001/* 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: SAML2Constants.java,v 1.44 2009/11/24 21:53:02 madan_ranganath Exp $ 026 * 027 * Portions Copyrighted 2010-2017 ForgeRock AS. 028 */ 029package com.sun.identity.saml2.common; 030 031import com.sun.identity.cot.COTConstants; 032 033/** 034 * This interface defines constants common to all SAMLv2 elements. 035 * 036 * @supported.all.api 037 */ 038public interface SAML2Constants { 039 040 /** 041 * XML name space URI 042 */ 043 public String NS_XML = "http://www.w3.org/2000/xmlns/"; 044 045 /** 046 * String used to declare SAMLv2 assertion namespace prefix. 047 */ 048 public String ASSERTION_PREFIX = "saml:"; 049 050 /** 051 * String used to declare SAMLv2 assertion namespace. 052 */ 053 public String ASSERTION_DECLARE_STR = 054 " xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\""; 055 056 /** 057 * SAMLv2 assertion namespace URI. 058 */ 059 public String ASSERTION_NAMESPACE_URI = 060 "urn:oasis:names:tc:SAML:2.0:assertion"; 061 062 /** 063 * Default namespace attribute for <code>Action</code>. 064 */ 065 public String ACTION_NAMESPACE_NEGATION = 066 "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation"; 067 068 /** 069 * String used to declare SAMLv2 protocol namespace prefix. 070 */ 071 public String PROTOCOL_PREFIX = "samlp:"; 072 073 /** 074 * String used to declare SAMLv2 protocol namespace. 075 */ 076 public String PROTOCOL_NAMESPACE = "urn:oasis:names:tc:SAML:2.0:protocol"; 077 078 /** 079 * String used to declare SAMLv2 protocol namespace. 080 */ 081 public String PROTOCOL_DECLARE_STR = 082 " xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\""; 083 084 /** 085 * String used to represent HTTP Redirect Binding. 086 */ 087 public String HTTP_REDIRECT = 088 "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"; 089 090 /** 091 * String used to represent SOAP Binding. 092 */ 093 public String SOAP = 094 "urn:oasis:names:tc:SAML:2.0:bindings:SOAP"; 095 096 /** 097 * String used to represent PAOS Binding. 098 */ 099 public static final String PAOS = 100 "urn:oasis:names:tc:SAML:2.0:bindings:PAOS"; 101 102 /** 103 * String used to represent HTTP POST Binding. 104 */ 105 public String HTTP_POST = 106 "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"; 107 108 /** 109 * String used to represent HTTP ARTIFACT Binding. 110 */ 111 public String HTTP_ARTIFACT = 112 "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"; 113 114 /** 115 * String used to represent URI Binding. 116 */ 117 public String URI = 118 "urn:oasis:names:tc:SAML:2.0:bindings:URI"; 119 120 /** 121 * String to represent Name Identifier Format name space 122 */ 123 public String NAMEID_FORMAT_NAMESPACE= 124 "urn:oasis:names:tc:SAML:2.0:nameid-format:"; 125 126 /** 127 * String to represent Name Identifier Format name space 128 * version 1.1 129 */ 130 public static final String NAMEID_FORMAT_NAMESPACE_V_1_1= 131 "urn:oasis:names:tc:SAML:1.1:nameid-format:"; 132 133 /** 134 * String to represent Encrypted Format Name Identifier 135 */ 136 public String ENCRYPTED = 137 NAMEID_FORMAT_NAMESPACE + "encrypted"; 138 139 140 /** 141 * String to represent Persitent Name Identifier 142 */ 143 public String PERSISTENT = 144 NAMEID_FORMAT_NAMESPACE + "persistent"; 145 146 /** 147 * String to represent Unspecified Name Identifier 148 */ 149 public String UNSPECIFIED = 150 NAMEID_FORMAT_NAMESPACE_V_1_1 + "unspecified"; 151 152 /** 153 * String to represent Email Address Name Identifier 154 */ 155 public String EMAIL_ADDRESS = 156 NAMEID_FORMAT_NAMESPACE_V_1_1 + "emailAddress"; 157 158 /** 159 * String to represent Entity Name Identifier 160 */ 161 public String ENTITY = 162 NAMEID_FORMAT_NAMESPACE + "entity"; 163 164 /** 165 * String to represent X509 Subejct Name Identifier 166 */ 167 public String X509_SUBJECT_NAME = 168 NAMEID_FORMAT_NAMESPACE_V_1_1 + "X509SubjectName"; 169 170 /** 171 * String to represent Windows Domain Qualified Name Identifier 172 */ 173 public String WINDOWS_DOMAIN_QUALIFIED_NAME = 174 NAMEID_FORMAT_NAMESPACE_V_1_1 + "WindowsDomainQualifiedName"; 175 176 /** 177 * String to represent Kerberos Principal Name Identifier 178 */ 179 public String KERBEROS_PRINCIPAL_NAME = 180 NAMEID_FORMAT_NAMESPACE + "kerberos"; 181 182 /** 183 * String to represent the authentication service url 184 */ 185 public String AUTH_URL = "AuthUrl"; 186 187 /** 188 * Used when the SAML endpoints are RP'd to a non-server/site URL, typically 189 * to DAS 190 */ 191 public String RP_URL = "RpUrl"; 192 193 /** 194 * Strings represent primitive top-level StatusCode values 195 */ 196 public String SUCCESS = 197 "urn:oasis:names:tc:SAML:2.0:status:Success"; 198 199 public String REQUESTER = 200 "urn:oasis:names:tc:SAML:2.0:status:Requester"; 201 202 public String RESPONDER = 203 "urn:oasis:names:tc:SAML:2.0:status:Responder"; 204 205 public String NOPASSIVE = 206 "urn:oasis:names:tc:SAML:2.0:status:NoPassive"; 207 208 public String VERSION_MISMATCH = 209 "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"; 210 211 public String UNKNOWN_PRINCIPAL = 212 "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal"; 213 214 public String AUTHN_FAILED = 215 "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"; 216 217 public String INVALID_ATTR_NAME_OR_VALUE = 218 "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue"; 219 220 public String INVALID_NAME_ID_POLICY = 221 "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy"; 222 223 public String NO_AUTHN_CONTEXT = 224 "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext"; 225 226 /** 227 * Basic name format 228 */ 229 public String BASIC_NAME_FORMAT = 230 "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"; 231 232 /** 233 * Basic attribute profile 234 */ 235 public String BASIC_ATTRIBUTE_PROFILE = 236 "urn:oasis:names:tc:SAML:2.0:profiles:attribute:basic"; 237 238 /** 239 * Attribute Query default profile 240 */ 241 public static final String DEFAULT_ATTR_QUERY_PROFILE = 242 "urn:oasis:names:tc:SAML:2.0:profiles:query"; 243 244 /** 245 * Attribute Query x509 Subject profile 246 */ 247 public static final String X509_SUBJECT_ATTR_QUERY_PROFILE = 248 "urn:oasis:names:tc:SAML:2.0:profiles:query:attribute:X509"; 249 250 /** 251 * Attribute Query default profile alias 252 */ 253 public static final String DEFAULT_ATTR_QUERY_PROFILE_ALIAS = 254 "default"; 255 256 /** 257 * Attribute Query x509 Subject profile alias 258 */ 259 public static final String X509_SUBJECT_ATTR_QUERY_PROFILE_ALIAS = 260 "x509Subject"; 261 262 /** 263 * Strings represent subject confirmation methods 264 */ 265 public String SUBJECT_CONFIRMATION_METHOD_BEARER = 266 "urn:oasis:names:tc:SAML:2.0:cm:bearer"; 267 268 /** 269 * Confirmation method for holder of key 270 */ 271 public String SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY = 272 "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"; 273 274 /** 275 * Confirmation method for sender vouches 276 */ 277 public String SUBJECT_CONFIRMATION_METHOD_SENDER_VOUCHES = 278 "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"; 279 280 /** 281 * Session Property name indicating if response is redirected or not 282 */ 283 public String RESPONSE_REDIRECTED = "SAML2ResponseRedirected"; 284 285 /** 286 * Length for SAMLv2 IDs. 287 */ 288 public int ID_LENGTH = 20; 289 290 /** 291 * SAMLv2 Version String 292 */ 293 public String VERSION_2_0 = "2.0"; 294 295 /** 296 * SAMLRequest query parameter name 297 */ 298 public String SAML_REQUEST = "SAMLRequest"; 299 300 /** 301 * SAMLResponse query parameter name 302 */ 303 public String SAML_RESPONSE = "SAMLResponse"; 304 305 306 /** 307 * Maximum value of unsigned integer/short type. 308 */ 309 public int MAX_INT_VALUE=65535; 310 311 /** 312 * Start Tag for XML String 313 */ 314 public String START_TAG="<"; 315 /** 316 * End Tag for XML String 317 */ 318 public String END_TAG =">"; 319 320 /** 321 * Constant for space 322 */ 323 public String SPACE=" "; 324 /** 325 * Constant for equal 326 */ 327 public String EQUAL= "="; 328 329 /** 330 * Constant for quote 331 */ 332 public String QUOTE = "\""; 333 334 /** 335 * Constant for newline 336 */ 337 public String NEWLINE= "\n"; 338 339 /** 340 * Constant for xml name space 341 */ 342 public String NAMESPACE_PREFIX="xmlns"; 343 344 /** 345 * Constant for SAML2 end tag 346 */ 347 public String SAML2_END_TAG="</samlp:"; 348 349 /** 350 * Constant for AuthnRequest 351 */ 352 public String AUTHNREQUEST="AuthnRequest"; 353 354 /** 355 * Constant for LogoutRequest 356 */ 357 public String LOGOUT_REQUEST="LogoutRequest"; 358 359 /** 360 * Constant for LogoutResponse 361 */ 362 public String LOGOUT_RESPONSE="LogoutResponse"; 363 364 /** 365 * Constant for AssertionIDRequest 366 */ 367 public String ASSERTION_ID_REQUEST = "AssertionIDRequest"; 368 369 /** 370 * Constant for AttributeQuery 371 */ 372 public String ATTRIBUTE_QUERY = "AttributeQuery"; 373 374 /** 375 * Constant for AuthnQuery 376 */ 377 public String AUTHN_QUERY = "AuthnQuery"; 378 379 /** 380 * Constant for NameIDMappingRequest 381 */ 382 public String NAME_ID_MAPPING_REQUEST = "NameIDMappingRequest"; 383 384 /** 385 * Constant for NameIDMappingResponse 386 */ 387 public String NAME_ID_MAPPING_RESPONSE = "NameIDMappingResponse"; 388 389 /** 390 * Constant for AssertionIDRef 391 */ 392 public String ASSERTION_ID_REF = "AssertionIDRef"; 393 394 /** 395 * Constant for Attribute 396 */ 397 public String ATTRIBUTE="Attribute"; 398 399 /** 400 * Constant for SessionIndex 401 */ 402 public String SESSION_INDEX="SessionIndex"; 403 404 /** 405 * Constant for BaseID 406 */ 407 public String BASEID="BaseID"; 408 409 /** 410 * Constant for NameID 411 */ 412 public String NAMEID="NameID"; 413 414 /** 415 * Constant for EncryptedID 416 */ 417 public String ENCRYPTEDID="EncryptedID"; 418 419 /** 420 * Constant for Reason 421 */ 422 public String REASON="Reason"; 423 424 /** 425 * Constant for NotOnOrAfter 426 */ 427 public String NOTONORAFTER="NotOnOrAfter"; 428 429 /** 430 * Constant for NotOnOrAfter 431 */ 432 public String NOTBEFORE="NotBefore"; 433 434 /** 435 * Constant for InResponseTo 436 */ 437 public String INRESPONSETO="InResponseTo"; 438 439 /** 440 * Constant for ID 441 */ 442 public String ID="ID"; 443 444 445 /** 446 * Constant for Version 447 */ 448 public String VERSION="Version"; 449 450 451 /** 452 * Constant for IssueInstant 453 */ 454 public String ISSUE_INSTANT="IssueInstant"; 455 456 /** 457 * Constant for Destination 458 */ 459 public String DESTINATION="Destination"; 460 461 /** 462 * Constant for Value 463 */ 464 public String VALUE="Value"; 465 466 /** 467 * Constant for Destination 468 */ 469 public String CONSENT="Consent"; 470 471 /** 472 * Constant for Issuer 473 */ 474 public String ISSUER="Issuer"; 475 476 477 /** 478 * Constant for Signature 479 */ 480 public String SIGNATURE="Signature"; 481 482 /** 483 * Constant for forceAuthn attribute 484 */ 485 public String FORCEAUTHN="ForceAuthn"; 486 487 /** 488 * Constant for IsPassive attribute 489 */ 490 public String ISPASSIVE="IsPassive"; 491 492 /** 493 * Constant for AllowCreate attribute 494 */ 495 public String ALLOWCREATE="AllowCreate"; 496 497 /** 498 * Constant for ProtocolBinding attribute 499 */ 500 public String PROTOBINDING="ProtocolBinding"; 501 502 /** 503 * Constant for mustUnderstand attribute 504 */ 505 public static final String MUST_UNDERSTAND = "mustUnderstand"; 506 507 /** 508 * Constant for actor attribute 509 */ 510 public static final String ACTOR = "actor"; 511 512 /** 513 * Constant for Binding parameter name 514 */ 515 public String BINDING="binding"; 516 517 /** 518 * Constant for reqBinding parameter name 519 */ 520 public String REQ_BINDING = "reqBinding"; 521 522 /** 523 * Constant for affiliationID parameter name 524 */ 525 public String AFFILIATION_ID = "affiliationID"; 526 527 /** 528 * Constant for Binding namespace 529 */ 530 public String BINDING_PREFIX = 531 "urn:oasis:names:tc:SAML:2.0:bindings:"; 532 533 /** 534 * Constant for AssertionConsumerServiceIndex attribute 535 */ 536 public String ASSERTION_CONSUMER_SVC_INDEX= 537 "AssertionConsumerServiceIndex"; 538 /** 539 * Constant for AssertionConsumerServiceURL attribute 540 */ 541 public String ASSERTION_CONSUMER_SVC_URL= 542 "AssertionConsumerServiceURL"; 543 /** 544 * Constant for AttributeConsumingServiceIndex attribute 545 */ 546 public String ATTR_CONSUMING_SVC_INDEX= 547 "AttributeConsumingServiceIndex"; 548 /** 549 * Constant for ProviderName attribute 550 */ 551 public String PROVIDER_NAME="ProviderName"; 552 553 /** 554 * Constant for Subject Element 555 */ 556 public String SUBJECT="Subject"; 557 558 /** 559 * Constant for AuthnRequest object 560 */ 561 public String AUTHN_REQUEST = "AuthnRequest"; 562 563 /** 564 * Constant for NameIDPolicy Element 565 */ 566 public String NAMEID_POLICY="NameIDPolicy"; 567 568 /** 569 * Constant for Conditions Element. 570 */ 571 public String CONDITIONS="Conditions"; 572 573 /** 574 * Constant for RequestedAuthnContext Element. 575 */ 576 public String REQ_AUTHN_CONTEXT="RequestedAuthnContext"; 577 578 /** 579 * Constant for Comparison Attribute 580 */ 581 public String COMPARISON ="Comparison"; 582 583 /** 584 * Constant for Scoping Element. 585 */ 586 public String SCOPING="Scoping"; 587 588 /** 589 * Constant for Extensions Element. 590 */ 591 public String EXTENSIONS="Extensions"; 592 593 /** 594 * Constant for StatusDetail Element. 595 */ 596 public String STATUS_DETAIL="StatusDetail"; 597 598 /** 599 * Constant for StatusCode Element. 600 */ 601 public String STATUS_CODE="StatusCode"; 602 603 /** 604 * Constant for Status Element. 605 */ 606 public String STATUS="Status"; 607 608 /** 609 * Constant for StatusMessage Element. 610 */ 611 public String STATUS_MESSAGE="StatusMessage"; 612 613 /** 614 * Constant for GetComplete Element. 615 */ 616 public String GETCOMPLETE="GetComplete"; 617 618 /** 619 * Constant for IDPEntry Element. 620 */ 621 public String IDPENTRY="IDPEntry"; 622 623 /** 624 * Constant for IDPList Element. 625 */ 626 public String IDPLIST="IDPList"; 627 628 /** 629 * Constant for NameIDPolicy Element. 630 */ 631 public String NAMEIDPOLICY="NameIDPolicy"; 632 633 /** 634 * Constant for RequesterID Element. 635 */ 636 public String REQUESTERID="RequesterID"; 637 638 // for SAMLPOSTProfileServlet 639 public String SOURCE_SITE_SOAP_ENTRY = "sourceSite"; 640 public String POST_ASSERTION = "assertion"; 641 public String CLEANUP_INTERVAL_NAME = 642 "iplanet-am-saml-cleanup-interval"; 643 644 /** 645 * NameID info attribute. 646 */ 647 public String NAMEID_INFO = "sun-fm-saml2-nameid-info"; 648 649 /** 650 * NameID info key attribute. 651 */ 652 public String NAMEID_INFO_KEY = "sun-fm-saml2-nameid-infokey"; 653 654 /** 655 * SAML2 data store provider name. 656 */ 657 public String SAML2 = "saml2"; 658 659 /** 660 * Auto federation attribute. 661 */ 662 public String AUTO_FED_ATTRIBUTE = 663 "autofedAttribute"; 664 665 /** 666 * Auto federation enable attribute. 667 */ 668 public String AUTO_FED_ENABLED = 669 "autofedEnabled"; 670 671 /** 672 * Transient federation users. 673 */ 674 public String TRANSIENT_FED_USER = 675 "transientUser"; 676 677 public String NAMEID_TRANSIENT_FORMAT = 678 NAMEID_FORMAT_NAMESPACE + "transient"; 679 680 /** 681 * certficate alias attribute. 682 */ 683 public String CERT_ALIAS = "sun-fm-saml2-cert-alias"; 684 685 /** 686 * NameID format map configuration. 687 */ 688 public String NAME_ID_FORMAT_MAP = "nameIDFormatMap"; 689 690 /** 691 * Attribute map configuration. 692 */ 693 public String ATTRIBUTE_MAP = "attributeMap"; 694 695 /** 696 * Service provider adapter implementation class 697 */ 698 public String SP_ADAPTER_CLASS = "spAdapter"; 699 700 /** 701 * Environment (attribute/value pair) for Service provider adapter 702 * implementation class. Those variables will be passed down as 703 * Map to the implementation class for initialization. 704 */ 705 public String SP_ADAPTER_ENV = "spAdapterEnv"; 706 707 /** 708 * Fedlet adapter implementation class. 709 */ 710 public String FEDLET_ADAPTER_CLASS = "fedletAdapter"; 711 712 /** 713 * Environment (attribute/value pair) for fedlet adapter 714 * implementation class. Those variables will be passed down as 715 * Map to the implementation class for initialization. 716 */ 717 public String FEDLET_ADAPTER_ENV = "fedletAdapterEnv"; 718 719 /** 720 * Service provider account mapper. 721 */ 722 public String SP_ACCOUNT_MAPPER = 723 "spAccountMapper"; 724 725 /** 726 * Use NameID value as local user ID in service provider account mapper. 727 */ 728 public String USE_NAMEID_AS_SP_USERID = "useNameIDAsSPUserID"; 729 730 /** 731 * Service provider attribute mapper. 732 */ 733 public String SP_ATTRIBUTE_MAPPER = 734 "spAttributeMapper"; 735 736 /** 737 * Identity provider account mapper. 738 */ 739 public String IDP_ACCOUNT_MAPPER = 740 "idpAccountMapper"; 741 742 /** 743 * Identity provider attribute mapper. 744 */ 745 public String IDP_ATTRIBUTE_MAPPER = 746 "idpAttributeMapper"; 747 748 /** 749 * Attribute authority mapper. 750 */ 751 public String ATTRIBUTE_AUTHORITY_MAPPER = 752 "attributeAuthorityMapper"; 753 754 /** 755 * Assertion ID request mapper. 756 */ 757 public String ASSERTION_ID_REQUEST_MAPPER = 758 "assertionIDRequestMapper"; 759 760 /** 761 * RelayState Parameter 762 */ 763 public String RELAY_STATE="RelayState"; 764 765 /** 766 * RelayState Alias Parameter 767 */ 768 public String RELAY_STATE_ALIAS="RelayStateAlias"; 769 770 /** 771 * Realm Parameter 772 */ 773 public String REALM="realm"; 774 775 /** 776 * AssertionConsumerServiceIndex Parameter 777 */ 778 public String ACS_URL_INDEX="AssertionConsumerServiceIndex"; 779 780 /** 781 * AttributeConsumingServiceIndex Parameter 782 */ 783 public String ATTR_INDEX="AttributeConsumingServiceIndex"; 784 785 /** 786 * NameIDPolicy Format Identifier Parameter 787 */ 788 public String NAMEID_POLICY_FORMAT="NameIDFormat"; 789 790 /** 791 * True Value String 792 */ 793 public String TRUE="true"; 794 795 /** 796 * False Value String 797 */ 798 public String FALSE="false"; 799 800 public String AUTH_LEVEL="AuthLevel"; 801 public String ORGANIZATION = "Organization"; 802 public String AUTH_LEVEL_ATTR="sunFMAuthContextComparison"; 803 public String AUTH_TYPE="authType"; 804 public String AUTH_LEVEL_ADVICE = "sunamcompositeadvice"; 805 806 public String AUTH_TYPE_ATTR ="sunFMAuthContextType"; 807 808 public String DECLARE_REF_AUTH_TYPE = "AuthContextDeclareRef"; 809 public String CLASS_REF_AUTH_TYPE = "AuthContextClassRef"; 810 811 public String AUTH_CONTEXT_DECL_REF ="AuthContextDeclRef"; 812 public String AUTH_CONTEXT_DECL_REF_ATTR 813 ="sunFMAuthContextDeclareRef"; 814 815 public String AUTH_CONTEXT_CLASS_REF ="AuthnContextClassRef"; 816 817 public String AUTH_CONTEXT_CLASS_REF_ATTR 818 ="sunFMAuthContextClassRef"; 819 820 /** 821 * Parameter name for SAML artifact in http request. 822 */ 823 public String SAML_ART = "SAMLart"; 824 825 /** 826 * Service Provider Role 827 */ 828 public String SP_ROLE = "SPRole"; 829 830 /** 831 * Identity Provider Role 832 */ 833 public String IDP_ROLE = "IDPRole"; 834 835 /** 836 * Constant value for entity acting as both SP and IDP role. 837 */ 838 public String DUAL_ROLE ="DualRole"; 839 840 841 /** 842 * Policy Decision Point Role 843 */ 844 String PDP_ROLE = "PDPRole"; 845 846 /** 847 * Policy Enforcement Point Role 848 */ 849 String PEP_ROLE = "PEPRole"; 850 851 /** 852 * Attribute Authority Role 853 */ 854 String ATTR_AUTH_ROLE = "AttrAuthRole"; 855 856 /** 857 * Attribute Query Role 858 */ 859 String ATTR_QUERY_ROLE = "AttrQueryRole"; 860 861 /** 862 * Authentication Authority Role 863 */ 864 String AUTHN_AUTH_ROLE = "AuthnAuthRole"; 865 866 /** 867 * Unknown Role 868 */ 869 public String UNKNOWN_ROLE = "UNKNOWN"; 870 871 872 /** 873 * Attribute to be configured in SPSSOConfig for SAML2 authentication 874 * module instance name. 875 */ 876 public String AUTH_MODULE_NAME = "saml2AuthModuleName"; 877 878 /** 879 * Attribute to be configured in SPSSOConfig for local authentication url. 880 */ 881 public String LOCAL_AUTH_URL = "localAuthURL"; 882 883 /** 884 * Attribute to be configured in SPSSOConfig for intermediate url. 885 */ 886 public String INTERMEDIATE_URL = "intermediateUrl"; 887 888 /** 889 * Attribute to be configure in SPSSOConfig for default relay state url. 890 */ 891 public String DEFAULT_RELAY_STATE = "defaultRelayState"; 892 893 /** 894 * This is an attribute in entity config for the 895 * entity description 896 */ 897 public String ENTITY_DESCRIPTION = "description"; 898 899 /** 900 * This is an attribute in entity config for the 901 * signing certificate alias 902 */ 903 public String SIGNING_CERT_ALIAS = "signingCertAlias"; 904 905 /** 906 * This is an attribute in entity config for the 907 * signing certificate encrypted keypass 908 */ 909 public String SIGNING_CERT_KEYPASS = "signingCertKeyPass"; 910 911 /** 912 * This is an attribute in entity config for the 913 * encryption certificate alias 914 */ 915 public String ENCRYPTION_CERT_ALIAS = "encryptionCertAlias"; 916 917 /** 918 * The entity role 919 */ 920 public String ROLE = "role"; 921 922 public String SIG_PROVIDER = 923 "com.sun.identity.saml2.xmlsig.SignatureProvider"; 924 925 public String ENC_PROVIDER = 926 "com.sun.identity.saml2.xmlenc.EncryptionProvider"; 927 928 /** 929 * Signing 930 */ 931 public String SIGNING = "signing"; 932 933 /** 934 * Encryption 935 */ 936 public String ENCRYPTION = "encryption"; 937 938 // Delimiter used to separate multiple NameIDKey values. 939 public String SECOND_DELIM = ";"; 940 941 /** 942 * Http request parameter used to indicate whether the intent is 943 * federation or not. Its values are "true" and "false". 944 */ 945 public String FEDERATE = "federate"; 946 947 /** xmlsig signing parameters*/ 948 public String CANONICALIZATION_METHOD = 949 "com.sun.identity.saml.xmlsig.c14nMethod"; 950 public String TRANSFORM_ALGORITHM = 951 "com.sun.identity.saml.xmlsig.transformAlg"; 952 public String XMLSIG_ALGORITHM = 953 "com.sun.identity.saml.xmlsig.xmlSigAlgorithm"; 954 public String DIGEST_ALGORITHM = 955 "com.sun.identity.saml.xmlsig.digestAlgorithm"; 956 /** 957 * Property name for the global default query signature algorithm for RSA keys. 958 */ 959 public String QUERY_SIGNATURE_ALGORITHM_RSA = "org.forgerock.openam.saml2.query.signature.alg.rsa"; 960 /** 961 * Property name for the global default query signature algorithm for DSA keys. 962 */ 963 public String QUERY_SIGNATURE_ALGORITHM_DSA = "org.forgerock.openam.saml2.query.signature.alg.dsa"; 964 /** 965 * Property name for the global default query signature algorithm for EC keys. 966 */ 967 public String QUERY_SIGNATURE_ALGORITHM_EC = "org.forgerock.openam.saml2.query.signature.alg.ec"; 968 public String DSA = "DSA"; 969 public String RSA = "RSA"; 970 971 public String SIG_ALG = "SigAlg"; 972 public String SHA1_WITH_DSA = "SHA1withDSA"; 973 public String SHA1_WITH_RSA = "SHA1withRSA"; 974 975 public String DEFAULT_ENCODING = "UTF-8"; 976 977 // SOAP fault code for requester error 978 public String CLIENT_FAULT = "Client"; 979 980 // SOAP fault code for responder error 981 public String SERVER_FAULT = "Server"; 982 983 public String SESSION = "session"; 984 985 // more constants defined for auth module 986 public String ASSERTIONS = "assertions"; 987 public String MAX_SESSION_TIME = "maxSessionTime"; 988 public String IN_RESPONSE_TO = "inResponseTo"; 989 990 public String SP_METAALIAS = "spMetaAlias"; 991 public String METAALIAS = "metaAlias"; 992 public String SPENTITYID = "spEntityID"; 993 public String IDPENTITYID = "idpEntityID"; 994 public String REQUESTTYPE = "requestType"; 995 996 // Encryption attributes 997 /** 998 * SP Entity Config attribute name. Used to specify whether it wants 999 * Assertion encrypted or not. 1000 */ 1001 public String WANT_ASSERTION_ENCRYPTED = "wantAssertionEncrypted"; 1002 1003 public String WANT_ATTRIBUTE_ENCRYPTED 1004 = "wantAttributeEncrypted"; 1005 public String WANT_NAMEID_ENCRYPTED = "wantNameIDEncrypted"; 1006 1007 // Signing attributes 1008 /** 1009 * IDP Entity Config attribute name. Used to specify whether it wants 1010 * ArtifactResolve signed or not. 1011 */ 1012 public String WANT_ARTIFACT_RESOLVE_SIGNED = "wantArtifactResolveSigned"; 1013 1014 /** 1015 * SP Entity Config attribute name. Used to specify whether it wants 1016 * ArtifactResponse signed or not. 1017 */ 1018 public String WANT_ARTIFACT_RESPONSE_SIGNED = 1019 "wantArtifactResponseSigned"; 1020 public String WANT_LOGOUT_REQUEST_SIGNED 1021 = "wantLogoutRequestSigned"; 1022 public String WANT_LOGOUT_RESPONSE_SIGNED 1023 = "wantLogoutResponseSigned"; 1024 public String WANT_MNI_REQUEST_SIGNED = "wantMNIRequestSigned"; 1025 public String WANT_MNI_RESPONSE_SIGNED 1026 = "wantMNIResponseSigned"; 1027 public String WANT_POST_RESPONSE_SIGNED = "wantPOSTResponseSigned"; 1028 1029 /** 1030 * SP Entity Config attribute name. Used to specify IDPList child element 1031 * of ECP request. 1032 */ 1033 public static final String ECP_REQUEST_IDP_LIST = 1034 "ECPRequestIDPList"; 1035 1036 /** 1037 * SP Entity Config attribute name. Used to specify an implementation class 1038 * that finds IDPList child element of ECP request. 1039 */ 1040 public static final String ECP_REQUEST_IDP_LIST_FINDER_IMPL = 1041 "ECPRequestIDPListFinderImpl"; 1042 1043 /** 1044 * SP Entity Config attribute name. Used to specify attribute 'GetComplete' 1045 * of IDPList child element of ECP request 1046 */ 1047 public static final String ECP_REQUEST_IDP_LIST_GET_COMPLETE = 1048 "ECPRequestIDPListGetComplete"; 1049 1050 /** 1051 * Attribute Authority Config attribute name. Used to specify data store 1052 * attribute name that contains X509 subject DN. 1053 */ 1054 public String X509_SUBJECT_DATA_STORE_ATTR_NAME = 1055 "x509SubjectDataStoreAttrName"; 1056 1057 /** 1058 * Constant for SAML2IDPSessionIndex SSO token property 1059 */ 1060 public String IDP_SESSION_INDEX = "SAML2IDPSessionIndex"; 1061 /** 1062 * Constant for IDPMetaAlias SSO token property 1063 */ 1064 public String IDP_META_ALIAS="IDPMetaAlias"; 1065 1066 // Basic auth for SOAP binding 1067 public String BASIC_AUTH_ON = "basicAuthOn"; 1068 public String BASIC_AUTH_USER = "basicAuthUser"; 1069 public String BASIC_AUTH_PASSWD = "basicAuthPassword"; 1070 1071 /** 1072 * Service provider AuthnContext mapper. 1073 */ 1074 public String SP_AUTHCONTEXT_MAPPER = 1075 "spAuthncontextMapper"; 1076 1077 /** 1078 * Default value for Service provider AuthnContext mapper value. 1079 */ 1080 public String DEFAULT_SP_AUTHCONTEXT_MAPPER = 1081 "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper"; 1082 1083 /** 1084 * Service provider AuthnContext Class Reference and AuthLevel Mapping. 1085 */ 1086 public String SP_AUTH_CONTEXT_CLASS_REF_ATTR= 1087 "spAuthncontextClassrefMapping"; 1088 1089 /** 1090 * Constant for AuthnContext Class Reference namespace 1091 */ 1092 public String AUTH_CTX_PREFIX = 1093 "urn:oasis:names:tc:SAML:2.0:ac:classes:"; 1094 1095 /** 1096 * Service provider AuthnContext Comparison Type attribute name. 1097 */ 1098 public String SP_AUTHCONTEXT_COMPARISON_TYPE = 1099 "spAuthncontextComparisonType"; 1100 1101 /** 1102 * Default Service provider AuthnContext Comparison Type 1103 * attribute value. 1104 */ 1105 public String SP_AUTHCONTEXT_COMPARISON_TYPE_VALUE = "exact"; 1106 1107 /** 1108 * Flag to indicate if the RequestedAuthnContext should be included in an AuthnRequest. 1109 */ 1110 public String INCLUDE_REQUESTED_AUTHN_CONTEXT = "includeRequestedAuthnContext"; 1111 1112 /** 1113 * Service provider AuthnContext Comparison Parameter Name 1114 */ 1115 public String SP_AUTHCONTEXT_COMPARISON = "AuthComparison"; 1116 1117 // Time Skew for Assertion NotOnOrAfter. In seconds. 1118 public String ASSERTION_TIME_SKEW = "assertionTimeSkew"; 1119 public int ASSERTION_TIME_SKEW_DEFAULT = 300; 1120 1121 // key for SAML2 SDK class mapping 1122 public String SDK_CLASS_MAPPING = 1123 "com.sun.identity.saml2.sdk.mapping."; 1124 1125 // Default assertion effective time in seconds 1126 public int ASSERTION_EFFECTIVE_TIME = 600; 1127 1128 // Default assertion NotBefore skew in seconds 1129 public int NOTBEFORE_ASSERTION_SKEW_DEFAULT = 600; 1130 1131 // Assertion effective time attribute name 1132 public String ASSERTION_EFFECTIVE_TIME_ATTRIBUTE = 1133 "assertionEffectiveTime"; 1134 1135 // NotBefore Assertion skew attribute name 1136 public String ASSERTION_NOTBEFORE_SKEW_ATTRIBUTE = 1137 "assertionNotBeforeTimeSkew"; 1138 1139 // IDP authn context mapper class attribute name 1140 public String IDP_AUTHNCONTEXT_MAPPER_CLASS = 1141 "idpAuthncontextMapper"; 1142 1143 // IDP ECP Session mapper class attribute name 1144 public static final String IDP_ECP_SESSION_MAPPER_CLASS = 1145 "idpECPSessionMapper"; 1146 1147 // Default IDP authn context mapper class name 1148 public String DEFAULT_IDP_AUTHNCONTEXT_MAPPER_CLASS = 1149 "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper"; 1150 1151 // Default IDP account mapper class name 1152 public String DEFAULT_IDP_ACCOUNT_MAPPER_CLASS = 1153 "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper"; 1154 1155 // Default SP account mapper class name 1156 public String DEFAULT_SP_ACCOUNT_MAPPER_CLASS = 1157 "com.sun.identity.saml2.plugins.DefaultSPAccountMapper"; 1158 1159 /** 1160 * Default SP attribute mapper class name 1161 */ 1162 public String DEFAULT_SP_ATTRIBUTE_MAPPER_CLASS = "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper"; 1163 1164 // Default IDP attribute mapper class name 1165 public String DEFAULT_IDP_ATTRIBUTE_MAPPER_CLASS = 1166 "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper"; 1167 1168 // Default Attribute Authority mapper class name 1169 public static final String DEFAULT_ATTRIBUTE_AUTHORITY_MAPPER_CLASS = 1170 "com.sun.identity.saml2.plugins.DefaultAttributeAuthorityMapper"; 1171 1172 // Default Assertion ID request mapper class name 1173 public static final String DEFAULT_ASSERTION_ID_REQUEST_MAPPER_CLASS = 1174 "com.sun.identity.saml2.plugins.DefaultAssertionIDRequestMapper"; 1175 1176 // Default IDP ECP Session mapper class name 1177 public static final String DEFAULT_IDP_ECP_SESSION_MAPPER_CLASS = 1178 "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper"; 1179 1180 // IDP authn context class reference mapping attribute name 1181 public String IDP_AUTHNCONTEXT_CLASSREF_MAPPING = 1182 "idpAuthncontextClassrefMapping"; 1183 1184 // AuthnContext Class Reference names 1185 public String CLASSREF_PASSWORD_PROTECTED_TRANSPORT = 1186 "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"; 1187 1188 // Represents an Authentication Level of 0 1189 public Integer AUTH_LEVEL_ZERO = Integer.valueOf(0); 1190 1191 /** 1192 * Default Service provider AuthnContext Class Reference and 1193 * AuthLevel Mapping value. 1194 */ 1195 public String SP_AUTHCONTEXT_CLASSREF_VALUE = 1196 CLASSREF_PASSWORD_PROTECTED_TRANSPORT + "|" + AUTH_LEVEL_ZERO + "|default"; 1197 1198 // COT List 1199 public String COT_LIST = COTConstants.COT_LIST; 1200 1201 // http parameter to default.jsp 1202 public String MESSAGE = "message"; 1203 1204 // Cache Cleanup interval attribute name in AMConfig.properties. 1205 // value in seconds 1206 public String CACHE_CLEANUP_INTERVAL = 1207 "com.sun.identity.saml2.cacheCleanUpInterval"; 1208 1209 // default Cache cleanup interval in seconds. 1210 public int CACHE_CLEANUP_INTERVAL_DEFAULT = 600; 1211 1212 // minimum Cache cleanup interval in seconds (5 mins). 1213 public int CACHE_CLEANUP_INTERVAL_MINIMUM = 300; 1214 1215 // IDP SLO parameter name for logout all sessions 1216 public String LOGOUT_ALL = "logoutAll"; 1217 1218 // IDP response info ID 1219 public String RES_INFO_ID = "resInfoID"; 1220 1221 // Default query parameter to use for RelayState if 1222 // RelayState is no specified and if RelayState cannot 1223 // be obtained from query parameters list specified in 1224 // RelayStateAlias 1225 1226 public String GOTO = "goto"; 1227 1228 // Delimiter for values of multi-valued property set in SSO token 1229 public char DELIMITER = '|'; 1230 1231 // Escape string for the <code>DELIMITER</code> contained in the values 1232 // of multi-valued property set in SSO token 1233 public String ESCAPE_DELIMITER = "|"; 1234 1235 /** 1236 * Namespace declaration for XML Encryption 1237 */ 1238 public String NS_XMLENC = "http://www.w3.org/2001/04/xmlenc#"; 1239 1240 /** 1241 * Namespace declaration for XML Digital Signature 1242 */ 1243 public String NS_XMLSIG = "http://www.w3.org/2000/09/xmldsig#"; 1244 1245 /** 1246 * Want XACML Authorization Decision Query Signed. 1247 */ 1248 String WANT_XACML_AUTHZ_DECISION_QUERY_SIGNED = 1249 "wantXACMLAuthzDecisionQuerySigned"; 1250 1251 /** 1252 * Want Authorization Decision Response Signed. 1253 */ 1254 String WANT_XACML_AUTHZ_DECISION_RESPONSED_SIGNED = 1255 "wantXACMLAuthzDecisionResponseSigned"; 1256 1257 /** 1258 * Generate Discovery Bootstrapping 1259 */ 1260 public String DISCO_BOOTSTRAPPING_ENABLED = 1261 "discoveryBootstrappingEnabled"; 1262 1263 /** 1264 * Constant for Response Artifact message encoding property 1265 */ 1266 public String RESPONSE_ARTIFACT_MESSAGE_ENCODING = 1267 "responseArtifactMessageEncoding"; 1268 1269 /** 1270 * URI encoding 1271 */ 1272 public String URI_ENCODING = "URI"; 1273 1274 /** 1275 * FORM encoding 1276 */ 1277 public String FORM_ENCODING = "FORM"; 1278 1279 /** 1280 * Cache Assertion 1281 */ 1282 public String ASSERTION_CACHE_ENABLED = 1283 "assertionCacheEnabled"; 1284 1285 /** 1286 * Attribute name format for ID-WSF 1.1 Discovery bootstrap 1287 */ 1288 public String DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME_FORMAT = 1289 "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"; 1290 1291 /** 1292 * Attribute name for ID-WSF 1.1 Discovery bootstrap 1293 */ 1294 public String DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME = 1295 "urn:liberty:disco:2003-08:DiscoveryResourceOffering"; 1296 1297 /** 1298 * Constant for Discovery bootstrap credentials SSO token 1299 * property 1300 */ 1301 public String DISCOVERY_BOOTSTRAP_CREDENTIALS = 1302 "DiscoveryBootstrapCrendentials"; 1303 1304 /** 1305 * XML Schema Instance namespace URI 1306 */ 1307 public String NS_XSI = 1308 "http://www.w3.org/2001/XMLSchema-instance"; 1309 1310 /** 1311 * String used to declare XML Schema Instance namespace. 1312 */ 1313 public String XSI_DECLARE_STR = 1314 "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\""; 1315 1316 /** 1317 * List of SAE appliation name to encrypted secret mapping. 1318 */ 1319 public String SAE_APP_SECRET_LIST = "saeAppSecretList"; 1320 1321 /** 1322 * List of valid Relay State Urls 1323 */ 1324 public String RELAY_STATE_URL_LIST = "relayStateUrlList"; 1325 1326 /** 1327 * IDP SAE endpoint url. 1328 */ 1329 public String SAE_IDP_URL = "saeIDPUrl"; 1330 1331 /** 1332 * SP SAE endpoint url. 1333 */ 1334 public String SAE_SP_URL = "saeSPUrl"; 1335 1336 /** 1337 * SP SAE logout url. 1338 */ 1339 public String SAE_SP_LOGOUT_URL = "saeSPLogoutUrl"; 1340 1341 /** 1342 * SAE : Extended meta param : SPApp url 1343 */ 1344 public String SAE_XMETA_URL = "url"; 1345 1346 /** 1347 * SAE : Extended meta param : shared secret for symmetric crypto 1348 */ 1349 public String SAE_XMETA_SECRET = "secret"; 1350 1351 /** 1352 * SAE : Derived from SAML2 meta 1353 */ 1354 public String SAE_XMETA_PKEY_ALIAS = "privatekeyalias"; 1355 1356 /** 1357 * HTTP parameters that will be passed to SAE auth modules. 1358 */ 1359 public String SAE_REALM = "realm"; 1360 public String SAE_IDP_ENTITYID = "idpEntityID"; 1361 public String SAE_IDPAPP_URL = "idpAppUrl"; 1362 1363 /** 1364 * Enable IDP Proxy 1365 */ 1366 public String ENABLE_IDP_PROXY = "enableIDPProxy"; 1367 1368 /** 1369 * Always proxy the Authn Request 1370 */ 1371 public String ALWAYS_IDP_PROXY = "alwaysIdpProxy"; 1372 1373 /** 1374 *IDP Proxy Name List 1375 */ 1376 public String IDP_PROXY_LIST = "idpProxyList"; 1377 1378 /** 1379 * IDP Proxy Count 1380 */ 1381 public String IDP_PROXY_COUNT = "idpProxyCount"; 1382 1383 /** 1384 * Use Introduction for IDP Proxy 1385 */ 1386 public String USE_INTRODUCTION_FOR_IDP_PROXY = 1387 "useIntroductionForIDPProxy"; 1388 1389 /** 1390 * Idp finder URL 1391 */ 1392 public String IDP_FINDER_URL ="/idpfinder"; 1393 1394 /** 1395 * IDP Proxy finder name 1396 */ 1397 public String IDP_PROXY_FINDER_NAME = 1398 "com.sun.identity.saml2.idpproxy"; 1399 1400 /** 1401 * Default class name of IDP Proxy finder 1402 */ 1403 public String DEFAULT_IDP_PROXY_FINDER = 1404 "com.sun.identity.saml2.plugins.SAML2IDPProxyImpl"; 1405 1406 /** 1407 * IDP Proxy finder attribute name in the IDP Extended metadata 1408 */ 1409 public String IDP_PROXY_FINDER_ATTR_NAME = "idpProxyFinder"; 1410 1411 /** 1412 * IDP Proxy finder implmentation classe attribute name 1413 * in the IDP Extended metadata 1414 */ 1415 public static final String PROXY_IDP_FINDER_CLASS = "proxyIDPFinderClass"; 1416 1417 /** 1418 * Flag to indicate if the IdP must enable the IdP Finder 1419 * This is the name of the attribute flag in the IDP Extended metadata 1420 */ 1421 public static final String ENABLE_PROXY_IDP_FINDER_FOR_ALL_SPS = 1422 "enableProxyIDPFinderForAllSPs"; 1423 1424 /** 1425 * Attribute Name in the extended metadata that takes the value of 1426 * the JSP that will present the list of IdPs to the user 1427 */ 1428 public static final String PROXY_IDP_FINDER_JSP = 1429 "proxyIDPFinderJSP"; 1430 1431 /** 1432 * Default IDP Proxy Finder JSP 1433 */ 1434 public static final String DEFAULT_PROXY_IDP_FINDER = "proxyidpfinder.jsp"; 1435 1436 /** 1437 * IDP Adapter class attribute name 1438 */ 1439 public static final String IDP_ADAPTER_CLASS = "idpAdapter"; 1440 1441 /** 1442 * Default IDP Adapter class 1443 */ 1444 public static final String DEFAULT_IDP_ADAPTER = "com.sun.identity.saml2.plugins.DefaultIDPAdapter"; 1445 1446 /** 1447 * Key used to save IDP Session in a map 1448 */ 1449 public String IDP_SESSION = "IDPSESSION"; 1450 1451 /** 1452 * Key used to save session partners in a map 1453 */ 1454 public String PARTNERS = "PARTNERS"; 1455 1456 /** 1457 * String used to declare ECP namespace prefix. 1458 */ 1459 public static final String ECP_PREFIX = "ecp:"; 1460 1461 /** 1462 * ECP namespace URI. 1463 */ 1464 public static final String ECP_NAMESPACE = 1465 "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"; 1466 1467 /** 1468 * String used to declare ECP namespace. 1469 */ 1470 public static final String ECP_DECLARE_STR = 1471 "xmlns:ecp=\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\""; 1472 1473 /** 1474 * Constant for ECP end tag 1475 */ 1476 public static final String ECP_END_TAG="</ecp:"; 1477 1478 /** 1479 * ECP service name in PAOS header 1480 */ 1481 public static final String PAOS_ECP_SERVICE = 1482 "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"; 1483 1484 /** 1485 * String used to declare SOAP envelope namespace prefix. 1486 */ 1487 public static final String SOAP_ENV_PREFIX = "soap-env:"; 1488 1489 /** 1490 * SOAP envelope namespace URI. 1491 */ 1492 public static final String SOAP_ENV_NAMESPACE = 1493 "http://schemas.xmlsoap.org/soap/envelope/"; 1494 1495 /** 1496 * String used to declare SOAP envelope namespace. 1497 */ 1498 public static final String SOAP_ENV_DECLARE_STR = 1499 "xmlns:soap-env=\"http://schemas.xmlsoap.org/soap/envelope/\""; 1500 1501 /** 1502 * SOAP actor. 1503 */ 1504 public static final String SOAP_ACTOR_NEXT = 1505 "http://schemas.xmlsoap.org/soap/actor/next"; 1506 1507 /** 1508 * Check Certificate status 1509 */ 1510 public static final String CHECK_SAML2_CERTIFICATE_STATUS = 1511 "com.sun.identity.saml2.crl.check"; 1512 1513 /** 1514 * Check CA Certificate status 1515 */ 1516 public static final String CHECK_SAML2_CA_STATUS = 1517 "com.sun.identity.saml2.crl.check.ca"; 1518 1519 /** 1520 * Wild card to indicate mapping any attribute name as it is in 1521 * the Assertion 1522 */ 1523 public String ATTR_WILD_CARD = "*"; 1524 1525 /** 1526 * Key name for Response object 1527 */ 1528 public String RESPONSE = "Response"; 1529 1530 /** 1531 * Key name for Assertion object 1532 */ 1533 public String ASSERTION = "Assertion"; 1534 1535 /** 1536 * One Time Use. 1537 */ 1538 public String ONETIME="ONE"; 1539 /** 1540 * Is Bearer assertion 1541 */ 1542 public String IS_BEARER="isBearer"; 1543 1544 /** 1545 * String to represent the logout url for external application. 1546 * SAML2 component will send request to the external logout URL 1547 * using back channel HTTP POST mechanism. 1548 * This is used when the single logout is initiated from remote party 1549 * (SP or IDP). 1550 */ 1551 public String APP_LOGOUT_URL = "appLogoutUrl"; 1552 1553 /** 1554 * URL parameter name in external application logout URL for requesting 1555 * user session property. Value is a session property name whose 1556 * value will be posted to application as http header and content for its 1557 * logout use. 1558 */ 1559 public String APP_SESSION_PROPERTY = "appsessionproperty"; 1560 1561 /** 1562 * IDP Session Synchronize Enabled 1563 */ 1564 public String IDP_SESSION_SYNC_ENABLED = 1565 "idpSessionSyncEnabled"; 1566 1567 /** 1568 * SP Session Synchronize Enabled 1569 */ 1570 public String SP_SESSION_SYNC_ENABLED = 1571 "spSessionSyncEnabled"; 1572 1573 /** 1574 * Map key used in fedlet case to specify federation info key. 1575 */ 1576 public String INFO_KEY = "infoKey"; 1577 1578 /** 1579 * Single Sign-On service. 1580 */ 1581 public String SSO_SERVICE = "sso"; 1582 1583 /** 1584 * NameIDMapping service. 1585 */ 1586 public String NAMEID_MAPPING_SERVICE = "nip"; 1587 1588 /** 1589 * AssertionIDRequest service. 1590 */ 1591 public String ASSERTION_ID_REQUEST_SERVICE = "air"; 1592 1593 /** 1594 * ArtifactResolution service. 1595 */ 1596 public String ARTIFACT_RESOLUTION_SERVICE = "ars"; 1597 1598 /** 1599 * SingleLogout service. 1600 */ 1601 public String SLO_SERVICE = "slo"; 1602 1603 /** 1604 * ManageNameID service. 1605 */ 1606 public String MNI_SERVICE = "mni"; 1607 1608 /** 1609 * AssertionConsumer service. 1610 */ 1611 public String ACS_SERVICE = "acs"; 1612 1613 /** 1614 * Map key used in SLO request redirect code 1615 */ 1616 public static final String AM_REDIRECT_URL = "AM_REDIRECT_URL"; 1617 1618 /** 1619 * Map key used in SLO request redirect code 1620 */ 1621 public static final String OUTPUT_DATA = "OUTPUT_DATA"; 1622 1623 public static final String RESPONSE_CODE = "RESPONSE_CODE"; 1624 1625 /** 1626 * Flag to Indicate that we do not want to write the Federation info in the local User Data Store. This flag is 1627 * set in the local/remote SP extended metadata configuration. 1628 */ 1629 public static final String SP_DO_NOT_WRITE_FEDERATION_INFO = "spDoNotWriteFederationInfo"; 1630 1631 /** 1632 * Flag to indicate that we do not want to write the federation info in the IdP's local User Data Store. This flag 1633 * is set in the local IdP extended metadata configuration. 1634 */ 1635 String IDP_DISABLE_NAMEID_PERSISTENCE = "idpDisableNameIDPersistence"; 1636 1637 /** 1638 * Property to determine whether SAML SP Decryption Debug mode has been enabled. 1639 */ 1640 String SAML_DECRYPTION_DEBUG_MODE = "openam.saml.decryption.debug.mode"; 1641 1642 /** 1643 * Property name used to store the remote IdP's SAML response as an attribute of the HttpServletRequest. 1644 */ 1645 String SAML_PROXY_IDP_RESPONSE_KEY = "openam.saml.idpproxy.idp.response"; 1646 1647 /** 1648 * property name used to store whether or not saml single logout in enabled. 1649 */ 1650 String SINGLE_LOGOUT = "openam.saml.singlelogout.enabled"; 1651 1652 /** 1653 * Default Value for the SAML2 Server Port 1654 */ 1655 int DEFAULT_SERVER_PORT = 18080; 1656 1657 /** 1658 * Attribute to be configured in SPSSOConfig for Audience elements. 1659 */ 1660 public String AUDIENCE_URI = "audienceUri"; 1661}