001/*
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: SAMLConstants.java,v 1.17 2009/06/12 22:21:39 mallas Exp $
026 *
027 * Portions Copyrighted 2010-2016 ForgeRock AS.
028 */
029
030package com.sun.identity.saml.common;
031
032import java.util.HashSet;
033import java.util.Set;
034
035/**
036 * This is a common class defining some constants common to all SAML elements.
037 *
038 * @supported.api
039 */
040public final class SAMLConstants 
041{
042    public static Set passwordAuthMethods = null;
043    public static Set tokenAuthMethods = null;
044    static {
045        passwordAuthMethods = new HashSet();
046        passwordAuthMethods.add("nt");
047        passwordAuthMethods.add("ldap");
048        passwordAuthMethods.add("membership");
049        passwordAuthMethods.add("anonymous");
050        tokenAuthMethods = new HashSet();
051        tokenAuthMethods.add("radius");
052    }
053
054    /**
055     * String to identify a quote.
056     */
057    public static final String QUOTE                    = "\"";
058
059    /**
060     * String to identify a new line charactor.
061     */
062    public static final String NL                       = "\n";
063
064    /**
065     * String to identify a left angle.
066     */
067    public static final String LEFT_ANGLE              = "<";
068
069    /**
070     * String to identify a right angle.
071     */
072    public static final String RIGHT_ANGLE              = ">";
073
074    /**
075     * String to identify "/>".
076     */
077    public static final String END_ELEMENT              = "/>";
078
079    /**
080     * String to identify "&lt;/".
081     */
082    public static final String START_END_ELEMENT = "</";
083
084    /**
085     * String to identify a space charactor.
086     */
087    public static final String SPACE                = " ";
088
089    /**
090     * SAML assertion namespace URI.
091     *
092     * @supported.api
093     */
094    public static final String assertionSAMLNameSpaceURI = 
095                "urn:oasis:names:tc:SAML:1.0:assertion";
096    /**
097     * SOAP 1.1 namespace URI.
098     *
099     * @supported.api
100     */
101    public static final String SOAP_URI =
102                "http://schemas.xmlsoap.org/soap/envelope/";
103    
104    /**
105     * SOAP 1.2 namespace URI.
106     *
107     * @supported.api
108     */
109    public static final String SOAP12_URI =
110                "http://www.w3.org/2003/05/soap-envelope";
111    /**
112     * SOAP envelope prefix.
113     */
114    public static final String SOAP_ENV_PREFIX = "soap-env";
115
116    /**
117     * SAML request-response protocol namespace URI.
118     *
119     * @supported.api
120     */
121    public static final String PROTOCOL_NAMESPACE_URI =
122                        "urn:oasis:names:tc:SAML:1.0:protocol";
123
124    /**
125     * XML Digital Signature namespace.
126     *
127     * @supported.api
128     */
129    public static final String XMLSIG_NAMESPACE_URI =
130                        "http://www.w3.org/2000/09/xmldsig#";
131
132    /**
133     * Element name for xml signature.
134     */
135    public static final String XMLSIG_ELEMENT_NAME = "Signature";
136
137    /**
138     * Pointer to Signature name space.
139     */
140    public static final String DSSAMLNameSpace = 
141        "xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"";
142   
143    /**
144     * String which gets incorporated into
145     * <code>toString(includeNS, declareNS)</code> when 
146     * <code>declareNS</code> is true for any assertion element.
147     */
148    public static final String assertionDeclareStr = 
149        " xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"";
150
151    /**
152     * String used in the <code>toString(includeNS, declareNS)</code> method.
153     */
154    public static final String PROTOCOL_NAMESPACE_STRING =
155        " xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\"";
156
157    /** 
158     * <code>NameQualifier</code> in <code>NameIdetifier</code> for
159     * <code>X509SubjectName</code>.
160     */
161    public static final String X509SUBJECTNAME =
162        assertionSAMLNameSpaceURI+"#X509SubjectName";
163
164    /**
165     * String used in the <code>ActionNamespace</code> attribute to refer to
166     * common sets of actions to perform on resources. 
167     *
168     * Title: Read/Write/Execute/Delete/Control
169     * Defined actions: <code>Read Write Execute Delete Control</code>
170     * These actions are interpreted in the normal manner, i.e. 
171     * <ul>
172     * <li><code>Read</code>: The subject may read the resource </li>
173     * <li><code>Write</code>: The subject may modify the resource </li>
174     * <li><code>Execute</code>: The subject may execute the resource </li>
175     * <li><code>Delete</code>: The subject may delete the resource </li>
176     * <li><code>Control</code>: The subject may specify the access control
177     *     policy for the resource.</li>
178     * </ul>
179     *
180     * @supported.api
181     */
182    public static final String ACTION_NAMESPACE = 
183        "urn:oasis:names:tc:SAML:1.0:action:rwedc";
184
185    /**
186     * String used in the <code>ActionNamespace</code> attribute to refer to
187     * common sets of actions to perform on resources. 
188     *
189     * Title: Read/Write/Execute/Delete/Control with Negation
190     * Defined actions:
191     * <code>Read Write Execute Delete Control ~Read ~Write ~Execute ~Delete
192     * ~Control</code>
193     * <ul>
194     * <li><code>Read</code>: The subject may read the resource </li>
195     * <li><code>Write</code>: The subject may modify the resource </li>
196     * <li><code>Execute</code>: The subject may execute the resource </li>
197     * <li><code>Delete</code>: The subject may delete the resource </li>
198     * <li><code>Control</code>: The subject may specify the access control
199     *     policy for the resource </li>
200     * <li><code>~Read</code>:  The subject may NOT read the resource </li>
201     * <li><code>~Write</code>: The subject may NOT modify the resource </li>
202     * <li><code>~Execute</code>: The subject may NOT execute the resource </li>
203     * <li><code>~Delete</code>: The subject may NOT delete the resource </li>
204     * <li><code>~Control</code>: The subject may NOT specify the access
205     *     control policy for the resource </li>
206     * </ul>
207     * An application MUST NOT authorize both an action and its negated form.
208     *
209     * @supported.api
210     */
211    public static final String ACTION_NAMESPACE_NEGATION = 
212                "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation";
213
214    /**
215     * String used in the <code>ActionNamespace</code> attribute to refer to
216     * common sets of actions to perform on resources. 
217     *
218     * Title: <code>Get/Head/Put/Post</code>
219     * Defined actions: 
220     *          <code>GET HEAD PUT POST</code>
221     * These actions bind to the corresponding HTTP operations. For example a
222     * subject authorized to perform the GET action on a resource is authorized
223     * to retrieve it. The GET and HEAD actions loosely correspond to the 
224     * conventional read permission and the PUT and POST actions to the write 
225     * permission. The correspondence is not exact however since a HTTP GET 
226     * operation may cause data to be modified and a POST operation may cause
227     * modification to a resource other than the one specified in the request. 
228     * For this reason a separate Action URI specifier is provided. 
229     *
230     * @supported.api
231     */
232    public static final String ACTION_NAMESPACE_GHPP = 
233                "urn:oasis:names:tc:SAML:1.0:ghpp";
234
235    /**
236     * String used in the <code>ActionNamespace<code> attribute to refer to
237     * common sets of actions to perform on resources. 
238     *
239     * Title: UNIX File Permissions
240     * Defined actions: 
241     * The defined actions are the set of UNIX file access permissions
242     * expressed in the numeric (octal) notation. The action string is a four
243     * digit numeric code: extended user group world 
244     * Where the extended access permission has the value  
245     * <ul>
246     * <li><code>+2 if sgid is set</code>
247     * <li><code>+4 if suid is set</code>
248     * The user group and world access permissions have the value 
249     * <li><code>+1 if execute permission is granted</code>
250     * <li><code>+2 if write permission is granted</code>
251     * <li><code>+4 if read permission is granted</code>
252     * For example 0754 denotes the UNIX file access permission: user read,
253     * write and execute, group read and execute and world read. 
254     *
255     * @supported.api
256     */
257    public static final String ACTION_NAMESPACE_UNIX = 
258                "urn:oasis:names:tc:SAML:1.0:action:unix";
259
260    /**
261     * saml namespace prefix with ":".
262     */
263    public static final String ASSERTION_PREFIX = "saml:";
264
265    /**
266     * samlp namespace prefix with ":".
267     */
268    public static final String PROTOCOL_PREFIX = "samlp:";
269
270    /**
271     * Assertion version 1.0.
272     */
273    public static final String ASSERTION_VERSION_1_0 = "1.0";
274
275    /**
276     * Assertion version 1.1.
277     */
278    public static final String ASSERTION_VERSION_1_1 = "1.1";
279
280    /**
281     * Major version of assertion.
282     */
283    public static final int ASSERTION_MAJOR_VERSION = 1;
284    /**
285     * Default Assertion minor version.
286     */
287    public static int ASSERTION_MINOR_VERSION = 1;
288
289    /**
290     * Assertion minor version 0.
291     */
292    public static final int ASSERTION_MINOR_VERSION_ZERO = 0;
293
294    /**
295     * Assertion minor version 1.
296     */
297    public static final int ASSERTION_MINOR_VERSION_ONE = 1;
298
299    /**
300     * Protocol version 1.0.
301     */
302    public static final String PROTOCOL_VERSION_1_0 = "1.0";
303
304    /**
305     * Protocol version 1.1.
306     */
307    public static final String PROTOCOL_VERSION_1_1 = "1.1";
308
309    /**
310     * Protocol major version 1.
311     */
312    public static final int PROTOCOL_MAJOR_VERSION = 1;
313
314    /**
315     * Default protocol minor version 1.
316     */
317    public static int PROTOCOL_MINOR_VERSION = 1;
318
319    /**
320     * Protocol minor version 0.
321     */
322    public static final int PROTOCOL_MINOR_VERSION_ZERO = 0; 
323
324    /**
325     * Protocol minor version 1.
326     */
327    public static final int PROTOCOL_MINOR_VERSION_ONE = 1;  
328 
329    /**
330     * Assertion handle, request id, and response id have this length.
331     * If server id cannot be found, assertion id has this length also.
332     * request id, response id, and assertion id will be base64 encoded for
333     * printing.
334     */
335    public static final int ID_LENGTH = 20;
336
337    /**
338     * Length for server id. Used in load balancing.
339     */
340    public static final int SERVER_ID_LENGTH = 2;
341
342    /**
343     * Default encoding used in the xml string conversion.
344     */
345    public static final String DEFAULT_ENCODING = "UTF-8";
346
347    /**
348     * SAML artifact confirmation method identifier URI.
349     *
350     * @supported.api
351     */
352    public static String CONFIRMATION_METHOD_ARTIFACT =
353                "urn:oasis:names:tc:SAML:1.0:cm:artifact";
354
355    /**
356     * Deprecated SAML Artifact confirmation method identifier URI.
357     *
358     * @supported.api
359     */
360    public static final String DEPRECATED_CONFIRMATION_METHOD_ARTIFACT =
361                "urn:oasis:names:tc:SAML:1.0:cm:artifact-01";
362
363    /**
364     * OpenAM confirmation method identifier URI.
365     *
366     * @supported.api
367     */
368    public static final String CONFIRMATION_METHOD_IS =
369                "urn:com:sun:identity";
370
371    /**
372     * SAML Bearer confirmation method identifier URI.
373     *
374     * @supported.api
375     */
376    public static final String CONFIRMATION_METHOD_BEARER =
377                "urn:oasis:names:tc:SAML:1.0:cm:bearer";
378
379    /**
380     * SAML "Holder of Key" confirmation method identifier URI.
381     *
382     * @supported.api
383     */
384    public static final String CONFIRMATION_METHOD_HOLDEROFKEY =
385                "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key";
386
387    /**
388     * SAML "Sender Vouches" confirmation method identifier URI.
389     *
390     * @supported.api
391     */
392    public static final String CONFIRMATION_METHOD_SENDERVOUCHES =
393                "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches";
394
395    // used by SAML service schema related operations
396
397    /**
398     * SAML service name.
399     */
400    public static final String SAML_SERVICE_NAME = "SAML1";
401
402    /**
403     * 1.0 version of SAML service.
404     */
405    public static final String SAML_SERVICE_VERSION = "1.0";
406
407    /**
408     * SAML service attribute that specifies time skew for not before attribute
409     * in assertion.
410     */
411    public static final String NOTBEFORE_TIMESKEW_NAME =
412                                        "iplanet-am-saml-notbefore-timeskew";
413
414    /**
415     * SAML service attribute that specifies artifact timeout period.
416     */
417    public static final String ARTIFACT_TIMEOUT_NAME =
418                                        "iplanet-am-saml-artifact-timeout";
419
420    /**
421     * SAML service attribute that specifies assertion timeout period.
422     */
423    public static final String ASSERTION_TIMEOUT_NAME =
424                                        "iplanet-am-saml-assertion-timeout";
425
426    /**
427     * SAML service attribute that specifies whether needs to remove
428     * assertion after it's being dereferenced or not.
429     */
430    public static final String REMOVE_ASSERTION_NAME =
431                                        "com.sun.identity.saml.removeassertion";
432
433    /**
434     * Default not before time skew. It's in seconds.
435     */
436    public static final int NOTBEFORE_TIMESKEW_DEFAULT = 300;
437
438    /**
439     * Default artifact timeout period. It's in seconds.
440     */
441    public static final int ARTIFACT_TIMEOUT_DEFAULT = 120;
442
443    /**
444     * Default assertion timeout period. It's in seconds.
445     */
446    public static final int ASSERTION_TIMEOUT_DEFAULT = 60;
447
448    /**
449     * SAML service attribute that specifies list of saml site IDs.
450     */
451    public static final String SITE_ID_LIST = "iplanet-am-saml-siteid-list"; 
452
453    /**
454     * SAML service attribute that specifies list of instances.
455     */
456    public static final String INSTANCE_LIST = "iplanet-am-saml-instance-list"; 
457
458    /**
459     * This site's ID.
460     */
461    public static final String SITE_ID = "mysiteid"; 
462
463    /**
464     * SAML service attribute that specifies list of issuer names.
465     */
466    public static final String ISSUER_NAME_LIST =
467                                        "iplanet-am-saml-issuername-list";
468
469    /**
470     * This site's issuer name.
471     */
472    public static final String ISSUER_NAME = "mysitename";
473
474    /**
475     * SAML service attribute name for list of site ID and issuer names.
476     */
477    public static final String SITE_ID_ISSUER_NAME_LIST =
478                                   "iplanet-am-saml-siteid-issuername-list";
479
480    /**
481     * Constant for instance id.
482     */
483    public static final String INSTANCEID = "INSTANCEID";
484
485    /**
486     * Constant for site id.
487     */
488    public static final String SITEID = "SITEID";
489
490    /**
491     * Constant for issuer name.
492     */
493    public static final String ISSUERNAME = "ISSUERNAME";
494
495    /**
496     * SAML service attribute that specifies site's certificate alias.
497     */
498    public static final String SITE_CERT_ALIAS =
499                                        "iplanet-am-saml-sitecertalias";
500
501    /**
502     * SAML service attribute that specifies whether to sign a request or not.
503     */
504    public static final String SIGN_REQUEST =
505                                        "iplanet-am-saml-signrequest";
506
507    /**
508     * Default is to not sign request.
509     */
510    public static final String SIGN_REQUEST_DEFAULT = "false";
511
512    /**
513     * SAML service attribute that specifies whether to sign a response or not.
514     */
515    public static final String SIGN_RESPONSE =
516                                        "iplanet-am-saml-signresponse";
517
518    /**
519     * Default is to not sign response.
520     */
521    public static final String SIGN_RESPONSE_DEFAULT = "false";
522
523    /**
524     * SAML service attribute that specifies whether to sign an assertion
525     * or not.
526     */
527    public static final String SIGN_ASSERTION =
528                                        "iplanet-am-saml-signassertion";
529
530    /**
531     * Default is to not sign the assertion.
532     */
533    public static final String SIGN_ASSERTION_DEFAULT = "false";
534
535    /**
536     * SAML service attribute that specifies the name for artifact.
537     */
538    public static final String ARTIFACT_NAME = "iplanet-am-saml-artifact-name";
539
540    /**
541     * SAML service attribute that specifies the name id format attribute map.
542     */
543    public static final String NAME_ID_FORMAT_MAP =
544            "iplanet-am-saml-name-id-format-attr-map";
545
546    /**
547     * SAML service attribute that specifies the attribute map.
548     */
549    public static final String ATTRIBUTE_MAP =
550            "iplanet-am-saml-attr-map";
551
552    /**
553     * Default SAML artifact name.
554     *
555     * @supported.api
556     */
557    public static final String ARTIFACT_NAME_DEFAULT = "SAMLart" ;
558
559    /**
560     * SAML service attribute that specifies target parameter.
561     */
562    public static final String TARGET_SPECIFIER = 
563                                           "iplanet-am-saml-target-specifier" ; 
564
565    /**
566     * Default parameter for target.
567     */
568    public static final String TARGET_SPECIFIER_DEFAULT = "TARGET" ;
569
570    /**
571     * SAML service attribute that specifies list of trusted partners.
572     * A sample trusted server list entry is like
573     * target=.iplanet.com:8080|
574     *      SAMLUrl=http://dsame.red.iplanet.com:8080/amserver/SAMLAwareServlet|
575     * POSTUrl=http://dsame.red.iplanet.com:8080/amserver/SAMLPOSTProfileServlet
576     */
577    public static final String TRUSTED_SERVER_LIST =
578                                        "iplanet-am-saml-trusted-server-list"; 
579
580    /**
581     * SAML service attribute that specifies partner urls.
582     * A sample Parter URL list entry is like: 
583     * SourceID=encoded 20 bytes|
584     * SOAPUrl=http://dsame2.red.iplanet.com:8080/amserver/SAMLSOAPReceiver
585     */
586    public static final String PARTNER_URLS = "iplanet-am-saml-partner-urls"; 
587
588    /**
589     * Constants for target.
590     */
591    public static final String TARGET = "TARGET"; 
592
593    /**
594     * Constants for url which handles saml web browser artifact profile.
595     */
596    public static final String SAMLURL = "SAMLURL"; 
597
598    /**
599     * Constants for url which handles saml web browser post profile.
600     */
601    public static final String POSTURL = "POSTURL";
602    
603
604    /**
605     * A SAML service attribute parameter. The 20-byte sequence defined as in
606     * the SiteID and Issuer name.
607     *
608     * @supported.api
609     */
610    public static final String SOURCEID = "SOURCEID"; 
611
612    /**
613     * A SAML service attribute parameter that defines partner's name.
614     *
615     * iPlanet-PUBLIC-STATIC
616     */
617    public static final String PARTNERNAME = "PARTNERNAME"; 
618
619    /**
620     * A SAML service attribute parameter that defines the URL that provides
621     * the SAML service. The servlet specified in the URL implements the
622     * Web-browser SSO with Artifact profile defined in the OASIS-SAML
623     * Bindings and Profiles specification.
624     *
625     * @supported.api
626     */
627    public static final String SOAPUrl = "SOAPURL"; 
628
629    /**
630     * A SAML service attribute parameter that defines the authentication type
631     * used in SAML. It should be one of the following:
632     *     NOAUTH
633     *     BASICAUTH
634     *     SSL
635     *     SSLWITHBASICAUTH
636     * This parameter is optional, and if not specified, the default is NOAUTH.
637     * If BASICAUTH or SSLWITHBASICAUTH is specified, the User parameter is
638     * require and the SOAPUrl should be HTTPS. 
639     *
640     * @supported.api
641     */
642    public static final String AUTHTYPE = "AUTHTYPE"; 
643
644    /**
645     * A SAML service attribute parameter that defines the uid of the partner
646     * which is used to protect the partner's SOAP Receiver
647     *
648     * @supported.api
649     */
650    public static final String UID = "USER"; 
651
652    /**
653     * A SAML service attribute parameter that defines the user id of the
654     * partner which is used for Basic Authentication.
655     *
656     * @supported.api
657     */
658    public static final String AUTH_UID = "AUTHUSER"; 
659
660    /**
661     * A SAML service attribute parameter that defines the password of the
662     * partner which is used for Basic Authentication.
663     *
664     * @supported.api
665     */
666    public static final String AUTH_PASSWORD = "AUTHPASSWORD"; 
667
668    /**
669     * A SAML service attribute parameter that specifies a pluggable class
670     * which defines how the subject of an Assertion is related to an identity
671     * at the destination site. By default, it is:
672     *     com.sun.identity.saml.plugins.DefaultAccountMapper
673     *
674     * @supported.api
675     */
676    public static final String ACCOUNTMAPPER = "ACCOUNTMAPPER";
677
678    /**
679     * A SAML service attribute parameter that specifies a pluggable class
680     * which defines how the subject of an Assertion is related to an identity
681     * at the destination site and a target URL. By default, it is:
682     *     com.sun.identity.saml.plugins.DefaultPartnerAccountMapper
683     *
684     * @supported.api
685     */
686    public static final String PARTNERACCOUNTMAPPER = "PARTNERACCOUNTMAPPER";
687
688    /**
689     * A SAML service attribute parameter that specifies the class with the
690     * path where the siteAttributeMapper is located. Applications can develop
691     * a siteAttributeMapper to obtain attributes to be included in the
692     * assertion during SSO. If no siteAttributeMapper is found, then no
693     * attributes will be included in the assertion during SSO. 
694     *
695     * @supported.api
696     */
697    public static final String SITEATTRIBUTEMAPPER = "siteattributemapper";
698    public static final String SITEATTRIBUTEMAPPERDEFAULT =
699            "com.sun.identity.saml.plugins.DefaultSiteAttributeMapper";
700    
701    /**
702     * A SAML service attribute parameter that specifies the class with the
703     * path where the partnerSiteAttributeMapper is located. Applications can
704     * develop a partnerSiteAttributeMapper to obtain attributes to be included
705     * in the assertion during SSO based on target URL. If no
706     * partnerSiteAttributeMapper is found, then no attributes will be included
707     * in the assertion during SSO. 
708     *
709     * @supported.api
710     */
711    public static final String PARTNERSITEATTRIBUTEMAPPER =
712                                "partnersiteattributemapper";
713
714
715    /**
716     * A SAML service attribute parameter that specifies the class with the
717     * path where the nameIdentifierMapper is located. Applications can develop
718     * a nameIdentifierMapper to obtain a name identifier to be included in the
719     * assertion during SSO. If no nameIdentifierMapper is found, then a
720     * default implementation will be used.
721     *
722     * @supported.api
723     */
724    public static final String NAMEIDENTIFIERMAPPER = "nameidentifiermapper";
725
726    /**
727     * A SAML service attribute parameter that lists the IP addresses and/or
728     * the certAlias for all of the hosts, within the specified partner site,
729     * that can send requests to this site. This ensures that the requester is
730     * indeed the intended receiver for the SAML artifact. 
731     *
732     * @supported.api
733     */
734    public static final String HOST_LIST = "hostlist";
735
736    /**
737     * A POST attribute name that specifies an assertion.
738     *
739     * @supported.api
740     */
741    public static final String POST_ASSERTION_NAME = "ASSERTION";
742
743    /**
744     * A POST attribute name that specifies attribute names of an assertion.
745     *
746     * @supported.api
747     */
748    public static final String POST_ATTR_NAMES = "ATTRIBUTENAMES";
749
750    /**
751     * A SAML service attribute parameter that specifies a certAlias name used
752     * for verifying the signature in an assertion, when the assertion is
753     * signed by a partner and the certificate of the partner can not be found
754     * in the KeyInfo portion of the signed assertion.
755     *
756     * @supported.api
757     */
758    public static final String CERTALIAS = "CERTALIAS";
759
760    /**
761     * A SAML service attribute parameter that defines the creator of an
762     * assertion generated within OpenAM. The syntax is
763     * hostname:port.
764     *
765     * @supported.api
766     */
767    public static final String ISSUER = "ISSUER";
768
769    /**
770     * A SAML service attribute parameter that specifies the class with the
771     * path to where the attributeMapper is located. Applications can develop
772     * an attributeMapper to obtain either an Session  ID or an assertion
773     * containing AuthenticationStatement from the query. The mapper is then
774     * used to retrieve the attributes for the subject. If no attributeMapper
775     * is specified, DefaultAttributeMapper will be used. 
776     *
777     * @supported.api
778     */
779    public static final String ATTRIBUTEMAPPER = "ATTRIBUTEMAPPER";
780
781    /**
782     * A SAML service attribute parameter that specifies the class with the
783     * path to where the actionMapper is located. Applications can develop an
784     * actionMapper to obtain either an Session ID or an assertion containing
785     * AuthenticationStatement from the query. The mapper is then used to
786     * retrieve the authorization decisions for the actions defined in the
787     * query. If no actionMapper is specified, DefaultActionMapper will be
788     * used. 
789     *
790     * @supported.api
791     */
792    public static final String ACTIONMAPPER = "ACTIONMAPPER";
793
794    /**
795     * A SAML service attribute parameter that specifies SAML version
796     *
797     * @supported.api
798     */
799    public static final String VERSION = "VERSION";
800
801    /**
802     * SAML service attribute that specifies action service mapping.
803     */
804    public static final String ACTION_SERVICE_MAPPING =
805                                "iplanet-am-saml-action-service-mapping";
806
807    /**
808     * SAML service attribute that specifies POST to Target URLs.
809     */
810    public static final String POST_TO_TARGET_URLS = 
811        "iplanet-am-saml-post-to-target-urls";
812
813    /**
814     * SAML service attribute that specifies maximum number of assertions
815     * the server can have at a given time.
816     */
817    public static final String ASSERTION_MAX_NUMBER_NAME =
818                                "iplanet-am-saml-assertion-max-number";
819    /**
820     * Default maximum number of assertions of the server. It means no limit.
821     */
822    public static final int ASSERTION_MAX_NUMBER_DEFAULT = 0;
823
824    /**
825     * SAML service attribute that specifies server clean up interval.
826     */
827    public static final String CLEANUP_INTERVAL_NAME =
828                                "iplanet-am-saml-cleanup-interval";
829    /**
830     * System property name that specifies cleanup interval for internal
831     * cache, such as assertions, artifacts and keystore etc. 
832     * This property is mapped to the CLEANUP_INTERVAL_NAME attribute in 
833     * SAML service on the server side.
834     */
835    public static final String CLEANUP_INTERVAL_PROPERTY =
836                            "com.sun.identity.saml.cleanup.interval";
837
838    /**
839     * Default server cleanup interval. It is in seconds.
840     */
841    public static final int CLEANUP_INTERVAL_DEFAULT = 180;
842
843    /**
844     * Kerberos authentication method.
845     */
846    public static final String AUTH_METHOD_KERBEROS = "Kerberos";
847
848    /**
849     * Certificate authentication method.
850     */
851    public static final String AUTH_METHOD_CERT = "Cert";
852
853    /**
854     * Certificate authentication method URI.
855     */
856    public static final String AUTH_METHOD_CERT_URI = "urn:ietf:rfc:2246";
857
858    /**
859     * Password authentication method URI.
860     */
861    public static final String AUTH_METHOD_PASSWORD_URI = 
862        "urn:oasis:names:tc:SAML:1.0:am:password";
863
864    /**
865     * Hardware token authentication method uri.
866     */
867    public static final String AUTH_METHOD_HARDWARE_TOKEN_URI = 
868        "urn:oasis:names:tc:SAML:1.0:am:HardwareToken";
869
870    /**
871     * Kerberos authentication method uri.
872     */
873    public static final String AUTH_METHOD_KERBEROS_URI = "urn:ietf:rfc:1510";
874
875    /**
876     * Private authentication method prefix.
877     */
878    public static final String AUTH_METHOD_URI_PREFIX =
879                                "urn:com:sun:identity:";
880
881    /**
882     * SAML service attribute which identifies basic authentication user.
883     */
884    public static final String USER = "iplanet-am-saml-user"; 
885
886    /**
887     * SAML service attribute which identifies basic authentication password.
888     */
889    public static final String PASSWORD="iplanet-am-saml-password"; 
890
891    /**
892     * A SAML authentication type that uses HTTP protocol and username/password
893     *
894     * @supported.api
895     */
896    public static final String BASICAUTH= "BASICAUTH";
897
898    /**
899     * A SAML authentication type that uses HTTPS protocol and
900     * username/password
901     *
902     * @supported.api
903     */
904    public static final String SSLWITHBASICAUTH = "SSLWITHBASICAUTH"; 
905
906    /**
907     * A SAML authentication type that uses HTTP protocol
908     *
909     * @supported.api
910     */
911    public static final String NOAUTH = "NOAUTH";
912
913    /**
914     * A SAML authentication type that uses HTTPS protocol
915     *
916     * @supported.api
917     */
918    public static final String SSL = "SSL"; 
919
920    /**
921     * Parameter for Name Identifier format used in SAML web browser post
922     * profile and SAML web browser artifact profile.
923     */
924    public static final String NAME_ID_FORMAT="NameIDFormat";
925
926    /**
927     * Constant for servlet which does SAML web browser artifact profile.
928     */
929    public static final String SAML_AWARE_NAMING="samlawareservlet";
930
931    /**
932     * Constant for endpoint which accepts SOAP request.
933     */
934    public static final String SAML_SOAP_NAMING="samlsoapreceiver"; 
935
936    /**
937     * Constant for servlet which does SAML web browser post profile.
938     */
939    public static final String SAML_POST_NAMING="samlpostservlet";
940
941    /**
942     * Constant for process which handles all assertion related requests.
943     */
944    public static final String SAML_AM_NAMING = "samlassertionmanager";
945
946    /**
947     * Parameter for SAML response used in SAML web browser post profile.
948     */
949    public static final String POST_SAML_RESPONSE_PARAM = "SAMLResponse";
950
951    /**
952     * Parameter for SAML TARGET.
953     */
954    public static final String POST_TARGET_PARAM = "TARGET";
955
956    // for SAMLPOSTProfileServlet
957
958    /**
959     * Constant which identifies source site.
960     */
961    public static final String SOURCE_SITE_SOAP_ENTRY = "sourceSite";
962
963    /**
964     * Constant for assertion parameter.
965     */
966    public static final String POST_ASSERTION = "assertion";
967
968    /**
969     * Constant for subject.
970     */
971    public static final String SUBJECT = "subject";
972
973    /**
974     * Success status code.
975     */
976    public static final String STATUS_CODE_SUCCESS = "samlp:Success";
977
978    /**
979     * Success status code with no namespace prefix.
980     */
981    public static final String STATUS_CODE_SUCCESS_NO_PREFIX = ":Success";
982
983    /**
984     * http protocol.
985     */
986    public static final String HTTP="http"; 
987
988    /**
989     * https protocol.
990     */
991    public static final String HTTPS="https";
992 
993    // Used for xml digital signing
994    public static final String CANONICALIZATION_METHOD =
995        "com.sun.identity.saml.xmlsig.c14nMethod";
996    public static final String TRANSFORM_ALGORITHM=
997        "com.sun.identity.saml.xmlsig.transformAlg";
998    public static final String XMLSIG_ALGORITHM =
999        "com.sun.identity.saml.xmlsig.xmlSigAlgorithm";    
1000    public static final String DIGEST_ALGORITHM =
1001        "com.sun.identity.saml.xmlsig.digestAlgorithm";
1002    public static final String JKS_KEY_PROVIDER = 
1003        "com.sun.identity.saml.xmlsig.JKSKeyProvider"; 
1004    public static final String KEY_PROVIDER_IMPL_CLASS =
1005        "com.sun.identity.saml.xmlsig.keyprovider.class";
1006    public static final String SIGNATURE_PROVIDER_IMPL_CLASS =
1007        "com.sun.identity.saml.xmlsig.signatureprovider.class";
1008    public static final String AM_SIGNATURE_PROVIDER =
1009        "com.sun.identity.saml.xmlsig.AMSignatureProvider";
1010   
1011    // constants for XML Signature SignatureMethodURI
1012
1013    /**
1014     * MAC Algorithm HMAC-SHA1 URI - Required.
1015     *
1016     * @supported.api
1017     */
1018    public static final String ALGO_ID_MAC_HMAC_SHA1 = 
1019                                "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
1020
1021    /**
1022     * Signature Algorithm DSAwithSHA1 URI - Required.
1023     *
1024     * @supported.api
1025     */
1026    public static final String ALGO_ID_SIGNATURE_DSA =
1027                                "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
1028
1029    /**
1030     * Signature Algorithm RSAwithSHA1 URI - Recommended.
1031     *
1032     * @supported.api
1033     */
1034    public static final String ALGO_ID_SIGNATURE_RSA = 
1035                                "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
1036    /**
1037     * Signature Algorithm RSAwithSHA1 URI.
1038     *
1039     * @supported.api
1040     */
1041    public static final String ALGO_ID_SIGNATURE_RSA_SHA1 =
1042                                "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
1043
1044    /**
1045     * Signature Algorithm RSA-MD5 URI.
1046     *
1047     * @supported.api
1048     */
1049    public static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 =
1050                              "http://www.w3.org/2001/04/xmldsig-more#rsa-md5";
1051
1052    /**
1053     * Signature Algorithm RSA-RIPEMD160 URI.
1054     *
1055     * @supported.api
1056     */
1057    public static final String ALGO_ID_SIGNATURE_RSA_RIPEMD160 = 
1058                        "http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160";
1059
1060    /**
1061     * Signature Algorithm RSA-SHA256 URI.
1062     *
1063     * @supported.api
1064     */
1065    public static final String ALGO_ID_SIGNATURE_RSA_SHA256 =
1066                        "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
1067
1068    /**
1069     * Signature Algorithm RSA-SHA384 URI.
1070     *
1071     * @supported.api
1072     */
1073    public static final String ALGO_ID_SIGNATURE_RSA_SHA384 = 
1074                        "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
1075
1076    /**
1077     * Signature Algorithm RSA-SHA512 URI.
1078     *
1079     * @supported.api
1080     */
1081    public static final String ALGO_ID_SIGNATURE_RSA_SHA512 = 
1082                        "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
1083
1084    /**
1085     * MAC Algorithm HMAC-MD5 URI.
1086     *
1087     * @supported.api
1088     */
1089    public static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 = 
1090                        "http://www.w3.org/2001/04/xmldsig-more#hmac-md5";
1091
1092    /**
1093     * MAC Algorithm HMAC-RIPEMD160 URI.
1094     *
1095     * @supported.api
1096     */
1097    public static final String ALGO_ID_MAC_HMAC_RIPEMD160 = 
1098                       "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160";
1099
1100    /**
1101     * MAC Algorithm HMAC-SHA256 URI.
1102     *
1103     * @supported.api
1104     */
1105    public static final String ALGO_ID_MAC_HMAC_SHA256 = 
1106                        "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
1107
1108    /**
1109     * MAC Algorithm HMAC-SHA384 URI.
1110     *
1111     * @supported.api
1112     */
1113    public static final String ALGO_ID_MAC_HMAC_SHA384 =
1114                        "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384";
1115
1116    /**
1117     * MAC Algorithm HMAC-SHA512 URI.
1118     *
1119     * @supported.api
1120     */
1121    public static final String ALGO_ID_MAC_HMAC_SHA512 = 
1122                        "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
1123
1124    /**
1125     * Attribute that identifies server protocol in
1126     * <code>AMConfig.properties</code> file.
1127     */
1128    public static final String SERVER_PROTOCOL =
1129                        "com.iplanet.am.server.protocol";
1130
1131    /**
1132     * Attribute that identifies server host in
1133     * <code>AMConfig.properties</code> file.
1134     */
1135    public static final String SERVER_HOST = "com.iplanet.am.server.host";
1136
1137    /**
1138     * Attribute that identifies server port in
1139     * <code>AMConfig.properties</code> file.
1140     */
1141    public static final String SERVER_PORT = "com.iplanet.am.server.port";
1142
1143    /**
1144     * Attribute that identifies server port in
1145     * <code>AMConfig.properties</code> file.
1146     */
1147    public static final String SERVER_URI =
1148        "com.iplanet.am.services.deploymentDescriptor";
1149
1150    /**
1151     * Attribute that identifies default version for saml assertion in
1152     * <code>AMConfig.properties</code> file.
1153     */
1154    public static final String SAML_ASSERTION_VERSION =
1155                        "com.sun.identity.saml.assertion.version";
1156
1157    /**
1158     * Attribute that identifies default version for saml protocol in
1159     * <code>AMConfig.properties</code> file.
1160     */
1161    public static final String SAML_PROTOCOL_VERSION =
1162                        "com.sun.identity.saml.protocol.version";
1163   
1164    /**
1165     * XML canonicalization Algorithm URI.
1166     *
1167     * @supported.api
1168     */
1169    public static final String ALGO_ID_C14N_OMIT_COMMENTS =
1170                        "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
1171
1172    /**
1173     * XML canonicalization with comments Algorithm URI.
1174     *
1175     * @supported.api
1176     */
1177    public static final String ALGO_ID_C14N_WITH_COMMENTS =
1178                        ALGO_ID_C14N_OMIT_COMMENTS + "#WithComments";
1179
1180    /**
1181     * Exclusive XML canonicalization Algorithm URI.
1182     *
1183     * @supported.api
1184     */
1185    public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS =
1186                        "http://www.w3.org/2001/10/xml-exc-c14n#";
1187
1188    /**
1189     * Exclusive XML canonicalization with comments Algorithm URI.
1190     *
1191     * @supported.api
1192     */
1193    public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS =
1194                        ALGO_ID_C14N_EXCL_OMIT_COMMENTS + "WithComments";
1195   
1196    //constants for XML Signature -Transform algorithm
1197    //supported in Apache xml security package 1.0.5
1198  
1199    /**
1200     * XML canonicalization Transform URI.
1201     *
1202     * @supported.api
1203     */
1204    public static final String TRANSFORM_C14N_OMIT_COMMENTS =
1205                        ALGO_ID_C14N_OMIT_COMMENTS;
1206
1207    /**
1208     * XML canonicalization with comments Transform URI.
1209     *
1210     * @supported.api
1211     */
1212    public static final String TRANSFORM_C14N_WITH_COMMENTS =
1213                         ALGO_ID_C14N_WITH_COMMENTS;
1214
1215    /**
1216     * Exclusive XML canonicalization Transform URI.
1217     *
1218     * @supported.api
1219     */
1220    public static final String TRANSFORM_C14N_EXCL_OMIT_COMMENTS =
1221                         ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
1222
1223    /**
1224     * Exclusive XML canonicalization with comments Transform URI.
1225     *
1226     * @supported.api
1227     */
1228    public static final String TRANSFORM_C14N_EXCL_WITH_COMMENTS =
1229                         ALGO_ID_C14N_EXCL_WITH_COMMENTS;
1230
1231    /**
1232     * XSLT Transform URI.
1233     *
1234     * @supported.api
1235     */
1236    public static final String TRANSFORM_XSLT =
1237                         "http://www.w3.org/TR/1999/REC-xslt-19991116";
1238
1239    /**
1240     * Base64 decoding Transform URI.
1241     *
1242     * @supported.api
1243     */
1244    public static final String TRANSFORM_BASE64_DECODE =
1245                         XMLSIG_NAMESPACE_URI + "base64";
1246
1247    /**
1248     * XPath Transform URI.
1249     *
1250     * @supported.api
1251     */
1252    public static final String TRANSFORM_XPATH =
1253                         "http://www.w3.org/TR/1999/REC-xpath-19991116";
1254
1255    /**
1256     * Enveloped Signature Transform URI.
1257     *
1258     * @supported.api
1259     */
1260    public static final String TRANSFORM_ENVELOPED_SIGNATURE =
1261                         XMLSIG_NAMESPACE_URI + "enveloped-signature";
1262
1263    /**
1264     * XPointer Transform URI.
1265     *
1266     * @supported.api
1267     */
1268    public static final String TRANSFORM_XPOINTER =
1269                         "http://www.w3.org/TR/2001/WD-xptr-20010108";
1270
1271    /**
1272     * XPath Filter v2.0 Transform URI.
1273     *
1274     * @supported.api
1275     */
1276    public static final String TRANSFORM_XPATH2FILTER04 =
1277                         "http://www.w3.org/2002/04/xmldsig-filter2";
1278
1279    /**
1280     * XPath Filter v2.0 Transform URI.
1281     *
1282     * @supported.api
1283     */
1284    public static final String TRANSFORM_XPATH2FILTER =
1285                         "http://www.w3.org/2002/06/xmldsig-filter2";
1286
1287    /**
1288     * XPath Filter v2.0 CHGP Transform URI.
1289     *
1290     * @supported.api
1291     */
1292    public static final String TRANSFORM_XPATHFILTERCHGP =
1293          "http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter";
1294
1295    /**
1296     * XML schema namespace.
1297     *
1298     * @supported.api
1299     */
1300    public static final String NS_XMLNS = "http://www.w3.org/2000/xmlns/";
1301
1302    /**
1303     * SOAP security namespace.
1304     *
1305     * @supported.api
1306     */
1307    public static final String NS_SEC = "urn:liberty:sec:2003-08";
1308
1309    /**
1310     * SOAP utility namespace.
1311     *
1312     * @supported.api
1313     */
1314    public static final String NS_WSSE =
1315                         "http://schemas.xmlsoap.org/ws/2003/06/secext";
1316
1317    /**
1318     * Liberty security namespace.
1319     *
1320     * @supported.api
1321     */
1322    public static final String NS_WSU =
1323                        "http://schemas.xmlsoap.org/ws/2003/06/utility";
1324
1325    /**
1326     * String that identifies wsu prefix.
1327     */
1328    public static final String PREFIX_WSU = "wsu";
1329
1330    /**
1331     * String that identifies ds prefix.
1332     */
1333    public static final String PREFIX_DS = "ds";
1334
1335    /**
1336     * String that identifies tag name "SecurityTokenReference".
1337     */
1338    public static final String TAG_SECURITYTOKENREFERENCE =
1339                        "SecurityTokenReference";
1340
1341    /**
1342     * String that identifies tag xmlns.
1343     */
1344    public static final String TAG_XMLNS = "xmlns";
1345
1346    /**
1347     * String that identifies "xmlns:sec".
1348     */
1349    public static final String TAG_XMLNS_SEC = "xmlns:sec";
1350
1351    /**
1352     * Usage tag name.
1353     */
1354    public static final String TAG_USAGE = "Usage";
1355
1356    /**
1357     * MessageAuthentication tag name with namespace prefix.
1358     */
1359    public static final String TAG_SEC_MESSAGEAUTHENTICATION =
1360                        "sec:MessageAuthentication";
1361
1362    /**
1363     * Tag name for <code>BinarySecurityToken</code> with namespace prefix.
1364     */
1365    public static final String TAG_WSSE_BINARYSECURITYTOKEN =
1366                        "wsse:BinarySecurityToken";
1367
1368    /**
1369     * Tag name for <code>Security</code>.
1370     */
1371    public static final String TAG_SECURITY = "Security";
1372
1373    /**
1374     * Tag name for <code>AssertionIDReference</code>.
1375     */
1376    public static final String TAG_ASSERTIONIDREFERENCE =
1377                        "AssertionIDReference";
1378
1379    /**
1380     * Tag name for <code>Assertion</code>.
1381     */
1382    public static final String TAG_ASSERTION = "Assertion";
1383
1384    /**
1385     * String that identifies <code>AssertionID</code>.
1386     */
1387    public static final String TAG_ASSERTION_ID = "AssertionID";
1388
1389    /**
1390     * Tag name for <code>BinarySecurityToken</code>.
1391     */
1392    public static final String BINARYSECURITYTOKEN = "BinarySecurityToken";
1393
1394    /**
1395     * Tag name for "Id".
1396     */
1397    public static final String TAG_ID = "Id";
1398
1399    /**
1400     * Tag name for <code>Reference</code>.
1401     */
1402    public static final String TAG_REFERENCE = "Reference";
1403
1404    /**
1405     * Tag name for <code>URI</code>.
1406     */
1407    public static final String TAG_URI = "URI";
1408
1409    /**
1410     * Tag name for <code>ValueType</code>.
1411     */
1412    public static final String TAG_VALUETYPE = "ValueType";
1413
1414    /**
1415     * Tag name for <code>KeyInfo</code>.
1416     */
1417    public static final String TAG_KEYINFO = "KeyInfo";
1418
1419    /**
1420     * Tag name for <code>KeyName</code>.
1421     */
1422    public static final String TAG_KEYNAME = "KeyName";
1423
1424    /**
1425     * Tag name for <code>KeyValue<code>.
1426     */
1427    public static final String TAG_KEYVALUE = "KeyValue";
1428
1429    /**
1430     * Tag name for <code>PKCS7</code> with wsse namespace prefix.
1431     */
1432    public static final String TAG_PKCS7 = "wsse:PKCS7";
1433
1434    /**
1435     * Tag name for <code>X509Data</code>.
1436     */
1437    public static final String TAG_X509DATA = "X509Data";
1438
1439    /**
1440     * Tag name for <code>X509Certificate</code>.
1441     */
1442    public static final String TAG_X509CERTIFICATE = "X509Certificate";
1443
1444    /**
1445     * Beginning of certificate string.
1446     */
1447    public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----\n";
1448
1449    /**
1450     * End of certificate string.
1451     */
1452    public static final String END_CERT    = "\n-----END CERTIFICATE-----";
1453
1454    /**
1455     * <code>DSAKeyValue</code> tag name.
1456     */
1457    public static final String TAG_DSAKEYVALUE = "DSAKeyValue";
1458
1459    /**
1460     * <code>RSAKeyValue</code> tag name.
1461     */
1462    public static final String TAG_RSAKEYVALUE = "RSAKeyValue";
1463
1464    /**
1465     * Attribute which identifies certificate alias of this site.
1466     * This value is configured through <code>AMConfig.properties</code>.
1467     */
1468    public static final String MYCERTALIAS =
1469                        "com.sun.identity.saml.xmlsig.certalias";
1470    
1471    /**
1472     * User Name attribute key in the Attribute Map.
1473     */
1474    public static final String USER_NAME = "USER_NAME";
1475
1476    /**
1477     * SAML component name to be used to get datastore provider.
1478     */
1479    public static final String SAML = "saml";
1480    /**
1481     * SAML component default name space.
1482     */
1483    public static final String ATTR_NAME_SPACE =
1484        "urn:com:sun:identity:attrnamespace";
1485
1486    public static final String TAG_USERNAME_TOKEN = "UsernameToken";
1487    /**
1488     * Keyname for escaping special characters in <code>AttributeValue</code>.
1489     * If true, escaping special characters. Otherwise, will not. Default 
1490     * value is "true". 
1491     */
1492    public static final String ESCAPE_ATTR_VALUE = 
1493        "com.sun.identity.saml.escapeattributevalue";
1494    
1495    /**
1496     * HTTP POST binding.
1497     */
1498    public static final String HTTP_POST = "HTTP-POST";
1499
1500    /**
1501     * HTTP Redirect binding.
1502     */
1503    public static final String HTTP_REDIRECT = "HTTP-Redirect";
1504
1505    /**
1506     * Property to identity the HTTP binding for displaying error page.
1507     */
1508    public static final String ERROR_PAGE_HTTP_BINDING =
1509                       "com.sun.identity.saml.errorpage.httpbinding";
1510
1511    /**
1512     * Property to identify the error page url.
1513     */
1514    public static final String ERROR_PAGE_URL =
1515                       "com.sun.identity.saml.errorpage.url";
1516    /**
1517     * Default error page url.
1518     */
1519    public static final String DEFAULT_ERROR_PAGE_URL =
1520                                "/saml2/jsp/saml2error.jsp";
1521    /**
1522     * HTTP status code.
1523     */
1524    public static final String HTTP_STATUS_CODE = "httpstatuscode";
1525
1526    /**
1527     * Error message.
1528     */
1529    public static final String ERROR_MESSAGE = "errormessage";
1530
1531    /**
1532     * Error code.
1533     */
1534    public static final String ERROR_CODE = "errorcode";
1535
1536        /**
1537         * Accept Language HTTP header
1538         */
1539        public static final String ACCEPT_LANG_HEADER = "Accept-Language";
1540}