signature SignatureMethodURI
1012
1013    /**
1014     * MAC Algorithm HMAC-SHA1 URI - Required.
1015     *
1016     * @supported.api
1017     */
1018    public static final String ALGO_ID_MAC_HMAC_SHA1 = 
1019                                "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
1020
1021    /**
1022     * Signature Algorithm DSAwithSHA1 URI - Required.
1023     *
1024     * @supported.api
1025     */
1026    public static final String ALGO_ID_SIGNATURE_DSA =
1027                                "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
1028
1029    /**
1030     * Signature Algorithm RSAwithSHA1 URI - Recommended.
1031     *
1032     * @supported.api
1033     */
1034    public static final String ALGO_ID_SIGNATURE_RSA = 
1035                                "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
1036    /**
1037     * Signature Algorithm RSAwithSHA1 URI.
1038     *
1039     * @supported.api
1040     */
1041    public static final String ALGO_ID_SIGNATURE_RSA_SHA1 =
1042                                "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
1043
1044    /**
1045     * Signature Algorithm RSA-MD5 URI.
1046     *
1047     * @supported.api
1048     */
1049    public static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 =
1050                              "http://www.w3.org/2001/04/xmldsig-more#rsa-md5";
1051
1052    /**
1053     * Signature Algorithm RSA-RIPEMD160 URI.
1054     *
1055     * @supported.api
1056     */
1057    public static final String ALGO_ID_SIGNATURE_RSA_RIPEMD160 = 
1058                        "http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160";
1059
1060    /**
1061     * Signature Algorithm RSA-SHA256 URI.
1062     *
1063     * @supported.api
1064     */
1065    public static final String ALGO_ID_SIGNATURE_RSA_SHA256 =
1066                        "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
1067
1068    /**
1069     * Signature Algorithm RSA-SHA384 URI.
1070     *
1071     * @supported.api
1072     */
1073    public static final String ALGO_ID_SIGNATURE_RSA_SHA384 = 
1074                        "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
1075
1076    /**
1077     * Signature Algorithm RSA-SHA512 URI.
1078     *
1079     * @supported.api
1080     */
1081    public static final String ALGO_ID_SIGNATURE_RSA_SHA512 = 
1082                        "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
1083
1084    /**
1085     * MAC Algorithm HMAC-MD5 URI.
1086     *
1087     * @supported.api
1088     */
1089    public static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 = 
1090                        "http://www.w3.org/2001/04/xmldsig-more#hmac-md5";
1091
1092    /**
1093     * MAC Algorithm HMAC-RIPEMD160 URI.
1094     *
1095     * @supported.api
1096     */
1097    public static final String ALGO_ID_MAC_HMAC_RIPEMD160 = 
1098                       "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160";
1099
1100    /**
1101     * MAC Algorithm HMAC-SHA256 URI.
1102     *
1103     * @supported.api
1104     */
1105    public static final String ALGO_ID_MAC_HMAC_SHA256 = 
1106                        "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
1107
1108    /**
1109     * MAC Algorithm HMAC-SHA384 URI.
1110     *
1111     * @supported.api
1112     */
1113    public static final String ALGO_ID_MAC_HMAC_SHA384 =
1114                        "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384";
1115
1116    /**
1117     * MAC Algorithm HMAC-SHA512 URI.
1118     *
1119     * @supported.api
1120     */
1121    public static final String ALGO_ID_MAC_HMAC_SHA512 = 
1122                        "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
1123
1124    /**
1125     * Attribute that identifies server protocol in
1126     * <code>AMConfig.properties</code> file.
1127     */
1128    public static final String SERVER_PROTOCOL =
1129                        "com.iplanet.am.server.protocol";
1130
1131    /**
1132     * Attribute that identifies server host in
1133     * <code>AMConfig.properties</code> file.
1134     */
1135    public static final String SERVER_HOST = "com.iplanet.am.server.host";
1136
1137    /**
1138     * Attribute that identifies server port in
1139     * <code>AMConfig.properties</code> file.
1140     */
1141    public static final String SERVER_PORT = "com.iplanet.am.server.port";
1142
1143    /**
1144     * Attribute that identifies server port in
1145     * <code>AMConfig.properties</code> file.
1146     */
1147    public static final String SERVER_URI =
1148        "com.iplanet.am.services.deploymentDescriptor";
1149
1150    /**
1151     * Attribute that identifies default version for saml assertion in
1152     * <code>AMConfig.properties</code> file.
1153     */
1154    public static final String SAML_ASSERTION_VERSION =
1155                        "com.sun.identity.saml.assertion.version";
1156
1157    /**
1158     * Attribute that identifies default version for saml protocol in
1159     * <code>AMConfig.properties</code> file.
1160     */
1161    public static final String SAML_PROTOCOL_VERSION =
1162                        "com.sun.identity.saml.protocol.version";
1163   
1164    /**
1165     * XML canonicalization Algorithm URI.
1166     *
1167     * @supported.api
1168     */
1169    public static final String ALGO_ID_C14N_OMIT_COMMENTS =
1170                        "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
1171
1172    /**
1173     * XML canonicalization with comments Algorithm URI.
1174     *
1175     * @supported.api
1176     */
1177    public static final String ALGO_ID_C14N_WITH_COMMENTS =
1178                        ALGO_ID_C14N_OMIT_COMMENTS + "#WithComments";
1179
1180    /**
1181     * Exclusive XML canonicalization Algorithm URI.
1182     *
1183     * @supported.api
1184     */
1185    public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS =
1186                        "http://www.w3.org/2001/10/xml-exc-c14n#";
1187
1188    /**
1189     * Exclusive XML canonicalization with comments Algorithm URI.
1190     *
1191     * @supported.api
1192     */
1193    public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS =
1194                        ALGO_ID_C14N_EXCL_OMIT_COMMENTS + "WithComments";
1195   
1196    //constants for XML Signature -Transform algorithm
1197    //supported in Apache xml security package 1.0.5
1198  
1199    /**
1200     * XML canonicalization Transform URI.
1201     *
1202     * @supported.api
1203     */
1204    public static final String TRANSFORM_C14N_OMIT_COMMENTS =
1205                        ALGO_ID_C14N_OMIT_COMMENTS;
1206
1207    /**
1208     * XML canonicalization with comments Transform URI.
1209     *
1210     * @supported.api
1211     */
1212    public static final String TRANSFORM_C14N_WITH_COMMENTS =
1213                         ALGO_ID_C14N_WITH_COMMENTS;
1214
1215    /**
1216     * Exclusive XML canonicalization Transform URI.
1217     *
1218     * @supported.api
1219     */
1220    public static final String TRANSFORM_C14N_EXCL_OMIT_COMMENTS =
1221                         ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
1222
1223    /**
1224     * Exclusive XML canonicalization with comments Transform URI.
1225     *
1226     * @supported.api
1227     */
1228    public static final String TRANSFORM_C14N_EXCL_WITH_COMMENTS =
1229                         ALGO_ID_C14N_EXCL_WITH_COMMENTS;
1230
1231    /**
1232     * XSLT Transform URI.
1233     *
1234     * @supported.api
1235     */
1236    public static final String TRANSFORM_XSLT =
1237                         "http://www.w3.org/TR/1999/REC-xslt-19991116";
1238
1239    /**
1240     * Base64 decoding Transform URI.
1241     *
1242     * @supported.api
1243     */
1244    public static final String TRANSFORM_BASE64_DECODE =
1245                         XMLSIG_NAMESPACE_URI + "base64";
1246
1247    /**
1248     * XPath Transform URI.
1249     *
1250     * @supported.api
1251     */
1252    public static final String TRANSFORM_XPATH =
1253                         "http://www.w3.org/TR/1999/REC-xpath-19991116";
1254
1255    /**
1256     * Enveloped Signature Transform URI.
1257     *
1258     * @supported.api
1259     */
1260    public static final String TRANSFORM_ENVELOPED_SIGNATURE =
1261                         XMLSIG_NAMESPACE_URI + "enveloped-signature";
1262
1263    /**
1264     * XPointer Transform URI.
1265     *
1266     * @supported.api
1267     */
1268    public static final String TRANSFORM_XPOINTER =
1269                         "http://www.w3.org/TR/2001/WD-xptr-20010108";
1270
1271    /**
1272     * XPath Filter v2.0 Transform URI.
1273     *
1274     * @supported.api
1275     */
1276    public static final String TRANSFORM_XPATH2FILTER04 =
1277                         "http://www.w3.org/2002/04/xmldsig-filter2";
1278
1279    /**
1280     * XPath Filter v2.0 Transform URI.
1281     *
1282     * @supported.api
1283     */
1284    public static final String TRANSFORM_XPATH2FILTER =
1285                         "http://www.w3.org/2002/06/xmldsig-filter2";
1286
1287    /**
1288     * XPath Filter v2.0 CHGP Transform URI.
1289     *
1290     * @supported.api
1291     */
1292    public static final String TRANSFORM_XPATHFILTERCHGP =
1293          "http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter";
1294
1295    /**
1296     * XML schema namespace.
1297     *
1298     * @supported.api
1299     */
1300    public static final String NS_XMLNS = "http://www.w3.org/2000/xmlns/";
1301
1302    /**
1303     * SOAP security namespace.
1304     *
1305     * @supported.api
1306     */
1307    public static final String NS_SEC = "urn:liberty:sec:2003-08";
1308
1309    /**
1310     * SOAP utility namespace.
1311     *
1312     * @supported.api
1313     */
1314    public static final String NS_WSSE =
1315                         "http://schemas.xmlsoap.org/ws/2003/06/secext";
1316
1317    /**
1318     * Liberty security namespace.
1319     *
1320     * @supported.api
1321     */
1322    public static final String NS_WSU =
1323                        "http://schemas.xmlsoap.org/ws/2003/06/utility";
1324
1325    /**
1326     * String that identifies wsu prefix.
1327     */
1328    public static final String PREFIX_WSU = "wsu";
1329
1330    /**
1331     * String that identifies ds prefix.
1332     */
1333    public static final String PREFIX_DS = "ds";
1334
1335    /**
1336     * String that identifies tag name "SecurityTokenReference".
1337     */
1338    public static final String TAG_SECURITYTOKENREFERENCE =
1339                        "SecurityTokenReference";
1340
1341    /**
1342     * String that identifies tag xmlns.
1343     */
1344    public static final String TAG_XMLNS = "xmlns";
1345
1346    /**
1347     * String that identifies "xmlns:sec".
1348     */
1349    public static final String TAG_XMLNS_SEC = "xmlns:sec";
1350
1351    /**
1352     * Usage tag name.
1353     */
1354    public static final String TAG_USAGE = "Usage";
1355
1356    /**
1357     * MessageAuthentication tag name with namespace prefix.
1358     */
1359    public static final String TAG_SEC_MESSAGEAUTHENTICATION =
1360                        "sec:MessageAuthentication";
1361
1362    /**
1363     * Tag name for <code>BinarySecurityToken</code> with namespace prefix.
1364     */
1365    public static final String TAG_WSSE_BINARYSECURITYTOKEN =
1366                        "wsse:BinarySecurityToken";
1367
1368    /**
1369     * Tag name for <code>Security</code>.
1370     */
1371    public static final String TAG_SECURITY = "Security";
1372
1373    /**
1374     * Tag name for <code>AssertionIDReference</code>.
1375     */
1376    public static final String TAG_ASSERTIONIDREFERENCE =
1377                        "AssertionIDReference";
1378
1379    /**
1380     * Tag name for <code>Assertion</code>.
1381     */
1382    public static final String TAG_ASSERTION = "Assertion";
1383
1384    /**
1385     * String that identifies <code>AssertionID</code>.
1386     */
1387    public static final String TAG_ASSERTION_ID = "AssertionID";
1388
1389    /**
1390     * Tag name for <code>BinarySecurityToken</code>.
1391     */
1392    public static final String BINARYSECURITYTOKEN = "BinarySecurityToken";
1393
1394    /**
1395     * Tag name for "Id".
1396     */
1397    public static final String TAG_ID = "Id";
1398
1399    /**
1400     * Tag name for <code>Reference</code>.
1401     */
1402    public static final String TAG_REFERENCE = "Reference";
1403
1404    /**
1405     * Tag name for <code>URI</code>.
1406     */
1407    public static final String TAG_URI = "URI";
1408
1409    /**
1410     * Tag name for <code>ValueType</code>.
1411     */
1412    public static final String TAG_VALUETYPE = "ValueType";
1413
1414    /**
1415     * Tag name for <code>KeyInfo</code>.
1416     */
1417    public static final String TAG_KEYINFO = "KeyInfo";
1418
1419    /**
1420     * Tag name for <code>KeyName</code>.
1421     */
1422    public static final String TAG_KEYNAME = "KeyName";
1423
1424    /**
1425     * Tag name for <code>KeyValue<code>.
1426     */
1427    public static final String TAG_KEYVALUE = "KeyValue";
1428
1429    /**
1430     * Tag name for <code>PKCS7</code> with wsse namespace prefix.
1431     */
1432    public static final String TAG_PKCS7 = "wsse:PKCS7";
1433
1434    /**
1435     * Tag name for <code>X509Data</code>.
1436     */
1437    public static final String TAG_X509DATA = "X509Data";
1438
1439    /**
1440     * Tag name for <code>X509Certificate</code>.
1441     */
1442    public static final String TAG_X509CERTIFICATE = "X509Certificate";
1443
1444    /**
1445     * Beginning of certificate string.
1446     */
1447    public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----\n";
1448
1449    /**
1450     * End of certificate string.
1451     */
1452    public static final String END_CERT    = "\n-----END CERTIFICATE-----";
1453
1454    /**
1455     * <code>DSAKeyValue</code> tag name.
1456     */
1457    public static final String TAG_DSAKEYVALUE = "DSAKeyValue";
1458
1459    /**
1460     * <code>RSAKeyValue</code> tag name.
1461     */
1462    public static final String TAG_RSAKEYVALUE = "RSAKeyValue";
1463
1464    /**
1465     * Attribute which identifies certificate alias of this site.
1466     * This value is configured through <code>AMConfig.properties</code>.
1467     */
1468    public static final String MYCERTALIAS =
1469                        "com.sun.identity.saml.xmlsig.certalias";
1470    
1471    /**
1472     * User Name attribute key in the Attribute Map.
1473     */
1474    public static final String USER_NAME = "USER_NAME";
1475
1476    /**
1477     * SAML component name to be used to get datastore provider.
1478     */
1479    public static final String SAML = "saml";
1480    /**
1481     * SAML component default name space.
1482     */
1483    public static final String ATTR_NAME_SPACE =
1484        "urn:com:sun:identity:attrnamespace";
1485
1486    public static final String TAG_USERNAME_TOKEN = "UsernameToken";
1487    /**
1488     * Keyname for escaping special characters in <code>AttributeValue</code>.
1489     * If true, escaping special characters. Otherwise, will not. Default 
1490     * value is "true". 
1491     */
1492    public static final String ESCAPE_ATTR_VALUE = 
1493        "com.sun.identity.saml.escapeattributevalue";
1494    
1495    /**
1496     * HTTP POST binding.
1497     */
1498    public static final String HTTP_POST = "HTTP-POST";
1499
1500    /**
1501     * HTTP Redirect binding.
1502     */
1503    public static final String HTTP_REDIRECT = "HTTP-Redirect";
1504
1505    /**
1506     * Property to identity the HTTP binding for displaying error page.
1507     */
1508    public static final String ERROR_PAGE_HTTP_BINDING =
1509                       "com.sun.identity.saml.errorpage.httpbinding";
1510
1511    /**
1512     * Property to identify the error page url.
1513     */
1514    public static final String ERROR_PAGE_URL =
1515                       "com.sun.identity.saml.errorpage.url";
1516    /**
1517     * Default error page url.
1518     */
1519    public static final String DEFAULT_ERROR_PAGE_URL =
1520                                "/saml2/jsp/saml2error.jsp";
1521    /**
1522     * HTTP status code.
1523     */
1524    public static final String HTTP_STATUS_CODE = "httpstatuscode";
1525
1526    /**
1527     * Error message.
1528     */
1529    public static final String ERROR_MESSAGE = "errormessage";
1530
1531    /**
1532     * Error code.
1533     */
1534    public static final String ERROR_CODE = "errorcode";
1535
1536        /**
1537         * Accept Language HTTP header
1538         */
1539        public static final String ACCEPT_LANG_HEADER = "Accept-Language";
1540}




























































Copyright © 2010-2017, ForgeRock All Rights Reserved.