001/* 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: SAMLConstants.java,v 1.17 2009/06/12 22:21:39 mallas Exp $ 026 * 027 * Portions Copyrighted 2010-2016 ForgeRock AS. 028 */ 029 030package com.sun.identity.saml.common; 031 032import java.util.HashSet; 033import java.util.Set; 034 035/** 036 * This is a common class defining some constants common to all SAML elements. 037 * 038 * @supported.api 039 */ 040public final class SAMLConstants 041{ 042 public static Set passwordAuthMethods = null; 043 public static Set tokenAuthMethods = null; 044 static { 045 passwordAuthMethods = new HashSet(); 046 passwordAuthMethods.add("nt"); 047 passwordAuthMethods.add("ldap"); 048 passwordAuthMethods.add("membership"); 049 passwordAuthMethods.add("anonymous"); 050 tokenAuthMethods = new HashSet(); 051 tokenAuthMethods.add("radius"); 052 } 053 054 /** 055 * String to identify a quote. 056 */ 057 public static final String QUOTE = "\""; 058 059 /** 060 * String to identify a new line charactor. 061 */ 062 public static final String NL = "\n"; 063 064 /** 065 * String to identify a left angle. 066 */ 067 public static final String LEFT_ANGLE = "<"; 068 069 /** 070 * String to identify a right angle. 071 */ 072 public static final String RIGHT_ANGLE = ">"; 073 074 /** 075 * String to identify "/>". 076 */ 077 public static final String END_ELEMENT = "/>"; 078 079 /** 080 * String to identify "</". 081 */ 082 public static final String START_END_ELEMENT = "</"; 083 084 /** 085 * String to identify a space charactor. 086 */ 087 public static final String SPACE = " "; 088 089 /** 090 * SAML assertion namespace URI. 091 * 092 * @supported.api 093 */ 094 public static final String assertionSAMLNameSpaceURI = 095 "urn:oasis:names:tc:SAML:1.0:assertion"; 096 /** 097 * SOAP 1.1 namespace URI. 098 * 099 * @supported.api 100 */ 101 public static final String SOAP_URI = 102 "http://schemas.xmlsoap.org/soap/envelope/"; 103 104 /** 105 * SOAP 1.2 namespace URI. 106 * 107 * @supported.api 108 */ 109 public static final String SOAP12_URI = 110 "http://www.w3.org/2003/05/soap-envelope"; 111 /** 112 * SOAP envelope prefix. 113 */ 114 public static final String SOAP_ENV_PREFIX = "soap-env"; 115 116 /** 117 * SAML request-response protocol namespace URI. 118 * 119 * @supported.api 120 */ 121 public static final String PROTOCOL_NAMESPACE_URI = 122 "urn:oasis:names:tc:SAML:1.0:protocol"; 123 124 /** 125 * XML Digital Signature namespace. 126 * 127 * @supported.api 128 */ 129 public static final String XMLSIG_NAMESPACE_URI = 130 "http://www.w3.org/2000/09/xmldsig#"; 131 132 /** 133 * Element name for xml signature. 134 */ 135 public static final String XMLSIG_ELEMENT_NAME = "Signature"; 136 137 /** 138 * Pointer to Signature name space. 139 */ 140 public static final String DSSAMLNameSpace = 141 "xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\""; 142 143 /** 144 * String which gets incorporated into 145 * <code>toString(includeNS, declareNS)</code> when 146 * <code>declareNS</code> is true for any assertion element. 147 */ 148 public static final String assertionDeclareStr = 149 " xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\""; 150 151 /** 152 * String used in the <code>toString(includeNS, declareNS)</code> method. 153 */ 154 public static final String PROTOCOL_NAMESPACE_STRING = 155 " xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\""; 156 157 /** 158 * <code>NameQualifier</code> in <code>NameIdetifier</code> for 159 * <code>X509SubjectName</code>. 160 */ 161 public static final String X509SUBJECTNAME = 162 assertionSAMLNameSpaceURI+"#X509SubjectName"; 163 164 /** 165 * String used in the <code>ActionNamespace</code> attribute to refer to 166 * common sets of actions to perform on resources. 167 * 168 * Title: Read/Write/Execute/Delete/Control 169 * Defined actions: <code>Read Write Execute Delete Control</code> 170 * These actions are interpreted in the normal manner, i.e. 171 * <ul> 172 * <li><code>Read</code>: The subject may read the resource </li> 173 * <li><code>Write</code>: The subject may modify the resource </li> 174 * <li><code>Execute</code>: The subject may execute the resource </li> 175 * <li><code>Delete</code>: The subject may delete the resource </li> 176 * <li><code>Control</code>: The subject may specify the access control 177 * policy for the resource.</li> 178 * </ul> 179 * 180 * @supported.api 181 */ 182 public static final String ACTION_NAMESPACE = 183 "urn:oasis:names:tc:SAML:1.0:action:rwedc"; 184 185 /** 186 * String used in the <code>ActionNamespace</code> attribute to refer to 187 * common sets of actions to perform on resources. 188 * 189 * Title: Read/Write/Execute/Delete/Control with Negation 190 * Defined actions: 191 * <code>Read Write Execute Delete Control ~Read ~Write ~Execute ~Delete 192 * ~Control</code> 193 * <ul> 194 * <li><code>Read</code>: The subject may read the resource </li> 195 * <li><code>Write</code>: The subject may modify the resource </li> 196 * <li><code>Execute</code>: The subject may execute the resource </li> 197 * <li><code>Delete</code>: The subject may delete the resource </li> 198 * <li><code>Control</code>: The subject may specify the access control 199 * policy for the resource </li> 200 * <li><code>~Read</code>: The subject may NOT read the resource </li> 201 * <li><code>~Write</code>: The subject may NOT modify the resource </li> 202 * <li><code>~Execute</code>: The subject may NOT execute the resource </li> 203 * <li><code>~Delete</code>: The subject may NOT delete the resource </li> 204 * <li><code>~Control</code>: The subject may NOT specify the access 205 * control policy for the resource </li> 206 * </ul> 207 * An application MUST NOT authorize both an action and its negated form. 208 * 209 * @supported.api 210 */ 211 public static final String ACTION_NAMESPACE_NEGATION = 212 "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation"; 213 214 /** 215 * String used in the <code>ActionNamespace</code> attribute to refer to 216 * common sets of actions to perform on resources. 217 * 218 * Title: <code>Get/Head/Put/Post</code> 219 * Defined actions: 220 * <code>GET HEAD PUT POST</code> 221 * These actions bind to the corresponding HTTP operations. For example a 222 * subject authorized to perform the GET action on a resource is authorized 223 * to retrieve it. The GET and HEAD actions loosely correspond to the 224 * conventional read permission and the PUT and POST actions to the write 225 * permission. The correspondence is not exact however since a HTTP GET 226 * operation may cause data to be modified and a POST operation may cause 227 * modification to a resource other than the one specified in the request. 228 * For this reason a separate Action URI specifier is provided. 229 * 230 * @supported.api 231 */ 232 public static final String ACTION_NAMESPACE_GHPP = 233 "urn:oasis:names:tc:SAML:1.0:ghpp"; 234 235 /** 236 * String used in the <code>ActionNamespace<code> attribute to refer to 237 * common sets of actions to perform on resources. 238 * 239 * Title: UNIX File Permissions 240 * Defined actions: 241 * The defined actions are the set of UNIX file access permissions 242 * expressed in the numeric (octal) notation. The action string is a four 243 * digit numeric code: extended user group world 244 * Where the extended access permission has the value 245 * <ul> 246 * <li><code>+2 if sgid is set</code> 247 * <li><code>+4 if suid is set</code> 248 * The user group and world access permissions have the value 249 * <li><code>+1 if execute permission is granted</code> 250 * <li><code>+2 if write permission is granted</code> 251 * <li><code>+4 if read permission is granted</code> 252 * For example 0754 denotes the UNIX file access permission: user read, 253 * write and execute, group read and execute and world read. 254 * 255 * @supported.api 256 */ 257 public static final String ACTION_NAMESPACE_UNIX = 258 "urn:oasis:names:tc:SAML:1.0:action:unix"; 259 260 /** 261 * saml namespace prefix with ":". 262 */ 263 public static final String ASSERTION_PREFIX = "saml:"; 264 265 /** 266 * samlp namespace prefix with ":". 267 */ 268 public static final String PROTOCOL_PREFIX = "samlp:"; 269 270 /** 271 * Assertion version 1.0. 272 */ 273 public static final String ASSERTION_VERSION_1_0 = "1.0"; 274 275 /** 276 * Assertion version 1.1. 277 */ 278 public static final String ASSERTION_VERSION_1_1 = "1.1"; 279 280 /** 281 * Major version of assertion. 282 */ 283 public static final int ASSERTION_MAJOR_VERSION = 1; 284 /** 285 * Default Assertion minor version. 286 */ 287 public static int ASSERTION_MINOR_VERSION = 1; 288 289 /** 290 * Assertion minor version 0. 291 */ 292 public static final int ASSERTION_MINOR_VERSION_ZERO = 0; 293 294 /** 295 * Assertion minor version 1. 296 */ 297 public static final int ASSERTION_MINOR_VERSION_ONE = 1; 298 299 /** 300 * Protocol version 1.0. 301 */ 302 public static final String PROTOCOL_VERSION_1_0 = "1.0"; 303 304 /** 305 * Protocol version 1.1. 306 */ 307 public static final String PROTOCOL_VERSION_1_1 = "1.1"; 308 309 /** 310 * Protocol major version 1. 311 */ 312 public static final int PROTOCOL_MAJOR_VERSION = 1; 313 314 /** 315 * Default protocol minor version 1. 316 */ 317 public static int PROTOCOL_MINOR_VERSION = 1; 318 319 /** 320 * Protocol minor version 0. 321 */ 322 public static final int PROTOCOL_MINOR_VERSION_ZERO = 0; 323 324 /** 325 * Protocol minor version 1. 326 */ 327 public static final int PROTOCOL_MINOR_VERSION_ONE = 1; 328 329 /** 330 * Assertion handle, request id, and response id have this length. 331 * If server id cannot be found, assertion id has this length also. 332 * request id, response id, and assertion id will be base64 encoded for 333 * printing. 334 */ 335 public static final int ID_LENGTH = 20; 336 337 /** 338 * Length for server id. Used in load balancing. 339 */ 340 public static final int SERVER_ID_LENGTH = 2; 341 342 /** 343 * Default encoding used in the xml string conversion. 344 */ 345 public static final String DEFAULT_ENCODING = "UTF-8"; 346 347 /** 348 * SAML artifact confirmation method identifier URI. 349 * 350 * @supported.api 351 */ 352 public static String CONFIRMATION_METHOD_ARTIFACT = 353 "urn:oasis:names:tc:SAML:1.0:cm:artifact"; 354 355 /** 356 * Deprecated SAML Artifact confirmation method identifier URI. 357 * 358 * @supported.api 359 */ 360 public static final String DEPRECATED_CONFIRMATION_METHOD_ARTIFACT = 361 "urn:oasis:names:tc:SAML:1.0:cm:artifact-01"; 362 363 /** 364 * OpenAM confirmation method identifier URI. 365 * 366 * @supported.api 367 */ 368 public static final String CONFIRMATION_METHOD_IS = 369 "urn:com:sun:identity"; 370 371 /** 372 * SAML Bearer confirmation method identifier URI. 373 * 374 * @supported.api 375 */ 376 public static final String CONFIRMATION_METHOD_BEARER = 377 "urn:oasis:names:tc:SAML:1.0:cm:bearer"; 378 379 /** 380 * SAML "Holder of Key" confirmation method identifier URI. 381 * 382 * @supported.api 383 */ 384 public static final String CONFIRMATION_METHOD_HOLDEROFKEY = 385 "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key"; 386 387 /** 388 * SAML "Sender Vouches" confirmation method identifier URI. 389 * 390 * @supported.api 391 */ 392 public static final String CONFIRMATION_METHOD_SENDERVOUCHES = 393 "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches"; 394 395 // used by SAML service schema related operations 396 397 /** 398 * SAML service name. 399 */ 400 public static final String SAML_SERVICE_NAME = "SAML1"; 401 402 /** 403 * 1.0 version of SAML service. 404 */ 405 public static final String SAML_SERVICE_VERSION = "1.0"; 406 407 /** 408 * SAML service attribute that specifies time skew for not before attribute 409 * in assertion. 410 */ 411 public static final String NOTBEFORE_TIMESKEW_NAME = 412 "iplanet-am-saml-notbefore-timeskew"; 413 414 /** 415 * SAML service attribute that specifies artifact timeout period. 416 */ 417 public static final String ARTIFACT_TIMEOUT_NAME = 418 "iplanet-am-saml-artifact-timeout"; 419 420 /** 421 * SAML service attribute that specifies assertion timeout period. 422 */ 423 public static final String ASSERTION_TIMEOUT_NAME = 424 "iplanet-am-saml-assertion-timeout"; 425 426 /** 427 * SAML service attribute that specifies whether needs to remove 428 * assertion after it's being dereferenced or not. 429 */ 430 public static final String REMOVE_ASSERTION_NAME = 431 "com.sun.identity.saml.removeassertion"; 432 433 /** 434 * Default not before time skew. It's in seconds. 435 */ 436 public static final int NOTBEFORE_TIMESKEW_DEFAULT = 300; 437 438 /** 439 * Default artifact timeout period. It's in seconds. 440 */ 441 public static final int ARTIFACT_TIMEOUT_DEFAULT = 120; 442 443 /** 444 * Default assertion timeout period. It's in seconds. 445 */ 446 public static final int ASSERTION_TIMEOUT_DEFAULT = 60; 447 448 /** 449 * SAML service attribute that specifies list of saml site IDs. 450 */ 451 public static final String SITE_ID_LIST = "iplanet-am-saml-siteid-list"; 452 453 /** 454 * SAML service attribute that specifies list of instances. 455 */ 456 public static final String INSTANCE_LIST = "iplanet-am-saml-instance-list"; 457 458 /** 459 * This site's ID. 460 */ 461 public static final String SITE_ID = "mysiteid"; 462 463 /** 464 * SAML service attribute that specifies list of issuer names. 465 */ 466 public static final String ISSUER_NAME_LIST = 467 "iplanet-am-saml-issuername-list"; 468 469 /** 470 * This site's issuer name. 471 */ 472 public static final String ISSUER_NAME = "mysitename"; 473 474 /** 475 * SAML service attribute name for list of site ID and issuer names. 476 */ 477 public static final String SITE_ID_ISSUER_NAME_LIST = 478 "iplanet-am-saml-siteid-issuername-list"; 479 480 /** 481 * Constant for instance id. 482 */ 483 public static final String INSTANCEID = "INSTANCEID"; 484 485 /** 486 * Constant for site id. 487 */ 488 public static final String SITEID = "SITEID"; 489 490 /** 491 * Constant for issuer name. 492 */ 493 public static final String ISSUERNAME = "ISSUERNAME"; 494 495 /** 496 * SAML service attribute that specifies site's certificate alias. 497 */ 498 public static final String SITE_CERT_ALIAS = 499 "iplanet-am-saml-sitecertalias"; 500 501 /** 502 * SAML service attribute that specifies whether to sign a request or not. 503 */ 504 public static final String SIGN_REQUEST = 505 "iplanet-am-saml-signrequest"; 506 507 /** 508 * Default is to not sign request. 509 */ 510 public static final String SIGN_REQUEST_DEFAULT = "false"; 511 512 /** 513 * SAML service attribute that specifies whether to sign a response or not. 514 */ 515 public static final String SIGN_RESPONSE = 516 "iplanet-am-saml-signresponse"; 517 518 /** 519 * Default is to not sign response. 520 */ 521 public static final String SIGN_RESPONSE_DEFAULT = "false"; 522 523 /** 524 * SAML service attribute that specifies whether to sign an assertion 525 * or not. 526 */ 527 public static final String SIGN_ASSERTION = 528 "iplanet-am-saml-signassertion"; 529 530 /** 531 * Default is to not sign the assertion. 532 */ 533 public static final String SIGN_ASSERTION_DEFAULT = "false"; 534 535 /** 536 * SAML service attribute that specifies the name for artifact. 537 */ 538 public static final String ARTIFACT_NAME = "iplanet-am-saml-artifact-name"; 539 540 /** 541 * SAML service attribute that specifies the name id format attribute map. 542 */ 543 public static final String NAME_ID_FORMAT_MAP = 544 "iplanet-am-saml-name-id-format-attr-map"; 545 546 /** 547 * SAML service attribute that specifies the attribute map. 548 */ 549 public static final String ATTRIBUTE_MAP = 550 "iplanet-am-saml-attr-map"; 551 552 /** 553 * Default SAML artifact name. 554 * 555 * @supported.api 556 */ 557 public static final String ARTIFACT_NAME_DEFAULT = "SAMLart" ; 558 559 /** 560 * SAML service attribute that specifies target parameter. 561 */ 562 public static final String TARGET_SPECIFIER = 563 "iplanet-am-saml-target-specifier" ; 564 565 /** 566 * Default parameter for target. 567 */ 568 public static final String TARGET_SPECIFIER_DEFAULT = "TARGET" ; 569 570 /** 571 * SAML service attribute that specifies list of trusted partners. 572 * A sample trusted server list entry is like 573 * target=.iplanet.com:8080| 574 * SAMLUrl=http://dsame.red.iplanet.com:8080/amserver/SAMLAwareServlet| 575 * POSTUrl=http://dsame.red.iplanet.com:8080/amserver/SAMLPOSTProfileServlet 576 */ 577 public static final String TRUSTED_SERVER_LIST = 578 "iplanet-am-saml-trusted-server-list"; 579 580 /** 581 * SAML service attribute that specifies partner urls. 582 * A sample Parter URL list entry is like: 583 * SourceID=encoded 20 bytes| 584 * SOAPUrl=http://dsame2.red.iplanet.com:8080/amserver/SAMLSOAPReceiver 585 */ 586 public static final String PARTNER_URLS = "iplanet-am-saml-partner-urls"; 587 588 /** 589 * Constants for target. 590 */ 591 public static final String TARGET = "TARGET"; 592 593 /** 594 * Constants for url which handles saml web browser artifact profile. 595 */ 596 public static final String SAMLURL = "SAMLURL"; 597 598 /** 599 * Constants for url which handles saml web browser post profile. 600 */ 601 public static final String POSTURL = "POSTURL"; 602 603 604 /** 605 * A SAML service attribute parameter. The 20-byte sequence defined as in 606 * the SiteID and Issuer name. 607 * 608 * @supported.api 609 */ 610 public static final String SOURCEID = "SOURCEID"; 611 612 /** 613 * A SAML service attribute parameter that defines partner's name. 614 * 615 * iPlanet-PUBLIC-STATIC 616 */ 617 public static final String PARTNERNAME = "PARTNERNAME"; 618 619 /** 620 * A SAML service attribute parameter that defines the URL that provides 621 * the SAML service. The servlet specified in the URL implements the 622 * Web-browser SSO with Artifact profile defined in the OASIS-SAML 623 * Bindings and Profiles specification. 624 * 625 * @supported.api 626 */ 627 public static final String SOAPUrl = "SOAPURL"; 628 629 /** 630 * A SAML service attribute parameter that defines the authentication type 631 * used in SAML. It should be one of the following: 632 * NOAUTH 633 * BASICAUTH 634 * SSL 635 * SSLWITHBASICAUTH 636 * This parameter is optional, and if not specified, the default is NOAUTH. 637 * If BASICAUTH or SSLWITHBASICAUTH is specified, the User parameter is 638 * require and the SOAPUrl should be HTTPS. 639 * 640 * @supported.api 641 */ 642 public static final String AUTHTYPE = "AUTHTYPE"; 643 644 /** 645 * A SAML service attribute parameter that defines the uid of the partner 646 * which is used to protect the partner's SOAP Receiver 647 * 648 * @supported.api 649 */ 650 public static final String UID = "USER"; 651 652 /** 653 * A SAML service attribute parameter that defines the user id of the 654 * partner which is used for Basic Authentication. 655 * 656 * @supported.api 657 */ 658 public static final String AUTH_UID = "AUTHUSER"; 659 660 /** 661 * A SAML service attribute parameter that defines the password of the 662 * partner which is used for Basic Authentication. 663 * 664 * @supported.api 665 */ 666 public static final String AUTH_PASSWORD = "AUTHPASSWORD"; 667 668 /** 669 * A SAML service attribute parameter that specifies a pluggable class 670 * which defines how the subject of an Assertion is related to an identity 671 * at the destination site. By default, it is: 672 * com.sun.identity.saml.plugins.DefaultAccountMapper 673 * 674 * @supported.api 675 */ 676 public static final String ACCOUNTMAPPER = "ACCOUNTMAPPER"; 677 678 /** 679 * A SAML service attribute parameter that specifies a pluggable class 680 * which defines how the subject of an Assertion is related to an identity 681 * at the destination site and a target URL. By default, it is: 682 * com.sun.identity.saml.plugins.DefaultPartnerAccountMapper 683 * 684 * @supported.api 685 */ 686 public static final String PARTNERACCOUNTMAPPER = "PARTNERACCOUNTMAPPER"; 687 688 /** 689 * A SAML service attribute parameter that specifies the class with the 690 * path where the siteAttributeMapper is located. Applications can develop 691 * a siteAttributeMapper to obtain attributes to be included in the 692 * assertion during SSO. If no siteAttributeMapper is found, then no 693 * attributes will be included in the assertion during SSO. 694 * 695 * @supported.api 696 */ 697 public static final String SITEATTRIBUTEMAPPER = "siteattributemapper"; 698 public static final String SITEATTRIBUTEMAPPERDEFAULT = 699 "com.sun.identity.saml.plugins.DefaultSiteAttributeMapper"; 700 701 /** 702 * A SAML service attribute parameter that specifies the class with the 703 * path where the partnerSiteAttributeMapper is located. Applications can 704 * develop a partnerSiteAttributeMapper to obtain attributes to be included 705 * in the assertion during SSO based on target URL. If no 706 * partnerSiteAttributeMapper is found, then no attributes will be included 707 * in the assertion during SSO. 708 * 709 * @supported.api 710 */ 711 public static final String PARTNERSITEATTRIBUTEMAPPER = 712 "partnersiteattributemapper"; 713 714 715 /** 716 * A SAML service attribute parameter that specifies the class with the 717 * path where the nameIdentifierMapper is located. Applications can develop 718 * a nameIdentifierMapper to obtain a name identifier to be included in the 719 * assertion during SSO. If no nameIdentifierMapper is found, then a 720 * default implementation will be used. 721 * 722 * @supported.api 723 */ 724 public static final String NAMEIDENTIFIERMAPPER = "nameidentifiermapper"; 725 726 /** 727 * A SAML service attribute parameter that lists the IP addresses and/or 728 * the certAlias for all of the hosts, within the specified partner site, 729 * that can send requests to this site. This ensures that the requester is 730 * indeed the intended receiver for the SAML artifact. 731 * 732 * @supported.api 733 */ 734 public static final String HOST_LIST = "hostlist"; 735 736 /** 737 * A POST attribute name that specifies an assertion. 738 * 739 * @supported.api 740 */ 741 public static final String POST_ASSERTION_NAME = "ASSERTION"; 742 743 /** 744 * A POST attribute name that specifies attribute names of an assertion. 745 * 746 * @supported.api 747 */ 748 public static final String POST_ATTR_NAMES = "ATTRIBUTENAMES"; 749 750 /** 751 * A SAML service attribute parameter that specifies a certAlias name used 752 * for verifying the signature in an assertion, when the assertion is 753 * signed by a partner and the certificate of the partner can not be found 754 * in the KeyInfo portion of the signed assertion. 755 * 756 * @supported.api 757 */ 758 public static final String CERTALIAS = "CERTALIAS"; 759 760 /** 761 * A SAML service attribute parameter that defines the creator of an 762 * assertion generated within OpenAM. The syntax is 763 * hostname:port. 764 * 765 * @supported.api 766 */ 767 public static final String ISSUER = "ISSUER"; 768 769 /** 770 * A SAML service attribute parameter that specifies the class with the 771 * path to where the attributeMapper is located. Applications can develop 772 * an attributeMapper to obtain either an Session ID or an assertion 773 * containing AuthenticationStatement from the query. The mapper is then 774 * used to retrieve the attributes for the subject. If no attributeMapper 775 * is specified, DefaultAttributeMapper will be used. 776 * 777 * @supported.api 778 */ 779 public static final String ATTRIBUTEMAPPER = "ATTRIBUTEMAPPER"; 780 781 /** 782 * A SAML service attribute parameter that specifies the class with the 783 * path to where the actionMapper is located. Applications can develop an 784 * actionMapper to obtain either an Session ID or an assertion containing 785 * AuthenticationStatement from the query. The mapper is then used to 786 * retrieve the authorization decisions for the actions defined in the 787 * query. If no actionMapper is specified, DefaultActionMapper will be 788 * used. 789 * 790 * @supported.api 791 */ 792 public static final String ACTIONMAPPER = "ACTIONMAPPER"; 793 794 /** 795 * A SAML service attribute parameter that specifies SAML version 796 * 797 * @supported.api 798 */ 799 public static final String VERSION = "VERSION"; 800 801 /** 802 * SAML service attribute that specifies action service mapping. 803 */ 804 public static final String ACTION_SERVICE_MAPPING = 805 "iplanet-am-saml-action-service-mapping"; 806 807 /** 808 * SAML service attribute that specifies POST to Target URLs. 809 */ 810 public static final String POST_TO_TARGET_URLS = 811 "iplanet-am-saml-post-to-target-urls"; 812 813 /** 814 * SAML service attribute that specifies maximum number of assertions 815 * the server can have at a given time. 816 */ 817 public static final String ASSERTION_MAX_NUMBER_NAME = 818 "iplanet-am-saml-assertion-max-number"; 819 /** 820 * Default maximum number of assertions of the server. It means no limit. 821 */ 822 public static final int ASSERTION_MAX_NUMBER_DEFAULT = 0; 823 824 /** 825 * SAML service attribute that specifies server clean up interval. 826 */ 827 public static final String CLEANUP_INTERVAL_NAME = 828 "iplanet-am-saml-cleanup-interval"; 829 /** 830 * System property name that specifies cleanup interval for internal 831 * cache, such as assertions, artifacts and keystore etc. 832 * This property is mapped to the CLEANUP_INTERVAL_NAME attribute in 833 * SAML service on the server side. 834 */ 835 public static final String CLEANUP_INTERVAL_PROPERTY = 836 "com.sun.identity.saml.cleanup.interval"; 837 838 /** 839 * Default server cleanup interval. It is in seconds. 840 */ 841 public static final int CLEANUP_INTERVAL_DEFAULT = 180; 842 843 /** 844 * Kerberos authentication method. 845 */ 846 public static final String AUTH_METHOD_KERBEROS = "Kerberos"; 847 848 /** 849 * Certificate authentication method. 850 */ 851 public static final String AUTH_METHOD_CERT = "Cert"; 852 853 /** 854 * Certificate authentication method URI. 855 */ 856 public static final String AUTH_METHOD_CERT_URI = "urn:ietf:rfc:2246"; 857 858 /** 859 * Password authentication method URI. 860 */ 861 public static final String AUTH_METHOD_PASSWORD_URI = 862 "urn:oasis:names:tc:SAML:1.0:am:password"; 863 864 /** 865 * Hardware token authentication method uri. 866 */ 867 public static final String AUTH_METHOD_HARDWARE_TOKEN_URI = 868 "urn:oasis:names:tc:SAML:1.0:am:HardwareToken"; 869 870 /** 871 * Kerberos authentication method uri. 872 */ 873 public static final String AUTH_METHOD_KERBEROS_URI = "urn:ietf:rfc:1510"; 874 875 /** 876 * Private authentication method prefix. 877 */ 878 public static final String AUTH_METHOD_URI_PREFIX = 879 "urn:com:sun:identity:"; 880 881 /** 882 * SAML service attribute which identifies basic authentication user. 883 */ 884 public static final String USER = "iplanet-am-saml-user"; 885 886 /** 887 * SAML service attribute which identifies basic authentication password. 888 */ 889 public static final String PASSWORD="iplanet-am-saml-password"; 890 891 /** 892 * A SAML authentication type that uses HTTP protocol and username/password 893 * 894 * @supported.api 895 */ 896 public static final String BASICAUTH= "BASICAUTH"; 897 898 /** 899 * A SAML authentication type that uses HTTPS protocol and 900 * username/password 901 * 902 * @supported.api 903 */ 904 public static final String SSLWITHBASICAUTH = "SSLWITHBASICAUTH"; 905 906 /** 907 * A SAML authentication type that uses HTTP protocol 908 * 909 * @supported.api 910 */ 911 public static final String NOAUTH = "NOAUTH"; 912 913 /** 914 * A SAML authentication type that uses HTTPS protocol 915 * 916 * @supported.api 917 */ 918 public static final String SSL = "SSL"; 919 920 /** 921 * Parameter for Name Identifier format used in SAML web browser post 922 * profile and SAML web browser artifact profile. 923 */ 924 public static final String NAME_ID_FORMAT="NameIDFormat"; 925 926 /** 927 * Constant for servlet which does SAML web browser artifact profile. 928 */ 929 public static final String SAML_AWARE_NAMING="samlawareservlet"; 930 931 /** 932 * Constant for endpoint which accepts SOAP request. 933 */ 934 public static final String SAML_SOAP_NAMING="samlsoapreceiver"; 935 936 /** 937 * Constant for servlet which does SAML web browser post profile. 938 */ 939 public static final String SAML_POST_NAMING="samlpostservlet"; 940 941 /** 942 * Constant for process which handles all assertion related requests. 943 */ 944 public static final String SAML_AM_NAMING = "samlassertionmanager"; 945 946 /** 947 * Parameter for SAML response used in SAML web browser post profile. 948 */ 949 public static final String POST_SAML_RESPONSE_PARAM = "SAMLResponse"; 950 951 /** 952 * Parameter for SAML TARGET. 953 */ 954 public static final String POST_TARGET_PARAM = "TARGET"; 955 956 // for SAMLPOSTProfileServlet 957 958 /** 959 * Constant which identifies source site. 960 */ 961 public static final String SOURCE_SITE_SOAP_ENTRY = "sourceSite"; 962 963 /** 964 * Constant for assertion parameter. 965 */ 966 public static final String POST_ASSERTION = "assertion"; 967 968 /** 969 * Constant for subject. 970 */ 971 public static final String SUBJECT = "subject"; 972 973 /** 974 * Success status code. 975 */ 976 public static final String STATUS_CODE_SUCCESS = "samlp:Success"; 977 978 /** 979 * Success status code with no namespace prefix. 980 */ 981 public static final String STATUS_CODE_SUCCESS_NO_PREFIX = ":Success"; 982 983 /** 984 * http protocol. 985 */ 986 public static final String HTTP="http"; 987 988 /** 989 * https protocol. 990 */ 991 public static final String HTTPS="https"; 992 993 // Used for xml digital signing 994 public static final String CANONICALIZATION_METHOD = 995 "com.sun.identity.saml.xmlsig.c14nMethod"; 996 public static final String TRANSFORM_ALGORITHM= 997 "com.sun.identity.saml.xmlsig.transformAlg"; 998 public static final String XMLSIG_ALGORITHM = 999 "com.sun.identity.saml.xmlsig.xmlSigAlgorithm"; 1000 public static final String DIGEST_ALGORITHM = 1001 "com.sun.identity.saml.xmlsig.digestAlgorithm"; 1002 public static final String JKS_KEY_PROVIDER = 1003 "com.sun.identity.saml.xmlsig.JKSKeyProvider"; 1004 public static final String KEY_PROVIDER_IMPL_CLASS = 1005 "com.sun.identity.saml.xmlsig.keyprovider.class"; 1006 public static final String SIGNATURE_PROVIDER_IMPL_CLASS = 1007 "com.sun.identity.saml.xmlsig.signatureprovider.class"; 1008 public static final String AM_SIGNATURE_PROVIDER = 1009 "com.sun.identity.saml.xmlsig.AMSignatureProvider"; 1010 1011 // constants for XML Signature SignatureMethodURI 1012 1013 /** 1014 * MAC Algorithm HMAC-SHA1 URI - Required. 1015 * 1016 * @supported.api 1017 */ 1018 public static final String ALGO_ID_MAC_HMAC_SHA1 = 1019 "http://www.w3.org/2000/09/xmldsig#hmac-sha1"; 1020 1021 /** 1022 * Signature Algorithm DSAwithSHA1 URI - Required. 1023 * 1024 * @supported.api 1025 */ 1026 public static final String ALGO_ID_SIGNATURE_DSA = 1027 "http://www.w3.org/2000/09/xmldsig#dsa-sha1"; 1028 1029 /** 1030 * Signature Algorithm RSAwithSHA1 URI - Recommended. 1031 * 1032 * @supported.api 1033 */ 1034 public static final String ALGO_ID_SIGNATURE_RSA = 1035 "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; 1036 /** 1037 * Signature Algorithm RSAwithSHA1 URI. 1038 * 1039 * @supported.api 1040 */ 1041 public static final String ALGO_ID_SIGNATURE_RSA_SHA1 = 1042 "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; 1043 1044 /** 1045 * Signature Algorithm RSA-MD5 URI. 1046 * 1047 * @supported.api 1048 */ 1049 public static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 = 1050 "http://www.w3.org/2001/04/xmldsig-more#rsa-md5"; 1051 1052 /** 1053 * Signature Algorithm RSA-RIPEMD160 URI. 1054 * 1055 * @supported.api 1056 */ 1057 public static final String ALGO_ID_SIGNATURE_RSA_RIPEMD160 = 1058 "http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"; 1059 1060 /** 1061 * Signature Algorithm RSA-SHA256 URI. 1062 * 1063 * @supported.api 1064 */ 1065 public static final String ALGO_ID_SIGNATURE_RSA_SHA256 = 1066 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; 1067 1068 /** 1069 * Signature Algorithm RSA-SHA384 URI. 1070 * 1071 * @supported.api 1072 */ 1073 public static final String ALGO_ID_SIGNATURE_RSA_SHA384 = 1074 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"; 1075 1076 /** 1077 * Signature Algorithm RSA-SHA512 URI. 1078 * 1079 * @supported.api 1080 */ 1081 public static final String ALGO_ID_SIGNATURE_RSA_SHA512 = 1082 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"; 1083 1084 /** 1085 * MAC Algorithm HMAC-MD5 URI. 1086 * 1087 * @supported.api 1088 */ 1089 public static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 = 1090 "http://www.w3.org/2001/04/xmldsig-more#hmac-md5"; 1091 1092 /** 1093 * MAC Algorithm HMAC-RIPEMD160 URI. 1094 * 1095 * @supported.api 1096 */ 1097 public static final String ALGO_ID_MAC_HMAC_RIPEMD160 = 1098 "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"; 1099 1100 /** 1101 * MAC Algorithm HMAC-SHA256 URI. 1102 * 1103 * @supported.api 1104 */ 1105 public static final String ALGO_ID_MAC_HMAC_SHA256 = 1106 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"; 1107 1108 /** 1109 * MAC Algorithm HMAC-SHA384 URI. 1110 * 1111 * @supported.api 1112 */ 1113 public static final String ALGO_ID_MAC_HMAC_SHA384 = 1114 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"; 1115 1116 /** 1117 * MAC Algorithm HMAC-SHA512 URI. 1118 * 1119 * @supported.api 1120 */ 1121 public static final String ALGO_ID_MAC_HMAC_SHA512 = 1122 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"; 1123 1124 /** 1125 * Attribute that identifies server protocol in 1126 * <code>AMConfig.properties</code> file. 1127 */ 1128 public static final String SERVER_PROTOCOL = 1129 "com.iplanet.am.server.protocol"; 1130 1131 /** 1132 * Attribute that identifies server host in 1133 * <code>AMConfig.properties</code> file. 1134 */ 1135 public static final String SERVER_HOST = "com.iplanet.am.server.host"; 1136 1137 /** 1138 * Attribute that identifies server port in 1139 * <code>AMConfig.properties</code> file. 1140 */ 1141 public static final String SERVER_PORT = "com.iplanet.am.server.port"; 1142 1143 /** 1144 * Attribute that identifies server port in 1145 * <code>AMConfig.properties</code> file. 1146 */ 1147 public static final String SERVER_URI = 1148 "com.iplanet.am.services.deploymentDescriptor"; 1149 1150 /** 1151 * Attribute that identifies default version for saml assertion in 1152 * <code>AMConfig.properties</code> file. 1153 */ 1154 public static final String SAML_ASSERTION_VERSION = 1155 "com.sun.identity.saml.assertion.version"; 1156 1157 /** 1158 * Attribute that identifies default version for saml protocol in 1159 * <code>AMConfig.properties</code> file. 1160 */ 1161 public static final String SAML_PROTOCOL_VERSION = 1162 "com.sun.identity.saml.protocol.version"; 1163 1164 /** 1165 * XML canonicalization Algorithm URI. 1166 * 1167 * @supported.api 1168 */ 1169 public static final String ALGO_ID_C14N_OMIT_COMMENTS = 1170 "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; 1171 1172 /** 1173 * XML canonicalization with comments Algorithm URI. 1174 * 1175 * @supported.api 1176 */ 1177 public static final String ALGO_ID_C14N_WITH_COMMENTS = 1178 ALGO_ID_C14N_OMIT_COMMENTS + "#WithComments"; 1179 1180 /** 1181 * Exclusive XML canonicalization Algorithm URI. 1182 * 1183 * @supported.api 1184 */ 1185 public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS = 1186 "http://www.w3.org/2001/10/xml-exc-c14n#"; 1187 1188 /** 1189 * Exclusive XML canonicalization with comments Algorithm URI. 1190 * 1191 * @supported.api 1192 */ 1193 public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS = 1194 ALGO_ID_C14N_EXCL_OMIT_COMMENTS + "WithComments"; 1195 1196 //constants for XML Signature -Transform algorithm 1197 //supported in Apache xml security package 1.0.5 1198 1199 /** 1200 * XML canonicalization Transform URI. 1201 * 1202 * @supported.api 1203 */ 1204 public static final String TRANSFORM_C14N_OMIT_COMMENTS = 1205 ALGO_ID_C14N_OMIT_COMMENTS; 1206 1207 /** 1208 * XML canonicalization with comments Transform URI. 1209 * 1210 * @supported.api 1211 */ 1212 public static final String TRANSFORM_C14N_WITH_COMMENTS = 1213 ALGO_ID_C14N_WITH_COMMENTS; 1214 1215 /** 1216 * Exclusive XML canonicalization Transform URI. 1217 * 1218 * @supported.api 1219 */ 1220 public static final String TRANSFORM_C14N_EXCL_OMIT_COMMENTS = 1221 ALGO_ID_C14N_EXCL_OMIT_COMMENTS; 1222 1223 /** 1224 * Exclusive XML canonicalization with comments Transform URI. 1225 * 1226 * @supported.api 1227 */ 1228 public static final String TRANSFORM_C14N_EXCL_WITH_COMMENTS = 1229 ALGO_ID_C14N_EXCL_WITH_COMMENTS; 1230 1231 /** 1232 * XSLT Transform URI. 1233 * 1234 * @supported.api 1235 */ 1236 public static final String TRANSFORM_XSLT = 1237 "http://www.w3.org/TR/1999/REC-xslt-19991116"; 1238 1239 /** 1240 * Base64 decoding Transform URI. 1241 * 1242 * @supported.api 1243 */ 1244 public static final String TRANSFORM_BASE64_DECODE = 1245 XMLSIG_NAMESPACE_URI + "base64"; 1246 1247 /** 1248 * XPath Transform URI. 1249 * 1250 * @supported.api 1251 */ 1252 public static final String TRANSFORM_XPATH = 1253 "http://www.w3.org/TR/1999/REC-xpath-19991116"; 1254 1255 /** 1256 * Enveloped Signature Transform URI. 1257 * 1258 * @supported.api 1259 */ 1260 public static final String TRANSFORM_ENVELOPED_SIGNATURE = 1261 XMLSIG_NAMESPACE_URI + "enveloped-signature"; 1262 1263 /** 1264 * XPointer Transform URI. 1265 * 1266 * @supported.api 1267 */ 1268 public static final String TRANSFORM_XPOINTER = 1269 "http://www.w3.org/TR/2001/WD-xptr-20010108"; 1270 1271 /** 1272 * XPath Filter v2.0 Transform URI. 1273 * 1274 * @supported.api 1275 */ 1276 public static final String TRANSFORM_XPATH2FILTER04 = 1277 "http://www.w3.org/2002/04/xmldsig-filter2"; 1278 1279 /** 1280 * XPath Filter v2.0 Transform URI. 1281 * 1282 * @supported.api 1283 */ 1284 public static final String TRANSFORM_XPATH2FILTER = 1285 "http://www.w3.org/2002/06/xmldsig-filter2"; 1286 1287 /** 1288 * XPath Filter v2.0 CHGP Transform URI. 1289 * 1290 * @supported.api 1291 */ 1292 public static final String TRANSFORM_XPATHFILTERCHGP = 1293 "http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter"; 1294 1295 /** 1296 * XML schema namespace. 1297 * 1298 * @supported.api 1299 */ 1300 public static final String NS_XMLNS = "http://www.w3.org/2000/xmlns/"; 1301 1302 /** 1303 * SOAP security namespace. 1304 * 1305 * @supported.api 1306 */ 1307 public static final String NS_SEC = "urn:liberty:sec:2003-08"; 1308 1309 /** 1310 * SOAP utility namespace. 1311 * 1312 * @supported.api 1313 */ 1314 public static final String NS_WSSE = 1315 "http://schemas.xmlsoap.org/ws/2003/06/secext"; 1316 1317 /** 1318 * Liberty security namespace. 1319 * 1320 * @supported.api 1321 */ 1322 public static final String NS_WSU = 1323 "http://schemas.xmlsoap.org/ws/2003/06/utility"; 1324 1325 /** 1326 * String that identifies wsu prefix. 1327 */ 1328 public static final String PREFIX_WSU = "wsu"; 1329 1330 /** 1331 * String that identifies ds prefix. 1332 */ 1333 public static final String PREFIX_DS = "ds"; 1334 1335 /** 1336 * String that identifies tag name "SecurityTokenReference". 1337 */ 1338 public static final String TAG_SECURITYTOKENREFERENCE = 1339 "SecurityTokenReference"; 1340 1341 /** 1342 * String that identifies tag xmlns. 1343 */ 1344 public static final String TAG_XMLNS = "xmlns"; 1345 1346 /** 1347 * String that identifies "xmlns:sec". 1348 */ 1349 public static final String TAG_XMLNS_SEC = "xmlns:sec"; 1350 1351 /** 1352 * Usage tag name. 1353 */ 1354 public static final String TAG_USAGE = "Usage"; 1355 1356 /** 1357 * MessageAuthentication tag name with namespace prefix. 1358 */ 1359 public static final String TAG_SEC_MESSAGEAUTHENTICATION = 1360 "sec:MessageAuthentication"; 1361 1362 /** 1363 * Tag name for <code>BinarySecurityToken</code> with namespace prefix. 1364 */ 1365 public static final String TAG_WSSE_BINARYSECURITYTOKEN = 1366 "wsse:BinarySecurityToken"; 1367 1368 /** 1369 * Tag name for <code>Security</code>. 1370 */ 1371 public static final String TAG_SECURITY = "Security"; 1372 1373 /** 1374 * Tag name for <code>AssertionIDReference</code>. 1375 */ 1376 public static final String TAG_ASSERTIONIDREFERENCE = 1377 "AssertionIDReference"; 1378 1379 /** 1380 * Tag name for <code>Assertion</code>. 1381 */ 1382 public static final String TAG_ASSERTION = "Assertion"; 1383 1384 /** 1385 * String that identifies <code>AssertionID</code>. 1386 */ 1387 public static final String TAG_ASSERTION_ID = "AssertionID"; 1388 1389 /** 1390 * Tag name for <code>BinarySecurityToken</code>. 1391 */ 1392 public static final String BINARYSECURITYTOKEN = "BinarySecurityToken"; 1393 1394 /** 1395 * Tag name for "Id". 1396 */ 1397 public static final String TAG_ID = "Id"; 1398 1399 /** 1400 * Tag name for <code>Reference</code>. 1401 */ 1402 public static final String TAG_REFERENCE = "Reference"; 1403 1404 /** 1405 * Tag name for <code>URI</code>. 1406 */ 1407 public static final String TAG_URI = "URI"; 1408 1409 /** 1410 * Tag name for <code>ValueType</code>. 1411 */ 1412 public static final String TAG_VALUETYPE = "ValueType"; 1413 1414 /** 1415 * Tag name for <code>KeyInfo</code>. 1416 */ 1417 public static final String TAG_KEYINFO = "KeyInfo"; 1418 1419 /** 1420 * Tag name for <code>KeyName</code>. 1421 */ 1422 public static final String TAG_KEYNAME = "KeyName"; 1423 1424 /** 1425 * Tag name for <code>KeyValue<code>. 1426 */ 1427 public static final String TAG_KEYVALUE = "KeyValue"; 1428 1429 /** 1430 * Tag name for <code>PKCS7</code> with wsse namespace prefix. 1431 */ 1432 public static final String TAG_PKCS7 = "wsse:PKCS7"; 1433 1434 /** 1435 * Tag name for <code>X509Data</code>. 1436 */ 1437 public static final String TAG_X509DATA = "X509Data"; 1438 1439 /** 1440 * Tag name for <code>X509Certificate</code>. 1441 */ 1442 public static final String TAG_X509CERTIFICATE = "X509Certificate"; 1443 1444 /** 1445 * Beginning of certificate string. 1446 */ 1447 public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----\n"; 1448 1449 /** 1450 * End of certificate string. 1451 */ 1452 public static final String END_CERT = "\n-----END CERTIFICATE-----"; 1453 1454 /** 1455 * <code>DSAKeyValue</code> tag name. 1456 */ 1457 public static final String TAG_DSAKEYVALUE = "DSAKeyValue"; 1458 1459 /** 1460 * <code>RSAKeyValue</code> tag name. 1461 */ 1462 public static final String TAG_RSAKEYVALUE = "RSAKeyValue"; 1463 1464 /** 1465 * Attribute which identifies certificate alias of this site. 1466 * This value is configured through <code>AMConfig.properties</code>. 1467 */ 1468 public static final String MYCERTALIAS = 1469 "com.sun.identity.saml.xmlsig.certalias"; 1470 1471 /** 1472 * User Name attribute key in the Attribute Map. 1473 */ 1474 public static final String USER_NAME = "USER_NAME"; 1475 1476 /** 1477 * SAML component name to be used to get datastore provider. 1478 */ 1479 public static final String SAML = "saml"; 1480 /** 1481 * SAML component default name space. 1482 */ 1483 public static final String ATTR_NAME_SPACE = 1484 "urn:com:sun:identity:attrnamespace"; 1485 1486 public static final String TAG_USERNAME_TOKEN = "UsernameToken"; 1487 /** 1488 * Keyname for escaping special characters in <code>AttributeValue</code>. 1489 * If true, escaping special characters. Otherwise, will not. Default 1490 * value is "true". 1491 */ 1492 public static final String ESCAPE_ATTR_VALUE = 1493 "com.sun.identity.saml.escapeattributevalue"; 1494 1495 /** 1496 * HTTP POST binding. 1497 */ 1498 public static final String HTTP_POST = "HTTP-POST"; 1499 1500 /** 1501 * HTTP Redirect binding. 1502 */ 1503 public static final String HTTP_REDIRECT = "HTTP-Redirect"; 1504 1505 /** 1506 * Property to identity the HTTP binding for displaying error page. 1507 */ 1508 public static final String ERROR_PAGE_HTTP_BINDING = 1509 "com.sun.identity.saml.errorpage.httpbinding"; 1510 1511 /** 1512 * Property to identify the error page url. 1513 */ 1514 public static final String ERROR_PAGE_URL = 1515 "com.sun.identity.saml.errorpage.url"; 1516 /** 1517 * Default error page url. 1518 */ 1519 public static final String DEFAULT_ERROR_PAGE_URL = 1520 "/saml2/jsp/saml2error.jsp"; 1521 /** 1522 * HTTP status code. 1523 */ 1524 public static final String HTTP_STATUS_CODE = "httpstatuscode"; 1525 1526 /** 1527 * Error message. 1528 */ 1529 public static final String ERROR_MESSAGE = "errormessage"; 1530 1531 /** 1532 * Error code. 1533 */ 1534 public static final String ERROR_CODE = "errorcode"; 1535 1536 /** 1537 * Accept Language HTTP header 1538 */ 1539 public static final String ACCEPT_LANG_HEADER = "Accept-Language"; 1540}