001/* 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: SAML2Constants.java,v 1.44 2009/11/24 21:53:02 madan_ranganath Exp $ 026 * 027 * Portions Copyrighted 2010-2015 ForgeRock AS. 028 */ 029package com.sun.identity.saml2.common; 030 031import com.sun.identity.cot.COTConstants; 032 033/** 034 * This interface defines constants common to all SAMLv2 elements. 035 * 036 * @supported.all.api 037 */ 038public interface SAML2Constants { 039 040 /** 041 * XML name space URI 042 */ 043 public String NS_XML = "http://www.w3.org/2000/xmlns/"; 044 045 /** 046 * String used to declare SAMLv2 assertion namespace prefix. 047 */ 048 public String ASSERTION_PREFIX = "saml:"; 049 050 /** 051 * String used to declare SAMLv2 assertion namespace. 052 */ 053 public String ASSERTION_DECLARE_STR = 054 " xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\""; 055 056 /** 057 * SAMLv2 assertion namespace URI. 058 */ 059 public String ASSERTION_NAMESPACE_URI = 060 "urn:oasis:names:tc:SAML:2.0:assertion"; 061 062 /** 063 * Default namespace attribute for <code>Action</code>. 064 */ 065 public String ACTION_NAMESPACE_NEGATION = 066 "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation"; 067 068 /** 069 * String used to declare SAMLv2 protocol namespace prefix. 070 */ 071 public String PROTOCOL_PREFIX = "samlp:"; 072 073 /** 074 * String used to declare SAMLv2 protocol namespace. 075 */ 076 public String PROTOCOL_NAMESPACE = "urn:oasis:names:tc:SAML:2.0:protocol"; 077 078 /** 079 * String used to declare SAMLv2 protocol namespace. 080 */ 081 public String PROTOCOL_DECLARE_STR = 082 " xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\""; 083 084 /** 085 * String used to represent HTTP Redirect Binding. 086 */ 087 public String HTTP_REDIRECT = 088 "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"; 089 090 /** 091 * String used to represent SOAP Binding. 092 */ 093 public String SOAP = 094 "urn:oasis:names:tc:SAML:2.0:bindings:SOAP"; 095 096 /** 097 * String used to represent PAOS Binding. 098 */ 099 public static final String PAOS = 100 "urn:oasis:names:tc:SAML:2.0:bindings:PAOS"; 101 102 /** 103 * String used to represent HTTP POST Binding. 104 */ 105 public String HTTP_POST = 106 "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"; 107 108 /** 109 * String used to represent HTTP ARTIFACT Binding. 110 */ 111 public String HTTP_ARTIFACT = 112 "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"; 113 114 /** 115 * String used to represent URI Binding. 116 */ 117 public String URI = 118 "urn:oasis:names:tc:SAML:2.0:bindings:URI"; 119 120 /** 121 * String to represent Name Identifier Format name space 122 */ 123 public String NAMEID_FORMAT_NAMESPACE= 124 "urn:oasis:names:tc:SAML:2.0:nameid-format:"; 125 126 /** 127 * String to represent Name Identifier Format name space 128 * version 1.1 129 */ 130 public static final String NAMEID_FORMAT_NAMESPACE_V_1_1= 131 "urn:oasis:names:tc:SAML:1.1:nameid-format:"; 132 133 /** 134 * String to represent Encrypted Format Name Identifier 135 */ 136 public String ENCRYPTED = 137 NAMEID_FORMAT_NAMESPACE + "encrypted"; 138 139 140 /** 141 * String to represent Persitent Name Identifier 142 */ 143 public String PERSISTENT = 144 NAMEID_FORMAT_NAMESPACE + "persistent"; 145 146 /** 147 * String to represent Unspecified Name Identifier 148 */ 149 public String UNSPECIFIED = 150 NAMEID_FORMAT_NAMESPACE_V_1_1 + "unspecified"; 151 152 /** 153 * String to represent Email Address Name Identifier 154 */ 155 public String EMAIL_ADDRESS = 156 NAMEID_FORMAT_NAMESPACE_V_1_1 + "emailAddress"; 157 158 /** 159 * String to represent Entity Name Identifier 160 */ 161 public String ENTITY = 162 NAMEID_FORMAT_NAMESPACE + "entity"; 163 164 /** 165 * String to represent X509 Subejct Name Identifier 166 */ 167 public String X509_SUBJECT_NAME = 168 NAMEID_FORMAT_NAMESPACE_V_1_1 + "X509SubjectName"; 169 170 /** 171 * String to represent Windows Domain Qualified Name Identifier 172 */ 173 public String WINDOWS_DOMAIN_QUALIFIED_NAME = 174 NAMEID_FORMAT_NAMESPACE_V_1_1 + "WindowsDomainQualifiedName"; 175 176 /** 177 * String to represent Kerberos Principal Name Identifier 178 */ 179 public String KERBEROS_PRINCIPAL_NAME = 180 NAMEID_FORMAT_NAMESPACE + "kerberos"; 181 182 /** 183 * String to represent the authentication service url 184 */ 185 public String AUTH_URL = "AuthUrl"; 186 187 /** 188 * Used when the SAML endpoints are RP'd to a non-server/site URL, typically 189 * to DAS 190 */ 191 public String RP_URL = "RpUrl"; 192 193 /** 194 * Strings represent primitive top-level StatusCode values 195 */ 196 public String SUCCESS = 197 "urn:oasis:names:tc:SAML:2.0:status:Success"; 198 199 public String REQUESTER = 200 "urn:oasis:names:tc:SAML:2.0:status:Requester"; 201 202 public String RESPONDER = 203 "urn:oasis:names:tc:SAML:2.0:status:Responder"; 204 205 public String NOPASSIVE = 206 "urn:oasis:names:tc:SAML:2.0:status:NoPassive"; 207 208 public String VERSION_MISMATCH = 209 "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"; 210 211 public String UNKNOWN_PRINCIPAL = 212 "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal"; 213 214 public String AUTHN_FAILED = 215 "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"; 216 217 public String INVALID_ATTR_NAME_OR_VALUE = 218 "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue"; 219 220 public String INVALID_NAME_ID_POLICY = 221 "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy"; 222 223 public String NO_AUTHN_CONTEXT = 224 "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext"; 225 226 /** 227 * Basic name format 228 */ 229 public String BASIC_NAME_FORMAT = 230 "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"; 231 232 /** 233 * Basic attribute profile 234 */ 235 public String BASIC_ATTRIBUTE_PROFILE = 236 "urn:oasis:names:tc:SAML:2.0:profiles:attribute:basic"; 237 238 /** 239 * Attribute Query default profile 240 */ 241 public static final String DEFAULT_ATTR_QUERY_PROFILE = 242 "urn:oasis:names:tc:SAML:2.0:profiles:query"; 243 244 /** 245 * Attribute Query x509 Subject profile 246 */ 247 public static final String X509_SUBJECT_ATTR_QUERY_PROFILE = 248 "urn:oasis:names:tc:SAML:2.0:profiles:query:attribute:X509"; 249 250 /** 251 * Attribute Query default profile alias 252 */ 253 public static final String DEFAULT_ATTR_QUERY_PROFILE_ALIAS = 254 "default"; 255 256 /** 257 * Attribute Query x509 Subject profile alias 258 */ 259 public static final String X509_SUBJECT_ATTR_QUERY_PROFILE_ALIAS = 260 "x509Subject"; 261 262 /** 263 * Strings represent subject confirmation methods 264 */ 265 public String SUBJECT_CONFIRMATION_METHOD_BEARER = 266 "urn:oasis:names:tc:SAML:2.0:cm:bearer"; 267 268 /** 269 * Confirmation method for holder of key 270 */ 271 public String SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY = 272 "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"; 273 274 /** 275 * Confirmation method for sender vouches 276 */ 277 public String SUBJECT_CONFIRMATION_METHOD_SENDER_VOUCHES = 278 "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"; 279 280 /** 281 * Session Property name indicating if response is redirected or not 282 */ 283 public String RESPONSE_REDIRECTED = "SAML2ResponseRedirected"; 284 285 /** 286 * Length for SAMLv2 IDs. 287 */ 288 public int ID_LENGTH = 20; 289 290 /** 291 * SAMLv2 Version String 292 */ 293 public String VERSION_2_0 = "2.0"; 294 295 /** 296 * SAMLRequest query parameter name 297 */ 298 public String SAML_REQUEST = "SAMLRequest"; 299 300 /** 301 * SAMLResponse query parameter name 302 */ 303 public String SAML_RESPONSE = "SAMLResponse"; 304 305 306 /** 307 * Maximum value of unsigned integer/short type. 308 */ 309 public int MAX_INT_VALUE=65535; 310 311 /** 312 * Start Tag for XML String 313 */ 314 public String START_TAG="<"; 315 /** 316 * End Tag for XML String 317 */ 318 public String END_TAG =">"; 319 320 /** 321 * Constant for space 322 */ 323 public String SPACE=" "; 324 /** 325 * Constant for equal 326 */ 327 public String EQUAL= "="; 328 329 /** 330 * Constant for quote 331 */ 332 public String QUOTE = "\""; 333 334 /** 335 * Constant for newline 336 */ 337 public String NEWLINE= "\n"; 338 339 /** 340 * Constant for xml name space 341 */ 342 public String NAMESPACE_PREFIX="xmlns"; 343 344 /** 345 * Constant for SAML2 end tag 346 */ 347 public String SAML2_END_TAG="</samlp:"; 348 349 /** 350 * Constant for AuthnRequest 351 */ 352 public String AUTHNREQUEST="AuthnRequest"; 353 354 /** 355 * Constant for LogoutRequest 356 */ 357 public String LOGOUT_REQUEST="LogoutRequest"; 358 359 /** 360 * Constant for LogoutResponse 361 */ 362 public String LOGOUT_RESPONSE="LogoutResponse"; 363 364 /** 365 * Constant for AssertionIDRequest 366 */ 367 public String ASSERTION_ID_REQUEST = "AssertionIDRequest"; 368 369 /** 370 * Constant for AttributeQuery 371 */ 372 public String ATTRIBUTE_QUERY = "AttributeQuery"; 373 374 /** 375 * Constant for AuthnQuery 376 */ 377 public String AUTHN_QUERY = "AuthnQuery"; 378 379 /** 380 * Constant for NameIDMappingRequest 381 */ 382 public String NAME_ID_MAPPING_REQUEST = "NameIDMappingRequest"; 383 384 /** 385 * Constant for NameIDMappingResponse 386 */ 387 public String NAME_ID_MAPPING_RESPONSE = "NameIDMappingResponse"; 388 389 /** 390 * Constant for AssertionIDRef 391 */ 392 public String ASSERTION_ID_REF = "AssertionIDRef"; 393 394 /** 395 * Constant for Attribute 396 */ 397 public String ATTRIBUTE="Attribute"; 398 399 /** 400 * Constant for SessionIndex 401 */ 402 public String SESSION_INDEX="SessionIndex"; 403 404 /** 405 * Constant for BaseID 406 */ 407 public String BASEID="BaseID"; 408 409 /** 410 * Constant for NameID 411 */ 412 public String NAMEID="NameID"; 413 414 /** 415 * Constant for EncryptedID 416 */ 417 public String ENCRYPTEDID="EncryptedID"; 418 419 /** 420 * Constant for Reason 421 */ 422 public String REASON="Reason"; 423 424 /** 425 * Constant for NotOnOrAfter 426 */ 427 public String NOTONORAFTER="NotOnOrAfter"; 428 429 /** 430 * Constant for NotOnOrAfter 431 */ 432 public String NOTBEFORE="NotBefore"; 433 434 /** 435 * Constant for InResponseTo 436 */ 437 public String INRESPONSETO="InResponseTo"; 438 439 /** 440 * Constant for ID 441 */ 442 public String ID="ID"; 443 444 445 /** 446 * Constant for Version 447 */ 448 public String VERSION="Version"; 449 450 451 /** 452 * Constant for IssueInstant 453 */ 454 public String ISSUE_INSTANT="IssueInstant"; 455 456 /** 457 * Constant for Destination 458 */ 459 public String DESTINATION="Destination"; 460 461 /** 462 * Constant for Value 463 */ 464 public String VALUE="Value"; 465 466 /** 467 * Constant for Destination 468 */ 469 public String CONSENT="Consent"; 470 471 /** 472 * Constant for Issuer 473 */ 474 public String ISSUER="Issuer"; 475 476 477 /** 478 * Constant for Signature 479 */ 480 public String SIGNATURE="Signature"; 481 482 /** 483 * Constant for forceAuthn attribute 484 */ 485 public String FORCEAUTHN="ForceAuthn"; 486 487 /** 488 * Constant for IsPassive attribute 489 */ 490 public String ISPASSIVE="IsPassive"; 491 492 /** 493 * Constant for AllowCreate attribute 494 */ 495 public String ALLOWCREATE="AllowCreate"; 496 497 /** 498 * Constant for ProtocolBinding attribute 499 */ 500 public String PROTOBINDING="ProtocolBinding"; 501 502 /** 503 * Constant for mustUnderstand attribute 504 */ 505 public static final String MUST_UNDERSTAND = "mustUnderstand"; 506 507 /** 508 * Constant for actor attribute 509 */ 510 public static final String ACTOR = "actor"; 511 512 /** 513 * Constant for Binding parameter name 514 */ 515 public String BINDING="binding"; 516 517 /** 518 * Constant for reqBinding parameter name 519 */ 520 public String REQ_BINDING = "reqBinding"; 521 522 /** 523 * Constant for affiliationID parameter name 524 */ 525 public String AFFILIATION_ID = "affiliationID"; 526 527 /** 528 * Constant for Binding namespace 529 */ 530 public String BINDING_PREFIX = 531 "urn:oasis:names:tc:SAML:2.0:bindings:"; 532 533 /** 534 * Constant for AssertionConsumerServiceIndex attribute 535 */ 536 public String ASSERTION_CONSUMER_SVC_INDEX= 537 "AssertionConsumerServiceIndex"; 538 /** 539 * Constant for AssertionConsumerServiceURL attribute 540 */ 541 public String ASSERTION_CONSUMER_SVC_URL= 542 "AssertionConsumerServiceURL"; 543 /** 544 * Constant for AttributeConsumingServiceIndex attribute 545 */ 546 public String ATTR_CONSUMING_SVC_INDEX= 547 "AttributeConsumingServiceIndex"; 548 /** 549 * Constant for ProviderName attribute 550 */ 551 public String PROVIDER_NAME="ProviderName"; 552 553 /** 554 * Constant for Subject Element 555 */ 556 public String SUBJECT="Subject"; 557 558 /** 559 * Constant for AuthnRequest object 560 */ 561 public String AUTHN_REQUEST = "AuthnRequest"; 562 563 /** 564 * Constant for NameIDPolicy Element 565 */ 566 public String NAMEID_POLICY="NameIDPolicy"; 567 568 /** 569 * Constant for Conditions Element. 570 */ 571 public String CONDITIONS="Conditions"; 572 573 /** 574 * Constant for RequestedAuthnContext Element. 575 */ 576 public String REQ_AUTHN_CONTEXT="RequestedAuthnContext"; 577 578 /** 579 * Constant for Comparison Attribute 580 */ 581 public String COMPARISON ="Comparison"; 582 583 /** 584 * Constant for Scoping Element. 585 */ 586 public String SCOPING="Scoping"; 587 588 /** 589 * Constant for Extensions Element. 590 */ 591 public String EXTENSIONS="Extensions"; 592 593 /** 594 * Constant for StatusDetail Element. 595 */ 596 public String STATUS_DETAIL="StatusDetail"; 597 598 /** 599 * Constant for StatusCode Element. 600 */ 601 public String STATUS_CODE="StatusCode"; 602 603 /** 604 * Constant for Status Element. 605 */ 606 public String STATUS="Status"; 607 608 /** 609 * Constant for StatusMessage Element. 610 */ 611 public String STATUS_MESSAGE="StatusMessage"; 612 613 /** 614 * Constant for GetComplete Element. 615 */ 616 public String GETCOMPLETE="GetComplete"; 617 618 /** 619 * Constant for IDPEntry Element. 620 */ 621 public String IDPENTRY="IDPEntry"; 622 623 /** 624 * Constant for IDPList Element. 625 */ 626 public String IDPLIST="IDPList"; 627 628 /** 629 * Constant for NameIDPolicy Element. 630 */ 631 public String NAMEIDPOLICY="NameIDPolicy"; 632 633 /** 634 * Constant for RequesterID Element. 635 */ 636 public String REQUESTERID="RequesterID"; 637 638 // for SAMLPOSTProfileServlet 639 public String SOURCE_SITE_SOAP_ENTRY = "sourceSite"; 640 public String POST_ASSERTION = "assertion"; 641 public String CLEANUP_INTERVAL_NAME = 642 "iplanet-am-saml-cleanup-interval"; 643 644 /** 645 * NameID info attribute. 646 */ 647 public String NAMEID_INFO = "sun-fm-saml2-nameid-info"; 648 649 /** 650 * NameID info key attribute. 651 */ 652 public String NAMEID_INFO_KEY = "sun-fm-saml2-nameid-infokey"; 653 654 /** 655 * SAML2 data store provider name. 656 */ 657 public String SAML2 = "saml2"; 658 659 /** 660 * Auto federation attribute. 661 */ 662 public String AUTO_FED_ATTRIBUTE = 663 "autofedAttribute"; 664 665 /** 666 * Auto federation enable attribute. 667 */ 668 public String AUTO_FED_ENABLED = 669 "autofedEnabled"; 670 671 /** 672 * Transient federation users. 673 */ 674 public String TRANSIENT_FED_USER = 675 "transientUser"; 676 677 public String NAMEID_TRANSIENT_FORMAT = 678 NAMEID_FORMAT_NAMESPACE + "transient"; 679 680 /** 681 * certficate alias attribute. 682 */ 683 public String CERT_ALIAS = "sun-fm-saml2-cert-alias"; 684 685 /** 686 * NameID format map configuration. 687 */ 688 public String NAME_ID_FORMAT_MAP = "nameIDFormatMap"; 689 690 /** 691 * Attribute map configuration. 692 */ 693 public String ATTRIBUTE_MAP = "attributeMap"; 694 695 /** 696 * Service provider adapter implementation class 697 */ 698 public String SP_ADAPTER_CLASS = "spAdapter"; 699 700 /** 701 * Environment (attribute/value pair) for Service provider adapter 702 * implementation class. Those variables will be passed down as 703 * Map to the implementation class for initialization. 704 */ 705 public String SP_ADAPTER_ENV = "spAdapterEnv"; 706 707 /** 708 * Fedlet adapter implementation class. 709 */ 710 public String FEDLET_ADAPTER_CLASS = "fedletAdapter"; 711 712 /** 713 * Environment (attribute/value pair) for fedlet adapter 714 * implementation class. Those variables will be passed down as 715 * Map to the implementation class for initialization. 716 */ 717 public String FEDLET_ADAPTER_ENV = "fedletAdapterEnv"; 718 719 /** 720 * Service provider account mapper. 721 */ 722 public String SP_ACCOUNT_MAPPER = 723 "spAccountMapper"; 724 725 /** 726 * Use NameID value as local user ID in service provider account mapper. 727 */ 728 public String USE_NAMEID_AS_SP_USERID = "useNameIDAsSPUserID"; 729 730 /** 731 * Service provider attribute mapper. 732 */ 733 public String SP_ATTRIBUTE_MAPPER = 734 "spAttributeMapper"; 735 736 /** 737 * Identity provider account mapper. 738 */ 739 public String IDP_ACCOUNT_MAPPER = 740 "idpAccountMapper"; 741 742 /** 743 * Identity provider attribute mapper. 744 */ 745 public String IDP_ATTRIBUTE_MAPPER = 746 "idpAttributeMapper"; 747 748 /** 749 * Attribute authority mapper. 750 */ 751 public String ATTRIBUTE_AUTHORITY_MAPPER = 752 "attributeAuthorityMapper"; 753 754 /** 755 * Assertion ID request mapper. 756 */ 757 public String ASSERTION_ID_REQUEST_MAPPER = 758 "assertionIDRequestMapper"; 759 760 /** 761 * RelayState Parameter 762 */ 763 public String RELAY_STATE="RelayState"; 764 765 /** 766 * RelayState Alias Parameter 767 */ 768 public String RELAY_STATE_ALIAS="RelayStateAlias"; 769 770 /** 771 * Realm Parameter 772 */ 773 public String REALM="realm"; 774 775 /** 776 * AssertionConsumerServiceIndex Parameter 777 */ 778 public String ACS_URL_INDEX="AssertionConsumerServiceIndex"; 779 780 /** 781 * AttributeConsumingServiceIndex Parameter 782 */ 783 public String ATTR_INDEX="AttributeConsumingServiceIndex"; 784 785 /** 786 * NameIDPolicy Format Identifier Parameter 787 */ 788 public String NAMEID_POLICY_FORMAT="NameIDFormat"; 789 790 /** 791 * True Value String 792 */ 793 public String TRUE="true"; 794 795 /** 796 * False Value String 797 */ 798 public String FALSE="false"; 799 800 public String AUTH_LEVEL="AuthLevel"; 801 public String ORGANIZATION = "Organization"; 802 public String AUTH_LEVEL_ATTR="sunFMAuthContextComparison"; 803 public String AUTH_TYPE="authType"; 804 public String AUTH_LEVEL_ADVICE = "sunamcompositeadvice"; 805 806 public String AUTH_TYPE_ATTR ="sunFMAuthContextType"; 807 808 public String DECLARE_REF_AUTH_TYPE = "AuthContextDeclareRef"; 809 public String CLASS_REF_AUTH_TYPE = "AuthContextClassRef"; 810 811 public String AUTH_CONTEXT_DECL_REF ="AuthContextDeclRef"; 812 public String AUTH_CONTEXT_DECL_REF_ATTR 813 ="sunFMAuthContextDeclareRef"; 814 815 public String AUTH_CONTEXT_CLASS_REF ="AuthnContextClassRef"; 816 817 public String AUTH_CONTEXT_CLASS_REF_ATTR 818 ="sunFMAuthContextClassRef"; 819 820 /** 821 * Parameter name for SAML artifact in http request. 822 */ 823 public String SAML_ART = "SAMLart"; 824 825 /** 826 * Service Provider Role 827 */ 828 public String SP_ROLE = "SPRole"; 829 830 /** 831 * Identity Provider Role 832 */ 833 public String IDP_ROLE = "IDPRole"; 834 835 /** 836 * Constant value for entity acting as both SP and IDP role. 837 */ 838 public String DUAL_ROLE ="DualRole"; 839 840 841 /** 842 * Policy Decision Point Role 843 */ 844 String PDP_ROLE = "PDPRole"; 845 846 /** 847 * Policy Enforcement Point Role 848 */ 849 String PEP_ROLE = "PEPRole"; 850 851 /** 852 * Attribute Authority Role 853 */ 854 String ATTR_AUTH_ROLE = "AttrAuthRole"; 855 856 /** 857 * Attribute Query Role 858 */ 859 String ATTR_QUERY_ROLE = "AttrQueryRole"; 860 861 /** 862 * Authentication Authority Role 863 */ 864 String AUTHN_AUTH_ROLE = "AuthnAuthRole"; 865 866 /** 867 * Unknown Role 868 */ 869 public String UNKNOWN_ROLE = "UNKNOWN"; 870 871 872 /** 873 * Attribute to be configured in SPSSOConfig for SAML2 authentication 874 * module instance name. 875 */ 876 public String AUTH_MODULE_NAME = "saml2AuthModuleName"; 877 878 /** 879 * Attribute to be configured in SPSSOConfig for local authentication url. 880 */ 881 public String LOCAL_AUTH_URL = "localAuthURL"; 882 883 /** 884 * Attribute to be configured in SPSSOConfig for intermediate url. 885 */ 886 public String INTERMEDIATE_URL = "intermediateUrl"; 887 888 /** 889 * Attribute to be configure in SPSSOConfig for default relay state url. 890 */ 891 public String DEFAULT_RELAY_STATE = "defaultRelayState"; 892 893 /** 894 * This is an attribute in entity config for the 895 * entity description 896 */ 897 public String ENTITY_DESCRIPTION = "description"; 898 899 /** 900 * This is an attribute in entity config for the 901 * signing certificate alias 902 */ 903 public String SIGNING_CERT_ALIAS = "signingCertAlias"; 904 905 /** 906 * This is an attribute in entity config for the 907 * signing certificate encrypted keypass 908 */ 909 public String SIGNING_CERT_KEYPASS = "signingCertKeyPass"; 910 911 /** 912 * This is an attribute in entity config for the 913 * encryption certificate alias 914 */ 915 public String ENCRYPTION_CERT_ALIAS = "encryptionCertAlias"; 916 917 /** 918 * The entity role 919 */ 920 public String ROLE = "role"; 921 922 public String SIG_PROVIDER = 923 "com.sun.identity.saml2.xmlsig.SignatureProvider"; 924 925 public String ENC_PROVIDER = 926 "com.sun.identity.saml2.xmlenc.EncryptionProvider"; 927 928 /** 929 * Signing 930 */ 931 public String SIGNING = "signing"; 932 933 /** 934 * Encryption 935 */ 936 public String ENCRYPTION = "encryption"; 937 938 // Delimiter used to separate multiple NameIDKey values. 939 public String SECOND_DELIM = ";"; 940 941 /** 942 * Http request parameter used to indicate whether the intent is 943 * federation or not. Its values are "true" and "false". 944 */ 945 public String FEDERATE = "federate"; 946 947 /** xmlsig signing parameters*/ 948 public String CANONICALIZATION_METHOD = 949 "com.sun.identity.saml.xmlsig.c14nMethod"; 950 public String TRANSFORM_ALGORITHM = 951 "com.sun.identity.saml.xmlsig.transformAlg"; 952 public String XMLSIG_ALGORITHM = 953 "com.sun.identity.saml.xmlsig.xmlSigAlgorithm"; 954 /** 955 * Property name for the global default query signature algorithm for RSA keys. 956 */ 957 public String QUERY_SIGNATURE_ALGORITHM_RSA = "org.forgerock.openam.saml2.query.signature.alg.rsa"; 958 /** 959 * Property name for the global default query signature algorithm for DSA keys. 960 */ 961 public String QUERY_SIGNATURE_ALGORITHM_DSA = "org.forgerock.openam.saml2.query.signature.alg.dsa"; 962 /** 963 * Property name for the global default query signature algorithm for EC keys. 964 */ 965 public String QUERY_SIGNATURE_ALGORITHM_EC = "org.forgerock.openam.saml2.query.signature.alg.ec"; 966 public String DSA = "DSA"; 967 public String RSA = "RSA"; 968 969 public String SIG_ALG = "SigAlg"; 970 public String SHA1_WITH_DSA = "SHA1withDSA"; 971 public String SHA1_WITH_RSA = "SHA1withRSA"; 972 973 public String DEFAULT_ENCODING = "UTF-8"; 974 975 // SOAP fault code for requester error 976 public String CLIENT_FAULT = "Client"; 977 978 // SOAP fault code for responder error 979 public String SERVER_FAULT = "Server"; 980 981 public String SESSION = "session"; 982 983 // more constants defined for auth module 984 public String ASSERTIONS = "assertions"; 985 public String MAX_SESSION_TIME = "maxSessionTime"; 986 public String IN_RESPONSE_TO = "inResponseTo"; 987 988 public String SP_METAALIAS = "spMetaAlias"; 989 public String METAALIAS = "metaAlias"; 990 public String SPENTITYID = "spEntityID"; 991 public String IDPENTITYID = "idpEntityID"; 992 public String REQUESTTYPE = "requestType"; 993 994 // Encryption attributes 995 /** 996 * SP Entity Config attribute name. Used to specify whether it wants 997 * Assertion encrypted or not. 998 */ 999 public String WANT_ASSERTION_ENCRYPTED = "wantAssertionEncrypted"; 1000 1001 public String WANT_ATTRIBUTE_ENCRYPTED 1002 = "wantAttributeEncrypted"; 1003 public String WANT_NAMEID_ENCRYPTED = "wantNameIDEncrypted"; 1004 1005 // Signing attributes 1006 /** 1007 * IDP Entity Config attribute name. Used to specify whether it wants 1008 * ArtifactResolve signed or not. 1009 */ 1010 public String WANT_ARTIFACT_RESOLVE_SIGNED = "wantArtifactResolveSigned"; 1011 1012 /** 1013 * SP Entity Config attribute name. Used to specify whether it wants 1014 * ArtifactResponse signed or not. 1015 */ 1016 public String WANT_ARTIFACT_RESPONSE_SIGNED = 1017 "wantArtifactResponseSigned"; 1018 public String WANT_LOGOUT_REQUEST_SIGNED 1019 = "wantLogoutRequestSigned"; 1020 public String WANT_LOGOUT_RESPONSE_SIGNED 1021 = "wantLogoutResponseSigned"; 1022 public String WANT_MNI_REQUEST_SIGNED = "wantMNIRequestSigned"; 1023 public String WANT_MNI_RESPONSE_SIGNED 1024 = "wantMNIResponseSigned"; 1025 public String WANT_POST_RESPONSE_SIGNED = "wantPOSTResponseSigned"; 1026 1027 /** 1028 * SP Entity Config attribute name. Used to specify IDPList child element 1029 * of ECP request. 1030 */ 1031 public static final String ECP_REQUEST_IDP_LIST = 1032 "ECPRequestIDPList"; 1033 1034 /** 1035 * SP Entity Config attribute name. Used to specify an implementation class 1036 * that finds IDPList child element of ECP request. 1037 */ 1038 public static final String ECP_REQUEST_IDP_LIST_FINDER_IMPL = 1039 "ECPRequestIDPListFinderImpl"; 1040 1041 /** 1042 * SP Entity Config attribute name. Used to specify attribute 'GetComplete' 1043 * of IDPList child element of ECP request 1044 */ 1045 public static final String ECP_REQUEST_IDP_LIST_GET_COMPLETE = 1046 "ECPRequestIDPListGetComplete"; 1047 1048 /** 1049 * Attribute Authority Config attribute name. Used to specify data store 1050 * attribute name that contains X509 subject DN. 1051 */ 1052 public String X509_SUBJECT_DATA_STORE_ATTR_NAME = 1053 "x509SubjectDataStoreAttrName"; 1054 1055 /** 1056 * Constant for SAML2IDPSessionIndex SSO token property 1057 */ 1058 public String IDP_SESSION_INDEX = "SAML2IDPSessionIndex"; 1059 /** 1060 * Constant for IDPMetaAlias SSO token property 1061 */ 1062 public String IDP_META_ALIAS="IDPMetaAlias"; 1063 1064 // Basic auth for SOAP binding 1065 public String BASIC_AUTH_ON = "basicAuthOn"; 1066 public String BASIC_AUTH_USER = "basicAuthUser"; 1067 public String BASIC_AUTH_PASSWD = "basicAuthPassword"; 1068 1069 /** 1070 * Service provider AuthnContext mapper. 1071 */ 1072 public String SP_AUTHCONTEXT_MAPPER = 1073 "spAuthncontextMapper"; 1074 1075 /** 1076 * Default value for Service provider AuthnContext mapper value. 1077 */ 1078 public String DEFAULT_SP_AUTHCONTEXT_MAPPER = 1079 "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper"; 1080 1081 /** 1082 * Service provider AuthnContext Class Reference and AuthLevel Mapping. 1083 */ 1084 public String SP_AUTH_CONTEXT_CLASS_REF_ATTR= 1085 "spAuthncontextClassrefMapping"; 1086 1087 /** 1088 * Constant for AuthnContext Class Reference namespace 1089 */ 1090 public String AUTH_CTX_PREFIX = 1091 "urn:oasis:names:tc:SAML:2.0:ac:classes:"; 1092 1093 /** 1094 * Default Service provider AuthnContext Class Reference and 1095 * AuthLevel Mapping value. 1096 */ 1097 public String SP_AUTHCONTEXT_CLASSREF_VALUE= 1098 "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|0|default"; 1099 /** 1100 * Service provider AuthnContext Comparison Type attribute name. 1101 */ 1102 public String SP_AUTHCONTEXT_COMPARISON_TYPE = 1103 "spAuthncontextComparisonType"; 1104 1105 /** 1106 * Default Service provider AuthnContext Comparison Type 1107 * attribute value. 1108 */ 1109 public String SP_AUTHCONTEXT_COMPARISON_TYPE_VALUE = "exact"; 1110 1111 /** 1112 * Flag to indicate if the RequestedAuthnContext should be included in an AuthnRequest. 1113 */ 1114 public String INCLUDE_REQUESTED_AUTHN_CONTEXT = "includeRequestedAuthnContext"; 1115 1116 /** 1117 * Service provider AuthnContext Comparison Parameter Name 1118 */ 1119 public String SP_AUTHCONTEXT_COMPARISON = "AuthComparison"; 1120 1121 // Time Skew for Assertion NotOnOrAfter. In seconds. 1122 public String ASSERTION_TIME_SKEW = "assertionTimeSkew"; 1123 public int ASSERTION_TIME_SKEW_DEFAULT = 300; 1124 1125 // key for SAML2 SDK class mapping 1126 public String SDK_CLASS_MAPPING = 1127 "com.sun.identity.saml2.sdk.mapping."; 1128 1129 // Default assertion effective time in seconds 1130 public int ASSERTION_EFFECTIVE_TIME = 600; 1131 1132 // Default assertion NotBefore skew in seconds 1133 public int NOTBEFORE_ASSERTION_SKEW_DEFAULT = 600; 1134 1135 // Assertion effective time attribute name 1136 public String ASSERTION_EFFECTIVE_TIME_ATTRIBUTE = 1137 "assertionEffectiveTime"; 1138 1139 // NotBefore Assertion skew attribute name 1140 public String ASSERTION_NOTBEFORE_SKEW_ATTRIBUTE = 1141 "assertionNotBeforeTimeSkew"; 1142 1143 // IDP authn context mapper class attribute name 1144 public String IDP_AUTHNCONTEXT_MAPPER_CLASS = 1145 "idpAuthncontextMapper"; 1146 1147 // IDP ECP Session mapper class attribute name 1148 public static final String IDP_ECP_SESSION_MAPPER_CLASS = 1149 "idpECPSessionMapper"; 1150 1151 // Default IDP authn context mapper class name 1152 public String DEFAULT_IDP_AUTHNCONTEXT_MAPPER_CLASS = 1153 "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper"; 1154 1155 // Default IDP account mapper class name 1156 public String DEFAULT_IDP_ACCOUNT_MAPPER_CLASS = 1157 "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper"; 1158 1159 // Default SP account mapper class name 1160 public String DEFAULT_SP_ACCOUNT_MAPPER_CLASS = 1161 "com.sun.identity.saml2.plugins.DefaultSPAccountMapper"; 1162 1163 /** 1164 * Default SP attribute mapper class name 1165 */ 1166 public String DEFAULT_SP_ATTRIBUTE_MAPPER_CLASS = "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper"; 1167 1168 // Default IDP attribute mapper class name 1169 public String DEFAULT_IDP_ATTRIBUTE_MAPPER_CLASS = 1170 "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper"; 1171 1172 // Default Attribute Authority mapper class name 1173 public static final String DEFAULT_ATTRIBUTE_AUTHORITY_MAPPER_CLASS = 1174 "com.sun.identity.saml2.plugins.DefaultAttributeAuthorityMapper"; 1175 1176 // Default Assertion ID request mapper class name 1177 public static final String DEFAULT_ASSERTION_ID_REQUEST_MAPPER_CLASS = 1178 "com.sun.identity.saml2.plugins.DefaultAssertionIDRequestMapper"; 1179 1180 // Default IDP ECP Session mapper class name 1181 public static final String DEFAULT_IDP_ECP_SESSION_MAPPER_CLASS = 1182 "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper"; 1183 1184 // IDP authn context class reference mapping attribute name 1185 public String IDP_AUTHNCONTEXT_CLASSREF_MAPPING = 1186 "idpAuthncontextClassrefMapping"; 1187 1188 // AuthnContext Class Reference names 1189 public String CLASSREF_PASSWORD_PROTECTED_TRANSPORT = 1190 "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"; 1191 1192 // COT List 1193 public String COT_LIST = COTConstants.COT_LIST; 1194 1195 // http parameter to default.jsp 1196 public String MESSAGE = "message"; 1197 1198 // Cache Cleanup interval attribute name in AMConfig.properties. 1199 // value in seconds 1200 public String CACHE_CLEANUP_INTERVAL = 1201 "com.sun.identity.saml2.cacheCleanUpInterval"; 1202 1203 // default Cache cleanup interval in seconds 1204 public int CACHE_CLEANUP_INTERVAL_DEFAULT = 3600; 1205 1206 // IDP SLO parameter name for logout all sessions 1207 public String LOGOUT_ALL = "logoutAll"; 1208 1209 // IDP response info ID 1210 public String RES_INFO_ID = "resInfoID"; 1211 1212 // Default query parameter to use for RelayState if 1213 // RelayState is no specified and if RelayState cannot 1214 // be obtained from query parameters list specified in 1215 // RelayStateAlias 1216 1217 public String GOTO = "goto"; 1218 1219 // Delimiter for values of multi-valued property set in SSO token 1220 public char DELIMITER = '|'; 1221 1222 // Escape string for the <code>DELIMITER</code> contained in the values 1223 // of multi-valued property set in SSO token 1224 public String ESCAPE_DELIMITER = "|"; 1225 1226 /** 1227 * Namespace declaration for XML Encryption 1228 */ 1229 public String NS_XMLENC = "http://www.w3.org/2001/04/xmlenc#"; 1230 1231 /** 1232 * Namespace declaration for XML Digital Signature 1233 */ 1234 public String NS_XMLSIG = "http://www.w3.org/2000/09/xmldsig#"; 1235 1236 /** 1237 * Want XACML Authorization Decision Query Signed. 1238 */ 1239 String WANT_XACML_AUTHZ_DECISION_QUERY_SIGNED = 1240 "wantXACMLAuthzDecisionQuerySigned"; 1241 1242 /** 1243 * Want Authorization Decision Response Signed. 1244 */ 1245 String WANT_XACML_AUTHZ_DECISION_RESPONSED_SIGNED = 1246 "wantXACMLAuthzDecisionResponseSigned"; 1247 1248 /** 1249 * Generate Discovery Bootstrapping 1250 */ 1251 public String DISCO_BOOTSTRAPPING_ENABLED = 1252 "discoveryBootstrappingEnabled"; 1253 1254 /** 1255 * Constant for Response Artifact message encoding property 1256 */ 1257 public String RESPONSE_ARTIFACT_MESSAGE_ENCODING = 1258 "responseArtifactMessageEncoding"; 1259 1260 /** 1261 * URI encoding 1262 */ 1263 public String URI_ENCODING = "URI"; 1264 1265 /** 1266 * FORM encoding 1267 */ 1268 public String FORM_ENCODING = "FORM"; 1269 1270 /** 1271 * Cache Assertion 1272 */ 1273 public String ASSERTION_CACHE_ENABLED = 1274 "assertionCacheEnabled"; 1275 1276 /** 1277 * Attribute name format for ID-WSF 1.1 Discovery bootstrap 1278 */ 1279 public String DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME_FORMAT = 1280 "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"; 1281 1282 /** 1283 * Attribute name for ID-WSF 1.1 Discovery bootstrap 1284 */ 1285 public String DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME = 1286 "urn:liberty:disco:2003-08:DiscoveryResourceOffering"; 1287 1288 /** 1289 * Constant for Discovery bootstrap credentials SSO token 1290 * property 1291 */ 1292 public String DISCOVERY_BOOTSTRAP_CREDENTIALS = 1293 "DiscoveryBootstrapCrendentials"; 1294 1295 /** 1296 * XML Schema Instance namespace URI 1297 */ 1298 public String NS_XSI = 1299 "http://www.w3.org/2001/XMLSchema-instance"; 1300 1301 /** 1302 * String used to declare XML Schema Instance namespace. 1303 */ 1304 public String XSI_DECLARE_STR = 1305 "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\""; 1306 1307 /** 1308 * List of SAE appliation name to encrypted secret mapping. 1309 */ 1310 public String SAE_APP_SECRET_LIST = "saeAppSecretList"; 1311 1312 /** 1313 * List of valid Relay State Urls 1314 */ 1315 public String RELAY_STATE_URL_LIST = "relayStateUrlList"; 1316 1317 /** 1318 * IDP SAE endpoint url. 1319 */ 1320 public String SAE_IDP_URL = "saeIDPUrl"; 1321 1322 /** 1323 * SP SAE endpoint url. 1324 */ 1325 public String SAE_SP_URL = "saeSPUrl"; 1326 1327 /** 1328 * SP SAE logout url. 1329 */ 1330 public String SAE_SP_LOGOUT_URL = "saeSPLogoutUrl"; 1331 1332 /** 1333 * SAE : Extended meta param : SPApp url 1334 */ 1335 public String SAE_XMETA_URL = "url"; 1336 1337 /** 1338 * SAE : Extended meta param : shared secret for symmetric crypto 1339 */ 1340 public String SAE_XMETA_SECRET = "secret"; 1341 1342 /** 1343 * SAE : Derived from SAML2 meta 1344 */ 1345 public String SAE_XMETA_PKEY_ALIAS = "privatekeyalias"; 1346 1347 /** 1348 * HTTP parameters that will be passed to SAE auth modules. 1349 */ 1350 public String SAE_REALM = "realm"; 1351 public String SAE_IDP_ENTITYID = "idpEntityID"; 1352 public String SAE_IDPAPP_URL = "idpAppUrl"; 1353 1354 /** 1355 * Enable IDP Proxy 1356 */ 1357 public String ENABLE_IDP_PROXY = "enableIDPProxy"; 1358 1359 /** 1360 * Always proxy the Authn Request 1361 */ 1362 public String ALWAYS_IDP_PROXY = "alwaysIdpProxy"; 1363 1364 /** 1365 *IDP Proxy Name List 1366 */ 1367 public String IDP_PROXY_LIST = "idpProxyList"; 1368 1369 /** 1370 * IDP Proxy Count 1371 */ 1372 public String IDP_PROXY_COUNT = "idpProxyCount"; 1373 1374 /** 1375 * Use Introduction for IDP Proxy 1376 */ 1377 public String USE_INTRODUCTION_FOR_IDP_PROXY = 1378 "useIntroductionForIDPProxy"; 1379 1380 /** 1381 * Idp finder URL 1382 */ 1383 public String IDP_FINDER_URL ="/idpfinder"; 1384 1385 /** 1386 * IDP Proxy finder name 1387 */ 1388 public String IDP_PROXY_FINDER_NAME = 1389 "com.sun.identity.saml2.idpproxy"; 1390 1391 /** 1392 * Default class name of IDP Proxy finder 1393 */ 1394 public String DEFAULT_IDP_PROXY_FINDER = 1395 "com.sun.identity.saml2.plugins.SAML2IDPProxyImpl"; 1396 1397 /** 1398 * IDP Proxy finder attribute name in the IDP Extended metadata 1399 */ 1400 public String IDP_PROXY_FINDER_ATTR_NAME = "idpProxyFinder"; 1401 1402 /** 1403 * IDP Proxy finder implmentation classe attribute name 1404 * in the IDP Extended metadata 1405 */ 1406 public static final String PROXY_IDP_FINDER_CLASS = "proxyIDPFinderClass"; 1407 1408 /** 1409 * Flag to indicate if the IdP must enable the IdP Finder 1410 * This is the name of the attribute flag in the IDP Extended metadata 1411 */ 1412 public static final String ENABLE_PROXY_IDP_FINDER_FOR_ALL_SPS = 1413 "enableProxyIDPFinderForAllSPs"; 1414 1415 /** 1416 * Attribute Name in the extended metadata that takes the value of 1417 * the JSP that will present the list of IdPs to the user 1418 */ 1419 public static final String PROXY_IDP_FINDER_JSP = 1420 "proxyIDPFinderJSP"; 1421 1422 /** 1423 * Default IDP Proxy Finder JSP 1424 */ 1425 public static final String DEFAULT_PROXY_IDP_FINDER = "proxyidpfinder.jsp"; 1426 1427 /** 1428 * IDP Adapter class attribute name 1429 */ 1430 public static final String IDP_ADAPTER_CLASS = "idpAdapter"; 1431 1432 /** 1433 * Default IDP Adapter class 1434 */ 1435 public static final String DEFAULT_IDP_ADAPTER = "com.sun.identity.saml2.plugins.DefaultIDPAdapter"; 1436 1437 /** 1438 * Key used to save IDP Session in a map 1439 */ 1440 public String IDP_SESSION = "IDPSESSION"; 1441 1442 /** 1443 * Key used to save session partners in a map 1444 */ 1445 public String PARTNERS = "PARTNERS"; 1446 1447 /** 1448 * String used to declare ECP namespace prefix. 1449 */ 1450 public static final String ECP_PREFIX = "ecp:"; 1451 1452 /** 1453 * ECP namespace URI. 1454 */ 1455 public static final String ECP_NAMESPACE = 1456 "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"; 1457 1458 /** 1459 * String used to declare ECP namespace. 1460 */ 1461 public static final String ECP_DECLARE_STR = 1462 "xmlns:ecp=\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\""; 1463 1464 /** 1465 * Constant for ECP end tag 1466 */ 1467 public static final String ECP_END_TAG="</ecp:"; 1468 1469 /** 1470 * ECP service name in PAOS header 1471 */ 1472 public static final String PAOS_ECP_SERVICE = 1473 "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"; 1474 1475 /** 1476 * String used to declare SOAP envelope namespace prefix. 1477 */ 1478 public static final String SOAP_ENV_PREFIX = "soap-env:"; 1479 1480 /** 1481 * SOAP envelope namespace URI. 1482 */ 1483 public static final String SOAP_ENV_NAMESPACE = 1484 "http://schemas.xmlsoap.org/soap/envelope/"; 1485 1486 /** 1487 * String used to declare SOAP envelope namespace. 1488 */ 1489 public static final String SOAP_ENV_DECLARE_STR = 1490 "xmlns:soap-env=\"http://schemas.xmlsoap.org/soap/envelope/\""; 1491 1492 /** 1493 * SOAP actor. 1494 */ 1495 public static final String SOAP_ACTOR_NEXT = 1496 "http://schemas.xmlsoap.org/soap/actor/next"; 1497 1498 /** 1499 * Check Certificate status 1500 */ 1501 public static final String CHECK_SAML2_CERTIFICATE_STATUS = 1502 "com.sun.identity.saml2.crl.check"; 1503 1504 /** 1505 * Check CA Certificate status 1506 */ 1507 public static final String CHECK_SAML2_CA_STATUS = 1508 "com.sun.identity.saml2.crl.check.ca"; 1509 1510 /** 1511 * Wild card to indicate mapping any attribute name as it is in 1512 * the Assertion 1513 */ 1514 public String ATTR_WILD_CARD = "*"; 1515 1516 /** 1517 * Key name for Response object 1518 */ 1519 public String RESPONSE = "Response"; 1520 1521 /** 1522 * Key name for Assertion object 1523 */ 1524 public String ASSERTION = "Assertion"; 1525 1526 /** 1527 * One Time Use. 1528 */ 1529 public String ONETIME="ONE"; 1530 /** 1531 * Is Bearer assertion 1532 */ 1533 public String IS_BEARER="isBearer"; 1534 1535 /** 1536 * String to represent the logout url for external application. 1537 * SAML2 component will send request to the external logout URL 1538 * using back channel HTTP POST mechanism. 1539 * This is used when the single logout is initiated from remote party 1540 * (SP or IDP). 1541 */ 1542 public String APP_LOGOUT_URL = "appLogoutUrl"; 1543 1544 /** 1545 * URL parameter name in external application logout URL for requesting 1546 * user session property. Value is a session property name whose 1547 * value will be posted to application as http header and content for its 1548 * logout use. 1549 */ 1550 public String APP_SESSION_PROPERTY = "appsessionproperty"; 1551 1552 /** 1553 * IDP Session Synchronize Enabled 1554 */ 1555 public String IDP_SESSION_SYNC_ENABLED = 1556 "idpSessionSyncEnabled"; 1557 1558 /** 1559 * SP Session Synchronize Enabled 1560 */ 1561 public String SP_SESSION_SYNC_ENABLED = 1562 "spSessionSyncEnabled"; 1563 1564 /** 1565 * Map key used in fedlet case to specify federation info key. 1566 */ 1567 public String INFO_KEY = "infoKey"; 1568 1569 /** 1570 * Single Sign-On service. 1571 */ 1572 public String SSO_SERVICE = "sso"; 1573 1574 /** 1575 * NameIDMapping service. 1576 */ 1577 public String NAMEID_MAPPING_SERVICE = "nip"; 1578 1579 /** 1580 * AssertionIDRequest service. 1581 */ 1582 public String ASSERTION_ID_REQUEST_SERVICE = "air"; 1583 1584 /** 1585 * ArtifactResolution service. 1586 */ 1587 public String ARTIFACT_RESOLUTION_SERVICE = "ars"; 1588 1589 /** 1590 * SingleLogout service. 1591 */ 1592 public String SLO_SERVICE = "slo"; 1593 1594 /** 1595 * ManageNameID service. 1596 */ 1597 public String MNI_SERVICE = "mni"; 1598 1599 /** 1600 * AssertionConsumer service. 1601 */ 1602 public String ACS_SERVICE = "acs"; 1603 1604 /** 1605 * Map key used in SLO request redirect code 1606 */ 1607 public static final String AM_REDIRECT_URL = "AM_REDIRECT_URL"; 1608 1609 /** 1610 * Map key used in SLO request redirect code 1611 */ 1612 public static final String OUTPUT_DATA = "OUTPUT_DATA"; 1613 1614 public static final String RESPONSE_CODE = "RESPONSE_CODE"; 1615 1616 /** 1617 * Flag to Indicate that we do not want to write the Federation info in the local User Data Store. This flag is 1618 * set in the local/remote SP extended metadata configuration. 1619 */ 1620 public static final String SP_DO_NOT_WRITE_FEDERATION_INFO = "spDoNotWriteFederationInfo"; 1621 1622 /** 1623 * Flag to indicate that we do not want to write the federation info in the IdP's local User Data Store. This flag 1624 * is set in the local IdP extended metadata configuration. 1625 */ 1626 String IDP_DISABLE_NAMEID_PERSISTENCE = "idpDisableNameIDPersistence"; 1627 1628 /** 1629 * Property to determine whether SAML SP Decryption Debug mode has been enabled. 1630 */ 1631 String SAML_DECRYPTION_DEBUG_MODE = "openam.saml.decryption.debug.mode"; 1632 1633 /** 1634 * Property name used to store the remote IdP's SAML response as an attribute of the HttpServletRequest. 1635 */ 1636 String SAML_PROXY_IDP_RESPONSE_KEY = "openam.saml.idpproxy.idp.response"; 1637 1638 /** 1639 * property name used to store whether or not saml single logout in enabled. 1640 */ 1641 String SINGLE_LOGOUT = "openam.saml.singlelogout.enabled"; 1642 1643 /** 1644 * Default Value for the SAML2 Server Port 1645 */ 1646 int DEFAULT_SERVER_PORT = 18080; 1647}