001/*
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: SAML2Constants.java,v 1.44 2009/11/24 21:53:02 madan_ranganath Exp $
026 *
027 * Portions Copyrighted 2010-2017 ForgeRock AS.
028 */
029package com.sun.identity.saml2.common;
030
031import com.sun.identity.cot.COTConstants;
032
033/**
034 * This interface defines constants common to all SAMLv2 elements.
035 *
036 * @supported.all.api
037 */
038public interface SAML2Constants {
039
040    /**
041     * XML name space URI
042     */
043    public String NS_XML = "http://www.w3.org/2000/xmlns/";
044    
045    /**
046     * String used to declare SAMLv2 assertion namespace prefix.
047     */
048    public String ASSERTION_PREFIX = "saml:";
049    
050    /**
051     * String used to declare SAMLv2 assertion namespace.
052     */
053    public String ASSERTION_DECLARE_STR =
054    " xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"";
055    
056    /**
057     * SAMLv2 assertion namespace URI.
058     */
059    public String ASSERTION_NAMESPACE_URI =
060    "urn:oasis:names:tc:SAML:2.0:assertion";
061    
062    /**
063     * Default namespace attribute for <code>Action</code>.
064     */
065    public String ACTION_NAMESPACE_NEGATION =
066    "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation";
067    
068    /**
069     * String used to declare SAMLv2 protocol namespace prefix.
070     */
071    public String PROTOCOL_PREFIX = "samlp:";
072    
073    /**
074     * String used to declare SAMLv2 protocol namespace.
075     */
076    public String PROTOCOL_NAMESPACE = "urn:oasis:names:tc:SAML:2.0:protocol";
077    
078    /**
079     * String used to declare SAMLv2 protocol namespace.
080     */
081    public String PROTOCOL_DECLARE_STR =
082                " xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"";
083    
084    /**
085     * String used to represent HTTP Redirect Binding.
086     */
087    public String HTTP_REDIRECT =
088                "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
089
090    /**
091     * String used to represent SOAP Binding.
092     */
093    public String SOAP =
094                "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
095
096    /**
097     * String used to represent PAOS Binding.
098     */
099    public static final String PAOS =
100                "urn:oasis:names:tc:SAML:2.0:bindings:PAOS";
101
102    /**
103     * String used to represent HTTP POST Binding.
104     */
105    public String HTTP_POST =
106                "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
107
108    /**
109     * String used to represent HTTP ARTIFACT Binding.
110     */
111    public String HTTP_ARTIFACT =
112                "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact";
113
114    /**
115     * String used to represent URI Binding.
116     */
117    public String URI =
118                "urn:oasis:names:tc:SAML:2.0:bindings:URI";
119
120    /**
121     * String to represent Name Identifier Format name space
122     */
123    public String NAMEID_FORMAT_NAMESPACE=
124                "urn:oasis:names:tc:SAML:2.0:nameid-format:";
125
126    /**
127     * String to represent Name Identifier Format name space
128     * version 1.1
129     */
130    public static final String NAMEID_FORMAT_NAMESPACE_V_1_1=
131          "urn:oasis:names:tc:SAML:1.1:nameid-format:";
132
133    /**
134     * String to represent Encrypted Format Name Identifier
135     */
136    public String ENCRYPTED =
137                NAMEID_FORMAT_NAMESPACE + "encrypted";
138
139
140    /**
141     * String to represent Persitent Name Identifier
142     */
143    public String PERSISTENT =
144                NAMEID_FORMAT_NAMESPACE + "persistent";
145    
146    /**
147     * String to represent Unspecified Name Identifier
148     */
149    public String UNSPECIFIED =
150        NAMEID_FORMAT_NAMESPACE_V_1_1 + "unspecified";
151  
152    /**
153     * String to represent Email Address Name Identifier
154     */
155    public String EMAIL_ADDRESS =
156        NAMEID_FORMAT_NAMESPACE_V_1_1 + "emailAddress";
157
158    /**
159     * String to represent Entity Name Identifier
160     */
161    public String ENTITY =
162                NAMEID_FORMAT_NAMESPACE + "entity";
163
164    /**
165     * String to represent X509 Subejct Name Identifier
166     */
167    public String X509_SUBJECT_NAME =
168        NAMEID_FORMAT_NAMESPACE_V_1_1 + "X509SubjectName";
169
170    /**
171     * String to represent Windows Domain Qualified Name Identifier
172     */
173    public String WINDOWS_DOMAIN_QUALIFIED_NAME =
174        NAMEID_FORMAT_NAMESPACE_V_1_1 + "WindowsDomainQualifiedName";
175
176    /**
177     * String to represent Kerberos Principal Name Identifier
178     */
179    public String KERBEROS_PRINCIPAL_NAME =
180        NAMEID_FORMAT_NAMESPACE + "kerberos";
181
182    /**
183     * String to represent the authentication service url
184     */
185    public String AUTH_URL = "AuthUrl";
186
187    /**
188     * Used when the SAML endpoints are RP'd to a non-server/site URL, typically
189     * to DAS
190     */
191    public String RP_URL = "RpUrl";
192
193    /**
194     * Strings represent primitive top-level StatusCode values 
195     */
196    public String SUCCESS =
197        "urn:oasis:names:tc:SAML:2.0:status:Success";
198
199    public String REQUESTER =
200        "urn:oasis:names:tc:SAML:2.0:status:Requester";
201
202    public String RESPONDER =
203        "urn:oasis:names:tc:SAML:2.0:status:Responder";
204
205    public String NOPASSIVE =
206        "urn:oasis:names:tc:SAML:2.0:status:NoPassive";
207    
208    public String VERSION_MISMATCH =
209        "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch";
210
211    public String UNKNOWN_PRINCIPAL =
212        "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal";
213
214    public String AUTHN_FAILED =
215        "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed";
216
217    public String INVALID_ATTR_NAME_OR_VALUE =
218        "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue";
219
220    public String INVALID_NAME_ID_POLICY =
221        "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy";
222
223    public String NO_AUTHN_CONTEXT =
224        "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext";
225
226    /**
227     * Basic name format
228     */
229    public String BASIC_NAME_FORMAT =
230        "urn:oasis:names:tc:SAML:2.0:attrname-format:basic";
231
232    /**
233     * Basic attribute profile
234     */
235    public String BASIC_ATTRIBUTE_PROFILE =
236        "urn:oasis:names:tc:SAML:2.0:profiles:attribute:basic";
237
238    /**
239     * Attribute Query default profile
240     */
241    public static final String DEFAULT_ATTR_QUERY_PROFILE =
242        "urn:oasis:names:tc:SAML:2.0:profiles:query";
243
244    /**
245     * Attribute Query x509 Subject profile
246     */
247    public static final String X509_SUBJECT_ATTR_QUERY_PROFILE =
248        "urn:oasis:names:tc:SAML:2.0:profiles:query:attribute:X509";
249
250    /**
251     * Attribute Query default profile alias
252     */
253    public static final String DEFAULT_ATTR_QUERY_PROFILE_ALIAS =
254        "default";
255
256    /**
257     * Attribute Query x509 Subject profile alias
258     */
259    public static final String X509_SUBJECT_ATTR_QUERY_PROFILE_ALIAS =
260        "x509Subject";
261
262    /**
263     * Strings represent subject confirmation methods
264     */
265    public String SUBJECT_CONFIRMATION_METHOD_BEARER =
266        "urn:oasis:names:tc:SAML:2.0:cm:bearer";
267    
268    /**
269     * Confirmation method for holder of key
270     */
271    public String SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY =
272        "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
273    
274    /**
275     * Confirmation method for sender vouches
276     */
277    public String SUBJECT_CONFIRMATION_METHOD_SENDER_VOUCHES =
278        "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches";
279    
280    /**
281     * Session Property name indicating if response is redirected or not
282     */
283    public String RESPONSE_REDIRECTED = "SAML2ResponseRedirected";
284
285    /**
286     * Length for SAMLv2 IDs.
287     */
288    public int ID_LENGTH = 20;
289    
290    /**
291     * SAMLv2 Version String
292     */
293    public String VERSION_2_0 = "2.0";
294
295    /**
296     * SAMLRequest query parameter name
297     */
298    public String SAML_REQUEST = "SAMLRequest";
299
300    /**
301     * SAMLResponse query parameter name
302     */
303    public String SAML_RESPONSE = "SAMLResponse";
304    
305    
306    /**
307     * Maximum value of unsigned integer/short type.
308     */
309    public int MAX_INT_VALUE=65535;
310    
311    /**
312     * Start Tag for XML String
313     */
314    public String START_TAG="<";
315    /**
316     * End Tag for XML String
317     */
318    public String END_TAG =">";
319    
320    /**
321     * Constant for space
322     */
323    public String SPACE=" ";
324    /**
325     * Constant for equal
326     */
327    public String EQUAL= "=";
328    
329    /**
330     * Constant for quote
331     */
332    public String QUOTE = "\"";
333    
334    /**
335     * Constant for newline
336     */
337    public String NEWLINE= "\n";
338    
339    /**
340     * Constant for xml name space
341     */
342    public String NAMESPACE_PREFIX="xmlns";
343    
344    /**
345     * Constant for SAML2 end tag
346     */
347    public String SAML2_END_TAG="</samlp:";
348    
349    /**
350     * Constant for AuthnRequest
351     */
352    public String AUTHNREQUEST="AuthnRequest";
353
354    /**
355     * Constant for LogoutRequest
356     */
357    public String LOGOUT_REQUEST="LogoutRequest";
358
359    /**
360     * Constant for LogoutResponse
361     */
362    public String LOGOUT_RESPONSE="LogoutResponse";
363
364    /**
365     * Constant for AssertionIDRequest
366     */
367    public String ASSERTION_ID_REQUEST = "AssertionIDRequest";
368
369    /**
370     * Constant for AttributeQuery
371     */
372    public String ATTRIBUTE_QUERY = "AttributeQuery";
373
374    /**
375     * Constant for AuthnQuery
376     */
377    public String AUTHN_QUERY = "AuthnQuery";
378
379    /**
380     * Constant for NameIDMappingRequest
381     */
382    public String NAME_ID_MAPPING_REQUEST = "NameIDMappingRequest";
383
384    /**
385     * Constant for NameIDMappingResponse
386     */
387    public String NAME_ID_MAPPING_RESPONSE = "NameIDMappingResponse";
388
389    /**
390     * Constant for AssertionIDRef
391     */
392    public String ASSERTION_ID_REF = "AssertionIDRef";
393
394    /**
395     * Constant for Attribute
396     */
397    public String ATTRIBUTE="Attribute";
398
399    /**
400     * Constant for SessionIndex
401     */
402    public String SESSION_INDEX="SessionIndex";
403
404    /**
405     * Constant for BaseID
406     */
407    public String BASEID="BaseID";
408
409    /**
410     * Constant for NameID
411     */
412    public String NAMEID="NameID";
413
414    /**
415     * Constant for EncryptedID
416     */
417    public String ENCRYPTEDID="EncryptedID";
418    
419    /**
420     * Constant for Reason
421     */
422    public String REASON="Reason";
423
424    /**
425     * Constant for NotOnOrAfter
426     */
427    public String NOTONORAFTER="NotOnOrAfter";
428
429    /**
430     * Constant for NotOnOrAfter
431     */
432    public String NOTBEFORE="NotBefore";
433
434    /**
435     * Constant for InResponseTo
436     */
437    public String INRESPONSETO="InResponseTo";
438   
439    /**
440     * Constant for ID
441     */
442    public String ID="ID";
443    
444    
445    /**
446     * Constant for Version
447     */
448    public String VERSION="Version";
449    
450    
451    /**
452     * Constant for IssueInstant
453     */
454    public String ISSUE_INSTANT="IssueInstant";
455    
456    /**
457     * Constant for Destination
458     */
459    public String DESTINATION="Destination";
460    
461    /**
462     * Constant for Value
463     */
464    public String VALUE="Value";
465    
466    /**
467     * Constant for Destination
468     */
469    public String CONSENT="Consent";
470    
471    /**
472     * Constant for Issuer
473     */
474    public String ISSUER="Issuer";
475    
476    
477    /**
478     * Constant for Signature
479     */
480    public String SIGNATURE="Signature";
481    
482    /**
483     * Constant for forceAuthn attribute
484     */
485    public String FORCEAUTHN="ForceAuthn";
486    
487    /**
488     * Constant for IsPassive attribute
489     */
490    public String ISPASSIVE="IsPassive";
491    
492    /**
493     * Constant for AllowCreate attribute
494     */
495    public String ALLOWCREATE="AllowCreate";
496
497    /**
498     * Constant for ProtocolBinding attribute
499     */
500    public String PROTOBINDING="ProtocolBinding";
501    
502    /**
503     * Constant for mustUnderstand attribute
504     */
505    public static final String MUST_UNDERSTAND = "mustUnderstand";
506
507    /**
508     * Constant for actor attribute
509     */
510    public static final String ACTOR = "actor";
511
512    /**
513     * Constant for Binding parameter name
514     */
515    public String BINDING="binding";
516
517    /**
518     * Constant for reqBinding parameter name
519     */
520    public String REQ_BINDING = "reqBinding";
521
522    /**
523     * Constant for affiliationID parameter name
524     */
525    public String AFFILIATION_ID = "affiliationID";
526
527    /**
528     * Constant for Binding namespace
529     */
530    public String BINDING_PREFIX =
531    "urn:oasis:names:tc:SAML:2.0:bindings:";
532
533    /**
534     * Constant for AssertionConsumerServiceIndex attribute
535     */
536    public String ASSERTION_CONSUMER_SVC_INDEX=
537    "AssertionConsumerServiceIndex";
538    /**
539     * Constant for AssertionConsumerServiceURL attribute
540     */
541    public String ASSERTION_CONSUMER_SVC_URL=
542    "AssertionConsumerServiceURL";
543    /**
544     * Constant for AttributeConsumingServiceIndex attribute
545     */
546    public String ATTR_CONSUMING_SVC_INDEX=
547    "AttributeConsumingServiceIndex";
548    /**
549     * Constant for ProviderName attribute
550     */
551    public String PROVIDER_NAME="ProviderName";
552    
553    /**
554     * Constant for Subject Element
555     */
556    public String SUBJECT="Subject";
557
558    /**
559     * Constant for AuthnRequest object
560     */
561    public String AUTHN_REQUEST = "AuthnRequest";
562    
563    /**
564     * Constant for NameIDPolicy Element
565     */
566    public String NAMEID_POLICY="NameIDPolicy";
567    
568    /**
569     * Constant for Conditions Element.
570     */
571    public String CONDITIONS="Conditions";
572    
573    /**
574     * Constant for RequestedAuthnContext Element.
575     */
576    public String REQ_AUTHN_CONTEXT="RequestedAuthnContext";
577
578    /** 
579     * Constant for Comparison Attribute
580     */
581    public String COMPARISON ="Comparison";
582
583    /**
584     * Constant for Scoping Element.
585     */
586    public String SCOPING="Scoping";
587    
588    /**
589     * Constant for Extensions Element.
590     */
591    public String EXTENSIONS="Extensions";
592    
593    /**
594     * Constant for StatusDetail Element.
595     */
596    public String STATUS_DETAIL="StatusDetail";
597    
598    /**
599     * Constant for StatusCode Element.
600     */
601    public String STATUS_CODE="StatusCode";
602    
603    /**
604     * Constant for Status Element.
605     */
606    public String STATUS="Status";
607    
608    /**
609     * Constant for StatusMessage Element.
610     */
611    public String STATUS_MESSAGE="StatusMessage";
612    
613    /**
614     * Constant for GetComplete Element.
615     */
616    public String GETCOMPLETE="GetComplete";
617    
618    /**
619     * Constant for IDPEntry Element.
620     */
621    public String IDPENTRY="IDPEntry";
622    
623    /**
624     * Constant for IDPList Element.
625     */
626    public String IDPLIST="IDPList";
627    
628    /**
629     * Constant for NameIDPolicy Element.
630     */
631    public String NAMEIDPOLICY="NameIDPolicy";
632    
633    /**
634     * Constant for RequesterID Element.
635     */
636    public String REQUESTERID="RequesterID";
637
638    // for SAMLPOSTProfileServlet
639    public String SOURCE_SITE_SOAP_ENTRY = "sourceSite";
640    public String POST_ASSERTION = "assertion";
641    public String CLEANUP_INTERVAL_NAME =
642                                "iplanet-am-saml-cleanup-interval";
643
644    /**
645     * NameID info attribute.
646     */ 
647    public String NAMEID_INFO = "sun-fm-saml2-nameid-info";
648
649    /**
650     * NameID info key attribute.
651     */
652    public String NAMEID_INFO_KEY = "sun-fm-saml2-nameid-infokey";
653
654    /**
655     * SAML2 data store provider name.
656     */ 
657    public String SAML2 = "saml2";
658
659    /**
660     * Auto federation attribute.
661     */
662    public String AUTO_FED_ATTRIBUTE = 
663                        "autofedAttribute";
664
665    /**
666     * Auto federation enable attribute.
667     */
668    public String AUTO_FED_ENABLED =
669                        "autofedEnabled";
670
671    /**
672     * Transient federation users.
673     */
674    public String TRANSIENT_FED_USER =
675                        "transientUser";
676
677    public String NAMEID_TRANSIENT_FORMAT = 
678         NAMEID_FORMAT_NAMESPACE + "transient";
679
680    /**
681     * certficate alias attribute.
682     */
683    public String CERT_ALIAS = "sun-fm-saml2-cert-alias";
684 
685    /**
686     * NameID format map configuration.
687     */
688    public String NAME_ID_FORMAT_MAP = "nameIDFormatMap";
689
690    /**
691     * Attribute map configuration.
692     */
693    public String ATTRIBUTE_MAP = "attributeMap";
694
695    /**
696     * Service provider adapter implementation class
697     */
698    public String SP_ADAPTER_CLASS = "spAdapter";
699    
700    /**
701     * Environment (attribute/value pair) for Service provider adapter 
702     * implementation class. Those variables will be passed down as
703     * Map to the implementation class for initialization.
704     */
705    public String SP_ADAPTER_ENV = "spAdapterEnv";
706    
707    /**
708     * Fedlet adapter implementation class.
709     */
710    public String FEDLET_ADAPTER_CLASS = "fedletAdapter";
711    
712    /**
713     * Environment (attribute/value pair) for fedlet adapter 
714     * implementation class. Those variables will be passed down as
715     * Map to the implementation class for initialization.
716     */
717    public String FEDLET_ADAPTER_ENV = "fedletAdapterEnv";
718    
719    /**
720     * Service provider account mapper.
721     */
722    public String SP_ACCOUNT_MAPPER = 
723                        "spAccountMapper";
724
725    /**
726     * Use NameID value as local user ID in service provider account mapper.
727     */ 
728    public String USE_NAMEID_AS_SP_USERID = "useNameIDAsSPUserID";
729
730    /**
731     * Service provider attribute mapper.
732     */
733    public String SP_ATTRIBUTE_MAPPER = 
734                        "spAttributeMapper";
735
736    /**
737     * Identity provider account mapper.
738     */
739    public String IDP_ACCOUNT_MAPPER = 
740                        "idpAccountMapper";
741
742    /**
743     * Identity provider attribute mapper.
744     */
745    public String IDP_ATTRIBUTE_MAPPER = 
746                        "idpAttributeMapper";
747
748    /**
749     * Attribute authority mapper.
750     */
751    public String ATTRIBUTE_AUTHORITY_MAPPER = 
752                        "attributeAuthorityMapper";
753
754    /**
755     * Assertion ID request mapper.
756     */
757    public String ASSERTION_ID_REQUEST_MAPPER = 
758                        "assertionIDRequestMapper";
759
760    /**
761     * RelayState Parameter
762     */
763    public String RELAY_STATE="RelayState";
764
765    /**
766     * RelayState Alias Parameter
767     */
768    public String RELAY_STATE_ALIAS="RelayStateAlias";
769
770    /**
771     * Realm Parameter
772     */
773    public String REALM="realm";
774
775    /**
776     * AssertionConsumerServiceIndex Parameter
777     */
778    public String ACS_URL_INDEX="AssertionConsumerServiceIndex";
779
780    /**
781     * AttributeConsumingServiceIndex Parameter
782     */
783    public String ATTR_INDEX="AttributeConsumingServiceIndex";
784
785    /**
786     * NameIDPolicy Format Identifier Parameter
787     */
788    public String NAMEID_POLICY_FORMAT="NameIDFormat";
789
790    /**
791     * True Value String
792     */
793    public String TRUE="true";
794
795    /**
796     * False Value String
797     */
798    public String FALSE="false";
799
800    public String AUTH_LEVEL="AuthLevel";
801    public String ORGANIZATION = "Organization";
802    public String AUTH_LEVEL_ATTR="sunFMAuthContextComparison";
803    public String AUTH_TYPE="authType";
804    public String AUTH_LEVEL_ADVICE = "sunamcompositeadvice";
805
806    public String AUTH_TYPE_ATTR ="sunFMAuthContextType";
807
808    public String DECLARE_REF_AUTH_TYPE = "AuthContextDeclareRef";
809    public String CLASS_REF_AUTH_TYPE = "AuthContextClassRef";
810
811    public String AUTH_CONTEXT_DECL_REF ="AuthContextDeclRef";
812    public String AUTH_CONTEXT_DECL_REF_ATTR 
813                                        ="sunFMAuthContextDeclareRef";
814
815    public String AUTH_CONTEXT_CLASS_REF ="AuthnContextClassRef";
816
817    public String AUTH_CONTEXT_CLASS_REF_ATTR 
818                                        ="sunFMAuthContextClassRef";
819
820    /**
821     * Parameter name for SAML artifact in http request.
822     */
823    public String SAML_ART = "SAMLart";
824
825    /**
826     * Service Provider Role
827     */
828    public String SP_ROLE = "SPRole";
829
830    /**
831     * Identity Provider Role
832     */
833    public String IDP_ROLE = "IDPRole";
834    
835    /**
836     * Constant value for entity acting as both SP and IDP role.
837     */
838    public String DUAL_ROLE ="DualRole";
839
840
841    /**
842     * Policy Decision Point Role
843     */
844    String PDP_ROLE = "PDPRole";
845
846    /**
847     * Policy Enforcement Point Role
848     */
849    String PEP_ROLE = "PEPRole";
850    
851    /**
852     * Attribute Authority Role
853     */
854    String ATTR_AUTH_ROLE = "AttrAuthRole";
855
856    /**
857     * Attribute Query Role
858     */
859    String ATTR_QUERY_ROLE = "AttrQueryRole";
860
861    /**
862     * Authentication Authority Role
863     */
864    String AUTHN_AUTH_ROLE = "AuthnAuthRole";
865
866    /**
867     * Unknown Role
868     */
869    public String UNKNOWN_ROLE = "UNKNOWN";
870    
871
872    /**
873     * Attribute to be configured in SPSSOConfig for SAML2 authentication
874     * module instance name.
875     */
876    public String AUTH_MODULE_NAME = "saml2AuthModuleName";
877
878    /**
879     * Attribute to be configured in SPSSOConfig for local authentication url.
880     */
881    public String LOCAL_AUTH_URL = "localAuthURL";
882
883    /**
884     * Attribute to be configured in SPSSOConfig for intermediate url.
885     */
886    public String INTERMEDIATE_URL = "intermediateUrl";
887
888    /**
889     * Attribute to be configure in SPSSOConfig for default relay state url.
890     */
891    public String DEFAULT_RELAY_STATE = "defaultRelayState";
892
893    /**
894     * This is an attribute in entity config for the
895     * entity description
896     */
897    public String ENTITY_DESCRIPTION = "description";
898
899    /**
900     * This is an attribute in entity config for the
901     * signing certificate alias
902     */
903    public String SIGNING_CERT_ALIAS = "signingCertAlias";
904
905    /**
906     * This is an attribute in entity config for the
907     * signing certificate encrypted keypass
908     */
909    public String SIGNING_CERT_KEYPASS = "signingCertKeyPass";
910
911    /**
912     * This is an attribute in entity config for the
913     * encryption certificate alias
914     */
915    public String ENCRYPTION_CERT_ALIAS = "encryptionCertAlias";
916    
917    /**
918     * The entity role
919     */
920    public String ROLE = "role";
921
922    public String SIG_PROVIDER =
923    "com.sun.identity.saml2.xmlsig.SignatureProvider";
924
925    public String ENC_PROVIDER =
926    "com.sun.identity.saml2.xmlenc.EncryptionProvider";
927    
928    /**
929     * Signing  
930     */
931    public String SIGNING = "signing";
932    
933    /**
934     * Encryption  
935     */
936    public String ENCRYPTION = "encryption";
937    
938    // Delimiter used to separate multiple NameIDKey values.
939    public String SECOND_DELIM = ";";
940
941    /**
942     * Http request parameter used to indicate whether the intent is
943     * federation or not. Its values are "true" and "false".
944     */
945    public String FEDERATE = "federate";
946    
947    /** xmlsig signing parameters*/
948    public String CANONICALIZATION_METHOD =
949         "com.sun.identity.saml.xmlsig.c14nMethod";
950    public String TRANSFORM_ALGORITHM =
951         "com.sun.identity.saml.xmlsig.transformAlg";
952    public String XMLSIG_ALGORITHM =
953         "com.sun.identity.saml.xmlsig.xmlSigAlgorithm";
954    public String DIGEST_ALGORITHM =
955         "com.sun.identity.saml.xmlsig.digestAlgorithm";
956    /**
957     * Property name for the global default query signature algorithm for RSA keys.
958     */
959    public String QUERY_SIGNATURE_ALGORITHM_RSA = "org.forgerock.openam.saml2.query.signature.alg.rsa";
960    /**
961     * Property name for the global default query signature algorithm for DSA keys.
962     */
963    public String QUERY_SIGNATURE_ALGORITHM_DSA = "org.forgerock.openam.saml2.query.signature.alg.dsa";
964    /**
965     * Property name for the global default query signature algorithm for EC keys.
966     */
967    public String QUERY_SIGNATURE_ALGORITHM_EC = "org.forgerock.openam.saml2.query.signature.alg.ec";
968    public String DSA = "DSA";
969    public String RSA = "RSA";      
970
971    public String SIG_ALG = "SigAlg"; 
972    public String SHA1_WITH_DSA = "SHA1withDSA";
973    public String SHA1_WITH_RSA = "SHA1withRSA";
974
975    public String DEFAULT_ENCODING = "UTF-8";
976
977    // SOAP fault code for requester error
978    public String CLIENT_FAULT = "Client";
979
980    // SOAP fault code for responder error
981    public String SERVER_FAULT = "Server";
982
983    public String SESSION = "session";
984
985    // more constants defined for auth module
986    public String ASSERTIONS = "assertions";
987    public String MAX_SESSION_TIME = "maxSessionTime";
988    public String IN_RESPONSE_TO = "inResponseTo";
989
990    public String SP_METAALIAS = "spMetaAlias";
991    public String METAALIAS = "metaAlias";
992    public String SPENTITYID = "spEntityID";
993    public String IDPENTITYID = "idpEntityID";
994    public String REQUESTTYPE = "requestType";
995    
996    // Encryption attributes
997    /**
998     * SP Entity Config attribute name. Used to specify whether it wants
999     * Assertion encrypted or not.
1000     */
1001    public String WANT_ASSERTION_ENCRYPTED = "wantAssertionEncrypted";
1002
1003    public String WANT_ATTRIBUTE_ENCRYPTED 
1004                                   = "wantAttributeEncrypted";
1005    public String WANT_NAMEID_ENCRYPTED = "wantNameIDEncrypted";
1006
1007    // Signing attributes
1008    /**
1009     * IDP Entity Config attribute name. Used to specify whether it wants
1010     * ArtifactResolve signed or not.
1011     */
1012    public String WANT_ARTIFACT_RESOLVE_SIGNED = "wantArtifactResolveSigned";
1013
1014    /**
1015     * SP Entity Config attribute name. Used to specify whether it wants
1016     * ArtifactResponse signed or not.
1017     */
1018    public String WANT_ARTIFACT_RESPONSE_SIGNED =
1019                              "wantArtifactResponseSigned";
1020    public String WANT_LOGOUT_REQUEST_SIGNED  
1021                                   = "wantLogoutRequestSigned";
1022    public String WANT_LOGOUT_RESPONSE_SIGNED   
1023                                   = "wantLogoutResponseSigned";
1024    public String WANT_MNI_REQUEST_SIGNED = "wantMNIRequestSigned";
1025    public String WANT_MNI_RESPONSE_SIGNED 
1026                                   = "wantMNIResponseSigned";
1027    public String WANT_POST_RESPONSE_SIGNED = "wantPOSTResponseSigned";
1028    
1029    /**
1030     * SP Entity Config attribute name. Used to specify IDPList child element
1031     * of ECP request.
1032     */
1033    public static final String ECP_REQUEST_IDP_LIST =
1034        "ECPRequestIDPList";
1035
1036    /**
1037     * SP Entity Config attribute name. Used to specify an implementation class
1038     * that finds IDPList child element of ECP request.
1039     */
1040    public static final String ECP_REQUEST_IDP_LIST_FINDER_IMPL =
1041        "ECPRequestIDPListFinderImpl";
1042
1043    /**
1044     * SP Entity Config attribute name. Used to specify attribute 'GetComplete'
1045     * of IDPList child element of ECP request
1046     */
1047    public static final String ECP_REQUEST_IDP_LIST_GET_COMPLETE =
1048        "ECPRequestIDPListGetComplete";
1049
1050    /**
1051     * Attribute Authority Config attribute name. Used to specify data store
1052     * attribute name that contains X509 subject DN.
1053     */
1054    public String X509_SUBJECT_DATA_STORE_ATTR_NAME =
1055        "x509SubjectDataStoreAttrName";
1056
1057    /**
1058     * Constant for SAML2IDPSessionIndex SSO token property
1059     */
1060    public String IDP_SESSION_INDEX = "SAML2IDPSessionIndex";
1061    /**
1062     * Constant for IDPMetaAlias SSO token property
1063     */
1064    public String IDP_META_ALIAS="IDPMetaAlias";
1065
1066    // Basic auth for SOAP binding
1067    public String BASIC_AUTH_ON = "basicAuthOn";
1068    public String BASIC_AUTH_USER = "basicAuthUser";
1069    public String BASIC_AUTH_PASSWD = "basicAuthPassword";
1070
1071    /**
1072     * Service provider AuthnContext mapper.
1073     */
1074    public String SP_AUTHCONTEXT_MAPPER =
1075                        "spAuthncontextMapper";
1076
1077    /**
1078     * Default value for Service provider AuthnContext mapper value.
1079     */
1080    public String DEFAULT_SP_AUTHCONTEXT_MAPPER =
1081        "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper";
1082
1083    /**
1084     * Service provider AuthnContext Class Reference and AuthLevel Mapping.
1085     */
1086    public String SP_AUTH_CONTEXT_CLASS_REF_ATTR=
1087                        "spAuthncontextClassrefMapping";
1088
1089    /**
1090     * Constant for AuthnContext Class Reference namespace
1091     */
1092    public String AUTH_CTX_PREFIX =
1093    "urn:oasis:names:tc:SAML:2.0:ac:classes:";
1094
1095    /**
1096     * Service provider AuthnContext Comparison Type attribute name.
1097     */
1098    public String SP_AUTHCONTEXT_COMPARISON_TYPE =
1099                        "spAuthncontextComparisonType";
1100
1101    /**
1102     * Default Service provider AuthnContext Comparison Type 
1103     * attribute value.
1104     */
1105    public String SP_AUTHCONTEXT_COMPARISON_TYPE_VALUE = "exact";
1106
1107    /**
1108     * Flag to indicate if the RequestedAuthnContext should be included in an AuthnRequest.
1109     */
1110    public String INCLUDE_REQUESTED_AUTHN_CONTEXT = "includeRequestedAuthnContext";
1111
1112    /**
1113     * Service provider AuthnContext Comparison Parameter Name
1114     */
1115    public String SP_AUTHCONTEXT_COMPARISON = "AuthComparison";
1116
1117    // Time Skew for Assertion NotOnOrAfter. In seconds.
1118    public String ASSERTION_TIME_SKEW = "assertionTimeSkew";
1119    public int ASSERTION_TIME_SKEW_DEFAULT = 300;
1120
1121    // key for SAML2 SDK class mapping
1122    public String SDK_CLASS_MAPPING = 
1123        "com.sun.identity.saml2.sdk.mapping.";
1124
1125    // Default assertion effective time in seconds
1126    public int ASSERTION_EFFECTIVE_TIME = 600;
1127
1128    // Default assertion NotBefore skew in seconds
1129    public int NOTBEFORE_ASSERTION_SKEW_DEFAULT = 600;
1130
1131    // Assertion effective time attribute name
1132    public String ASSERTION_EFFECTIVE_TIME_ATTRIBUTE = 
1133                            "assertionEffectiveTime";
1134
1135    // NotBefore Assertion skew attribute name
1136    public String ASSERTION_NOTBEFORE_SKEW_ATTRIBUTE =
1137                             "assertionNotBeforeTimeSkew";
1138
1139    // IDP authn context mapper class attribute name
1140    public String IDP_AUTHNCONTEXT_MAPPER_CLASS =
1141                            "idpAuthncontextMapper";
1142
1143    // IDP ECP Session mapper class attribute name
1144    public static final String IDP_ECP_SESSION_MAPPER_CLASS =
1145                            "idpECPSessionMapper";
1146
1147    // Default IDP authn context mapper class name
1148    public String DEFAULT_IDP_AUTHNCONTEXT_MAPPER_CLASS =
1149        "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper";
1150
1151    // Default IDP account mapper class name
1152    public String DEFAULT_IDP_ACCOUNT_MAPPER_CLASS =
1153        "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper";
1154
1155    // Default SP account mapper class name
1156    public String DEFAULT_SP_ACCOUNT_MAPPER_CLASS =
1157        "com.sun.identity.saml2.plugins.DefaultSPAccountMapper";
1158
1159    /**
1160     * Default SP attribute mapper class name
1161     */
1162    public String DEFAULT_SP_ATTRIBUTE_MAPPER_CLASS = "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper";
1163
1164    // Default IDP attribute mapper class name
1165    public String DEFAULT_IDP_ATTRIBUTE_MAPPER_CLASS =
1166        "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper";
1167
1168    // Default Attribute Authority mapper class name
1169    public static final String DEFAULT_ATTRIBUTE_AUTHORITY_MAPPER_CLASS =
1170        "com.sun.identity.saml2.plugins.DefaultAttributeAuthorityMapper";
1171
1172    // Default Assertion ID request mapper class name
1173    public static final String DEFAULT_ASSERTION_ID_REQUEST_MAPPER_CLASS =
1174        "com.sun.identity.saml2.plugins.DefaultAssertionIDRequestMapper";
1175
1176    // Default IDP ECP Session mapper class name
1177    public static final String DEFAULT_IDP_ECP_SESSION_MAPPER_CLASS =
1178        "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper";
1179
1180    // IDP authn context class reference mapping attribute name
1181    public String IDP_AUTHNCONTEXT_CLASSREF_MAPPING =
1182                            "idpAuthncontextClassrefMapping";
1183
1184    // AuthnContext Class Reference names
1185    public String CLASSREF_PASSWORD_PROTECTED_TRANSPORT =
1186        "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport";
1187
1188    // Represents an Authentication Level of 0
1189    public Integer AUTH_LEVEL_ZERO = Integer.valueOf(0);
1190
1191    /**
1192     * Default Service provider AuthnContext Class Reference and
1193     * AuthLevel Mapping value.
1194     */
1195    public String SP_AUTHCONTEXT_CLASSREF_VALUE =
1196            CLASSREF_PASSWORD_PROTECTED_TRANSPORT + "|" + AUTH_LEVEL_ZERO + "|default";
1197
1198    // COT List
1199    public String COT_LIST = COTConstants.COT_LIST;
1200
1201    // http parameter to default.jsp
1202    public String MESSAGE = "message";
1203
1204    // Cache Cleanup interval attribute name in AMConfig.properties.
1205    // value in seconds
1206    public String CACHE_CLEANUP_INTERVAL = 
1207                "com.sun.identity.saml2.cacheCleanUpInterval";
1208
1209    // default Cache cleanup interval in seconds.
1210    public int CACHE_CLEANUP_INTERVAL_DEFAULT = 600;
1211
1212    // minimum Cache cleanup interval in seconds (5 mins).
1213    public int CACHE_CLEANUP_INTERVAL_MINIMUM = 300;
1214
1215    // IDP SLO parameter name for logout all sessions
1216    public String LOGOUT_ALL = "logoutAll";
1217
1218    // IDP response info ID
1219    public String RES_INFO_ID = "resInfoID";
1220     
1221    // Default query parameter to use for RelayState if
1222    // RelayState is no specified and if RelayState cannot
1223    // be obtained from query parameters list specified in 
1224    // RelayStateAlias 
1225
1226    public String GOTO = "goto";
1227    
1228    // Delimiter for values of multi-valued property set in SSO token
1229    public char DELIMITER = '|';
1230
1231    // Escape string for the <code>DELIMITER</code> contained in the values
1232    // of multi-valued property set in SSO token
1233    public String ESCAPE_DELIMITER = "&#124;";
1234
1235    /**
1236     * Namespace declaration for XML Encryption
1237     */
1238    public String NS_XMLENC = "http://www.w3.org/2001/04/xmlenc#";
1239
1240    /**
1241     * Namespace declaration for XML Digital Signature
1242     */
1243    public String NS_XMLSIG = "http://www.w3.org/2000/09/xmldsig#";
1244
1245    /**
1246     * Want XACML Authorization Decision Query Signed.
1247     */
1248    String WANT_XACML_AUTHZ_DECISION_QUERY_SIGNED =
1249        "wantXACMLAuthzDecisionQuerySigned";
1250
1251    /**
1252     * Want Authorization Decision Response Signed.
1253     */
1254    String WANT_XACML_AUTHZ_DECISION_RESPONSED_SIGNED =
1255        "wantXACMLAuthzDecisionResponseSigned";
1256
1257    /**
1258     * Generate Discovery Bootstrapping
1259     */
1260    public String DISCO_BOOTSTRAPPING_ENABLED =
1261        "discoveryBootstrappingEnabled";
1262
1263    /**
1264     * Constant for Response Artifact message encoding property
1265     */
1266    public String RESPONSE_ARTIFACT_MESSAGE_ENCODING =
1267        "responseArtifactMessageEncoding";
1268
1269    /**
1270     * URI encoding
1271     */
1272    public String URI_ENCODING = "URI";
1273
1274    /**
1275     * FORM encoding 
1276     */
1277    public String FORM_ENCODING = "FORM";
1278
1279    /**
1280     * Cache Assertion
1281     */
1282    public String ASSERTION_CACHE_ENABLED =
1283        "assertionCacheEnabled";
1284
1285    /**
1286     * Attribute name format for ID-WSF 1.1 Discovery bootstrap
1287     */    
1288    public String DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME_FORMAT =
1289        "urn:oasis:names:tc:SAML:2.0:attrname-format:uri";
1290
1291    /**
1292     * Attribute name for ID-WSF 1.1 Discovery bootstrap
1293     */    
1294    public String DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME =
1295        "urn:liberty:disco:2003-08:DiscoveryResourceOffering";
1296
1297    /**
1298     * Constant for Discovery bootstrap credentials SSO token
1299     * property
1300     */
1301    public String DISCOVERY_BOOTSTRAP_CREDENTIALS =
1302        "DiscoveryBootstrapCrendentials";
1303    
1304    /**
1305     * XML Schema Instance namespace URI
1306     */
1307    public String NS_XSI = 
1308        "http://www.w3.org/2001/XMLSchema-instance";
1309
1310    /**
1311     * String used to declare XML Schema Instance namespace.
1312     */
1313    public String XSI_DECLARE_STR =
1314        "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"";
1315
1316    /**
1317     * List of SAE appliation name to encrypted secret mapping.
1318     */
1319    public String SAE_APP_SECRET_LIST = "saeAppSecretList";
1320
1321    /**
1322     * List of valid Relay State Urls
1323     */
1324    public String RELAY_STATE_URL_LIST = "relayStateUrlList";
1325
1326    /**
1327     * IDP SAE endpoint url.
1328     */
1329    public String SAE_IDP_URL = "saeIDPUrl";
1330
1331    /**
1332     * SP SAE endpoint url.
1333     */
1334    public String SAE_SP_URL = "saeSPUrl";
1335
1336    /**
1337     * SP SAE logout url.
1338     */
1339    public String SAE_SP_LOGOUT_URL = "saeSPLogoutUrl";
1340
1341    /**
1342     * SAE : Extended meta param : SPApp url
1343     */
1344    public String SAE_XMETA_URL = "url";
1345
1346    /**
1347     * SAE : Extended meta param : shared secret for symmetric crypto
1348     */
1349    public String SAE_XMETA_SECRET = "secret";
1350
1351    /**
1352     * SAE : Derived from SAML2 meta
1353     */
1354    public String SAE_XMETA_PKEY_ALIAS = "privatekeyalias";
1355
1356    /**
1357     * HTTP parameters that will be passed to SAE auth modules.
1358     */
1359    public String SAE_REALM = "realm";
1360    public String SAE_IDP_ENTITYID = "idpEntityID";
1361    public String SAE_IDPAPP_URL = "idpAppUrl";
1362            
1363    /**
1364     * Enable IDP Proxy
1365     */
1366    public String ENABLE_IDP_PROXY = "enableIDPProxy";
1367
1368    /**
1369     * Always proxy the Authn Request
1370     */
1371    public String ALWAYS_IDP_PROXY = "alwaysIdpProxy";
1372
1373    /**
1374     *IDP Proxy Name List
1375     */
1376    public String IDP_PROXY_LIST = "idpProxyList";
1377 
1378    /**
1379     * IDP Proxy Count
1380     */
1381    public String IDP_PROXY_COUNT = "idpProxyCount";
1382 
1383    /**
1384     * Use Introduction for IDP Proxy
1385     */
1386    public String USE_INTRODUCTION_FOR_IDP_PROXY =
1387        "useIntroductionForIDPProxy";      
1388
1389    /**
1390     * Idp finder URL
1391     */
1392    public String IDP_FINDER_URL ="/idpfinder";
1393    
1394    /**
1395     * IDP Proxy finder name
1396     */
1397    public String IDP_PROXY_FINDER_NAME = 
1398         "com.sun.identity.saml2.idpproxy"; 
1399         
1400    /**
1401     * Default class name of IDP Proxy finder   
1402     */     
1403    public String  DEFAULT_IDP_PROXY_FINDER = 
1404        "com.sun.identity.saml2.plugins.SAML2IDPProxyImpl";
1405
1406    /**
1407     * IDP Proxy finder attribute name in the IDP Extended metadata
1408     */
1409    public String IDP_PROXY_FINDER_ATTR_NAME = "idpProxyFinder";
1410
1411    /**
1412     * IDP Proxy finder implmentation classe attribute name
1413     * in the IDP Extended metadata
1414     */
1415    public static final String PROXY_IDP_FINDER_CLASS = "proxyIDPFinderClass";
1416    
1417    /**
1418     * Flag to indicate if the IdP must enable the IdP Finder
1419     * This is the name of the attribute flag in the IDP Extended metadata
1420     */
1421    public static final String ENABLE_PROXY_IDP_FINDER_FOR_ALL_SPS =
1422            "enableProxyIDPFinderForAllSPs";
1423    
1424    /**
1425     * Attribute Name in the extended metadata that takes the value of
1426     * the JSP that will present the list of IdPs to the user
1427     */
1428    public static final String PROXY_IDP_FINDER_JSP =
1429            "proxyIDPFinderJSP";
1430
1431    /**
1432     * Default IDP Proxy Finder JSP
1433     */
1434    public static final String DEFAULT_PROXY_IDP_FINDER = "proxyidpfinder.jsp";
1435
1436    /**
1437     * IDP Adapter class attribute name
1438     */
1439    public static final String IDP_ADAPTER_CLASS = "idpAdapter";
1440
1441    /**
1442     * Default IDP Adapter class
1443     */
1444    public static final String DEFAULT_IDP_ADAPTER = "com.sun.identity.saml2.plugins.DefaultIDPAdapter";
1445
1446    /**
1447     * Key used to save IDP Session in a map
1448     */    
1449    public String IDP_SESSION = "IDPSESSION"; 
1450    
1451    /**
1452     * Key used to save session partners in a map 
1453     */
1454    public String  PARTNERS = "PARTNERS";        
1455
1456    /**
1457     * String used to declare ECP namespace prefix.
1458     */
1459    public static final String ECP_PREFIX = "ecp:";
1460    
1461    /**
1462     * ECP namespace URI.
1463     */
1464    public static final String ECP_NAMESPACE =
1465        "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp";
1466    
1467    /**
1468     * String used to declare ECP namespace.
1469     */
1470    public static final String ECP_DECLARE_STR =
1471        "xmlns:ecp=\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\"";
1472
1473    /**
1474     * Constant for ECP end tag
1475     */
1476    public static final String ECP_END_TAG="</ecp:";
1477
1478    /**
1479     * ECP service name in PAOS header
1480     */
1481    public static final String PAOS_ECP_SERVICE =
1482        "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp";
1483
1484    /**
1485     * String used to declare SOAP envelope namespace prefix.
1486     */
1487    public static final String SOAP_ENV_PREFIX = "soap-env:";
1488    
1489    /**
1490     * SOAP envelope namespace URI.
1491     */
1492    public static final String SOAP_ENV_NAMESPACE =
1493        "http://schemas.xmlsoap.org/soap/envelope/";
1494    
1495    /**
1496     * String used to declare SOAP envelope namespace.
1497     */
1498    public static final String SOAP_ENV_DECLARE_STR =
1499        "xmlns:soap-env=\"http://schemas.xmlsoap.org/soap/envelope/\"";
1500
1501    /**
1502     * SOAP actor.
1503     */
1504    public static final String SOAP_ACTOR_NEXT =
1505        "http://schemas.xmlsoap.org/soap/actor/next";
1506    
1507    /**
1508     * Check Certificate status
1509     */
1510    public static final String CHECK_SAML2_CERTIFICATE_STATUS =
1511        "com.sun.identity.saml2.crl.check";
1512
1513    /**
1514     * Check CA Certificate status
1515     */
1516    public static final String CHECK_SAML2_CA_STATUS =
1517        "com.sun.identity.saml2.crl.check.ca";
1518
1519    /**
1520     * Wild card to indicate mapping any attribute name as it is in
1521     * the Assertion
1522     */
1523    public String ATTR_WILD_CARD = "*";
1524
1525    /**
1526     * Key name for Response object
1527     */
1528    public String RESPONSE = "Response"; 
1529
1530    /**
1531     * Key name for Assertion object
1532     */
1533    public String ASSERTION = "Assertion"; 
1534    
1535    /**
1536     * One Time Use.
1537     */
1538    public String ONETIME="ONE"; 
1539    /**
1540     * Is Bearer assertion
1541     */
1542    public String IS_BEARER="isBearer";  
1543
1544    /**
1545     * String to represent the logout url for external application.
1546     * SAML2 component will send request to the external logout URL 
1547     * using back channel HTTP POST mechanism.
1548     * This is used when the single logout is initiated from remote party
1549     * (SP or IDP).
1550     */
1551    public String APP_LOGOUT_URL = "appLogoutUrl";
1552
1553    /**
1554     * URL parameter name in external application logout URL for requesting 
1555     * user session property. Value is a session property name whose
1556     * value will be posted to application as http header and content for its 
1557     * logout use.
1558     */
1559    public String APP_SESSION_PROPERTY = "appsessionproperty";
1560  
1561    /**
1562     * IDP Session Synchronize Enabled
1563     */
1564    public String IDP_SESSION_SYNC_ENABLED =
1565            "idpSessionSyncEnabled";
1566
1567    /**
1568     * SP Session Synchronize Enabled
1569     */
1570    public String SP_SESSION_SYNC_ENABLED =
1571            "spSessionSyncEnabled";
1572
1573    /**
1574     * Map key used in fedlet case to specify federation info key.
1575     */
1576    public String INFO_KEY = "infoKey";
1577
1578    /**
1579     * Single Sign-On service.
1580     */
1581    public String SSO_SERVICE = "sso";
1582
1583    /**
1584     * NameIDMapping service.
1585     */
1586    public String NAMEID_MAPPING_SERVICE = "nip";
1587
1588    /**
1589     * AssertionIDRequest service.
1590     */
1591    public String ASSERTION_ID_REQUEST_SERVICE = "air";
1592
1593    /**
1594     * ArtifactResolution service.
1595     */
1596    public String ARTIFACT_RESOLUTION_SERVICE = "ars";
1597
1598    /**
1599     * SingleLogout service.
1600     */
1601    public String SLO_SERVICE = "slo";
1602
1603    /**
1604     * ManageNameID service.
1605     */
1606    public String MNI_SERVICE = "mni";
1607
1608    /**
1609     * AssertionConsumer service.
1610     */
1611    public String ACS_SERVICE = "acs";
1612
1613    /**
1614     * Map key used in SLO request redirect code
1615     */
1616    public static final String AM_REDIRECT_URL = "AM_REDIRECT_URL";
1617
1618    /**
1619     * Map key used in SLO request redirect code
1620     */
1621    public static final String OUTPUT_DATA = "OUTPUT_DATA";
1622
1623    public static final String RESPONSE_CODE = "RESPONSE_CODE";
1624
1625    /**
1626     * Flag to Indicate that we do not want to write the Federation info in the local User Data Store. This flag is
1627     * set in the local/remote SP extended metadata configuration.
1628     */
1629    public static final String SP_DO_NOT_WRITE_FEDERATION_INFO = "spDoNotWriteFederationInfo";
1630
1631    /**
1632     * Flag to indicate that we do not want to write the federation info in the IdP's local User Data Store. This flag
1633     * is set in the local IdP extended metadata configuration.
1634     */
1635    String IDP_DISABLE_NAMEID_PERSISTENCE = "idpDisableNameIDPersistence";
1636
1637    /**
1638     * Property to determine whether SAML SP Decryption Debug mode has been enabled.
1639     */
1640    String SAML_DECRYPTION_DEBUG_MODE = "openam.saml.decryption.debug.mode";
1641
1642    /**
1643     * Property name used to store the remote IdP's SAML response as an attribute of the HttpServletRequest.
1644     */
1645    String SAML_PROXY_IDP_RESPONSE_KEY = "openam.saml.idpproxy.idp.response";
1646
1647    /**
1648     * property name used to store whether or not saml single logout in enabled.
1649     */
1650    String SINGLE_LOGOUT = "openam.saml.singlelogout.enabled";
1651
1652    /**
1653     * Default Value for the SAML2 Server Port
1654     */
1655    int DEFAULT_SERVER_PORT = 18080;
1656
1657    /**
1658     * Attribute to be configured in SPSSOConfig for Audience elements.
1659     */
1660    public String AUDIENCE_URI = "audienceUri";
1661}