001/*
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: SAMLConstants.java,v 1.17 2009/06/12 22:21:39 mallas Exp $
026 *
027 * Portions Copyrighted 2010-2015 ForgeRock AS.
028 */
029
030package com.sun.identity.saml.common;
031
032import java.util.HashSet;
033import java.util.Set;
034
035/**
036 * This is a common class defining some constants common to all SAML elements.
037 *
038 * @supported.api
039 */
040public final class SAMLConstants 
041{
042    public static Set passwordAuthMethods = null;
043    public static Set tokenAuthMethods = null;
044    static {
045        passwordAuthMethods = new HashSet();
046        passwordAuthMethods.add("nt");
047        passwordAuthMethods.add("ldap");
048        passwordAuthMethods.add("membership");
049        passwordAuthMethods.add("anonymous");
050        tokenAuthMethods = new HashSet();
051        tokenAuthMethods.add("radius");
052    }
053
054    /**
055     * String to identify a quote.
056     */
057    public static final String QUOTE                    = "\"";
058
059    /**
060     * String to identify a new line charactor.
061     */
062    public static final String NL                       = "\n";
063
064    /**
065     * String to identify a left angle.
066     */
067    public static final String LEFT_ANGLE              = "<";
068
069    /**
070     * String to identify a right angle.
071     */
072    public static final String RIGHT_ANGLE              = ">";
073
074    /**
075     * String to identify "/>".
076     */
077    public static final String END_ELEMENT              = "/>";
078
079    /**
080     * String to identify "&lt;/".
081     */
082    public static final String START_END_ELEMENT = "</";
083
084    /**
085     * String to identify a space charactor.
086     */
087    public static final String SPACE                = " ";
088
089    /**
090     * SAML assertion namespace URI.
091     *
092     * @supported.api
093     */
094    public static final String assertionSAMLNameSpaceURI = 
095                "urn:oasis:names:tc:SAML:1.0:assertion";
096    /**
097     * SOAP 1.1 namespace URI.
098     *
099     * @supported.api
100     */
101    public static final String SOAP_URI =
102                "http://schemas.xmlsoap.org/soap/envelope/";
103    
104    /**
105     * SOAP 1.2 namespace URI.
106     *
107     * @supported.api
108     */
109    public static final String SOAP12_URI =
110                "http://www.w3.org/2003/05/soap-envelope";
111    /**
112     * SOAP envelope prefix.
113     */
114    public static final String SOAP_ENV_PREFIX = "soap-env";
115
116    /**
117     * SAML request-response protocol namespace URI.
118     *
119     * @supported.api
120     */
121    public static final String PROTOCOL_NAMESPACE_URI =
122                        "urn:oasis:names:tc:SAML:1.0:protocol";
123
124    /**
125     * XML Digital Signature namespace.
126     *
127     * @supported.api
128     */
129    public static final String XMLSIG_NAMESPACE_URI =
130                        "http://www.w3.org/2000/09/xmldsig#";
131
132    /**
133     * Element name for xml signature.
134     */
135    public static final String XMLSIG_ELEMENT_NAME = "Signature";
136
137    /**
138     * Pointer to Signature name space.
139     */
140    public static final String DSSAMLNameSpace = 
141        "xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"";
142   
143    /**
144     * String which gets incorporated into
145     * <code>toString(includeNS, declareNS)</code> when 
146     * <code>declareNS</code> is true for any assertion element.
147     */
148    public static final String assertionDeclareStr = 
149        " xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"";
150
151    /**
152     * String used in the <code>toString(includeNS, declareNS)</code> method.
153     */
154    public static final String PROTOCOL_NAMESPACE_STRING =
155        " xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\"";
156
157    /** 
158     * <code>NameQualifier</code> in <code>NameIdetifier</code> for
159     * <code>X509SubjectName</code>.
160     */
161    public static final String X509SUBJECTNAME =
162        assertionSAMLNameSpaceURI+"#X509SubjectName";
163
164    /**
165     * String used in the <code>ActionNamespace</code> attribute to refer to
166     * common sets of actions to perform on resources. 
167     *
168     * Title: Read/Write/Execute/Delete/Control
169     * Defined actions: <code>Read Write Execute Delete Control</code>
170     * These actions are interpreted in the normal manner, i.e. 
171     * <ul>
172     * <li><code>Read</code>: The subject may read the resource </li>
173     * <li><code>Write</code>: The subject may modify the resource </li>
174     * <li><code>Execute</code>: The subject may execute the resource </li>
175     * <li><code>Delete</code>: The subject may delete the resource </li>
176     * <li><code>Control</code>: The subject may specify the access control
177     *     policy for the resource.</li>
178     * </ul>
179     *
180     * @supported.api
181     */
182    public static final String ACTION_NAMESPACE = 
183        "urn:oasis:names:tc:SAML:1.0:action:rwedc";
184
185    /**
186     * String used in the <code>ActionNamespace</code> attribute to refer to
187     * common sets of actions to perform on resources. 
188     *
189     * Title: Read/Write/Execute/Delete/Control with Negation
190     * Defined actions:
191     * <code>Read Write Execute Delete Control ~Read ~Write ~Execute ~Delete
192     * ~Control</code>
193     * <ul>
194     * <li><code>Read</code>: The subject may read the resource </li>
195     * <li><code>Write</code>: The subject may modify the resource </li>
196     * <li><code>Execute</code>: The subject may execute the resource </li>
197     * <li><code>Delete</code>: The subject may delete the resource </li>
198     * <li><code>Control</code>: The subject may specify the access control
199     *     policy for the resource </li>
200     * <li><code>~Read</code>:  The subject may NOT read the resource </li>
201     * <li><code>~Write</code>: The subject may NOT modify the resource </li>
202     * <li><code>~Execute</code>: The subject may NOT execute the resource </li>
203     * <li><code>~Delete</code>: The subject may NOT delete the resource </li>
204     * <li><code>~Control</code>: The subject may NOT specify the access
205     *     control policy for the resource </li>
206     * </ul>
207     * An application MUST NOT authorize both an action and its negated form.
208     *
209     * @supported.api
210     */
211    public static final String ACTION_NAMESPACE_NEGATION = 
212                "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation";
213
214    /**
215     * String used in the <code>ActionNamespace</code> attribute to refer to
216     * common sets of actions to perform on resources. 
217     *
218     * Title: <code>Get/Head/Put/Post</code>
219     * Defined actions: 
220     *          <code>GET HEAD PUT POST</code>
221     * These actions bind to the corresponding HTTP operations. For example a
222     * subject authorized to perform the GET action on a resource is authorized
223     * to retrieve it. The GET and HEAD actions loosely correspond to the 
224     * conventional read permission and the PUT and POST actions to the write 
225     * permission. The correspondence is not exact however since a HTTP GET 
226     * operation may cause data to be modified and a POST operation may cause
227     * modification to a resource other than the one specified in the request. 
228     * For this reason a separate Action URI specifier is provided. 
229     *
230     * @supported.api
231     */
232    public static final String ACTION_NAMESPACE_GHPP = 
233                "urn:oasis:names:tc:SAML:1.0:ghpp";
234
235    /**
236     * String used in the <code>ActionNamespace<code> attribute to refer to
237     * common sets of actions to perform on resources. 
238     *
239     * Title: UNIX File Permissions
240     * Defined actions: 
241     * The defined actions are the set of UNIX file access permissions
242     * expressed in the numeric (octal) notation. The action string is a four
243     * digit numeric code: extended user group world 
244     * Where the extended access permission has the value  
245     * <ul>
246     * <li><code>+2 if sgid is set</code>
247     * <li><code>+4 if suid is set</code>
248     * The user group and world access permissions have the value 
249     * <li><code>+1 if execute permission is granted</code>
250     * <li><code>+2 if write permission is granted</code>
251     * <li><code>+4 if read permission is granted</code>
252     * For example 0754 denotes the UNIX file access permission: user read,
253     * write and execute, group read and execute and world read. 
254     *
255     * @supported.api
256     */
257    public static final String ACTION_NAMESPACE_UNIX = 
258                "urn:oasis:names:tc:SAML:1.0:action:unix";
259
260    /**
261     * saml namespace prefix with ":".
262     */
263    public static final String ASSERTION_PREFIX = "saml:";
264
265    /**
266     * samlp namespace prefix with ":".
267     */
268    public static final String PROTOCOL_PREFIX = "samlp:";
269
270    /**
271     * Assertion version 1.0.
272     */
273    public static final String ASSERTION_VERSION_1_0 = "1.0";
274
275    /**
276     * Assertion version 1.1.
277     */
278    public static final String ASSERTION_VERSION_1_1 = "1.1";
279
280    /**
281     * Major version of assertion.
282     */
283    public static final int ASSERTION_MAJOR_VERSION = 1;
284    /**
285     * Default Assertion minor version.
286     */
287    public static int ASSERTION_MINOR_VERSION = 1;
288
289    /**
290     * Assertion minor version 0.
291     */
292    public static final int ASSERTION_MINOR_VERSION_ZERO = 0;
293
294    /**
295     * Assertion minor version 1.
296     */
297    public static final int ASSERTION_MINOR_VERSION_ONE = 1;
298
299    /**
300     * Protocol version 1.0.
301     */
302    public static final String PROTOCOL_VERSION_1_0 = "1.0";
303
304    /**
305     * Protocol version 1.1.
306     */
307    public static final String PROTOCOL_VERSION_1_1 = "1.1";
308
309    /**
310     * Protocol major version 1.
311     */
312    public static final int PROTOCOL_MAJOR_VERSION = 1;
313
314    /**
315     * Default protocol minor version 1.
316     */
317    public static int PROTOCOL_MINOR_VERSION = 1;
318
319    /**
320     * Protocol minor version 0.
321     */
322    public static final int PROTOCOL_MINOR_VERSION_ZERO = 0; 
323
324    /**
325     * Protocol minor version 1.
326     */
327    public static final int PROTOCOL_MINOR_VERSION_ONE = 1;  
328 
329    /**
330     * Assertion handle, request id, and response id have this length.
331     * If server id cannot be found, assertion id has this length also.
332     * request id, response id, and assertion id will be base64 encoded for
333     * printing.
334     */
335    public static final int ID_LENGTH = 20;
336
337    /**
338     * Length for server id. Used in load balancing.
339     */
340    public static final int SERVER_ID_LENGTH = 2;
341
342    /**
343     * Default encoding used in the xml string conversion.
344     */
345    public static final String DEFAULT_ENCODING = "UTF-8";
346
347    /**
348     * SAML artifact confirmation method identifier URI.
349     *
350     * @supported.api
351     */
352    public static String CONFIRMATION_METHOD_ARTIFACT =
353                "urn:oasis:names:tc:SAML:1.0:cm:artifact";
354
355    /**
356     * Deprecated SAML Artifact confirmation method identifier URI.
357     *
358     * @supported.api
359     */
360    public static final String DEPRECATED_CONFIRMATION_METHOD_ARTIFACT =
361                "urn:oasis:names:tc:SAML:1.0:cm:artifact-01";
362
363    /**
364     * OpenAM confirmation method identifier URI.
365     *
366     * @supported.api
367     */
368    public static final String CONFIRMATION_METHOD_IS =
369                "urn:com:sun:identity";
370
371    /**
372     * SAML Bearer confirmation method identifier URI.
373     *
374     * @supported.api
375     */
376    public static final String CONFIRMATION_METHOD_BEARER =
377                "urn:oasis:names:tc:SAML:1.0:cm:bearer";
378
379    /**
380     * SAML "Holder of Key" confirmation method identifier URI.
381     *
382     * @supported.api
383     */
384    public static final String CONFIRMATION_METHOD_HOLDEROFKEY =
385                "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key";
386
387    /**
388     * SAML "Sender Vouches" confirmation method identifier URI.
389     *
390     * @supported.api
391     */
392    public static final String CONFIRMATION_METHOD_SENDERVOUCHES =
393                "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches";
394
395    // used by SAML service schema related operations
396
397    /**
398     * SAML service name.
399     */
400    public static final String SAML_SERVICE_NAME = "SAML1";
401
402    /**
403     * 1.0 version of SAML service.
404     */
405    public static final String SAML_SERVICE_VERSION = "1.0";
406
407    /**
408     * SAML service attribute that specifies time skew for not before attribute
409     * in assertion.
410     */
411    public static final String NOTBEFORE_TIMESKEW_NAME =
412                                        "iplanet-am-saml-notbefore-timeskew";
413
414    /**
415     * SAML service attribute that specifies artifact timeout period.
416     */
417    public static final String ARTIFACT_TIMEOUT_NAME =
418                                        "iplanet-am-saml-artifact-timeout";
419
420    /**
421     * SAML service attribute that specifies assertion timeout period.
422     */
423    public static final String ASSERTION_TIMEOUT_NAME =
424                                        "iplanet-am-saml-assertion-timeout";
425
426    /**
427     * SAML service attribute that specifies whether needs to remove
428     * assertion after it's being dereferenced or not.
429     */
430    public static final String REMOVE_ASSERTION_NAME =
431                                        "com.sun.identity.saml.removeassertion";
432
433    /**
434     * Default not before time skew. It's in seconds.
435     */
436    public static final int NOTBEFORE_TIMESKEW_DEFAULT = 300;
437
438    /**
439     * Default artifact timeout period. It's in seconds.
440     */
441    public static final int ARTIFACT_TIMEOUT_DEFAULT = 120;
442
443    /**
444     * Default assertion timeout period. It's in seconds.
445     */
446    public static final int ASSERTION_TIMEOUT_DEFAULT = 60;
447
448    /**
449     * SAML service attribute that specifies list of saml site IDs.
450     */
451    public static final String SITE_ID_LIST = "iplanet-am-saml-siteid-list"; 
452
453    /**
454     * SAML service attribute that specifies list of instances.
455     */
456    public static final String INSTANCE_LIST = "iplanet-am-saml-instance-list"; 
457
458    /**
459     * This site's ID.
460     */
461    public static final String SITE_ID = "mysiteid"; 
462
463    /**
464     * SAML service attribute that specifies list of issuer names.
465     */
466    public static final String ISSUER_NAME_LIST =
467                                        "iplanet-am-saml-issuername-list";
468
469    /**
470     * This site's issuer name.
471     */
472    public static final String ISSUER_NAME = "mysitename";
473
474    /**
475     * SAML service attribute name for list of site ID and issuer names.
476     */
477    public static final String SITE_ID_ISSUER_NAME_LIST =
478                                   "iplanet-am-saml-siteid-issuername-list";
479
480    /**
481     * Constant for instance id.
482     */
483    public static final String INSTANCEID = "INSTANCEID";
484
485    /**
486     * Constant for site id.
487     */
488    public static final String SITEID = "SITEID";
489
490    /**
491     * Constant for issuer name.
492     */
493    public static final String ISSUERNAME = "ISSUERNAME";
494
495    /**
496     * SAML service attribute that specifies site's certificate alias.
497     */
498    public static final String SITE_CERT_ALIAS =
499                                        "iplanet-am-saml-sitecertalias";
500
501    /**
502     * SAML service attribute that specifies whether to sign a request or not.
503     */
504    public static final String SIGN_REQUEST =
505                                        "iplanet-am-saml-signrequest";
506
507    /**
508     * Default is to not sign request.
509     */
510    public static final String SIGN_REQUEST_DEFAULT = "false";
511
512    /**
513     * SAML service attribute that specifies whether to sign a response or not.
514     */
515    public static final String SIGN_RESPONSE =
516                                        "iplanet-am-saml-signresponse";
517
518    /**
519     * Default is to not sign response.
520     */
521    public static final String SIGN_RESPONSE_DEFAULT = "false";
522
523    /**
524     * SAML service attribute that specifies whether to sign an assertion
525     * or not.
526     */
527    public static final String SIGN_ASSERTION =
528                                        "iplanet-am-saml-signassertion";
529
530    /**
531     * Default is to not sign the assertion.
532     */
533    public static final String SIGN_ASSERTION_DEFAULT = "false";
534
535    /**
536     * SAML service attribute that specifies the name for artifact.
537     */
538    public static final String ARTIFACT_NAME = "iplanet-am-saml-artifact-name";
539
540    /**
541     * SAML service attribute that specifies the name id format attribute map.
542     */
543    public static final String NAME_ID_FORMAT_MAP =
544            "iplanet-am-saml-name-id-format-attr-map";
545
546    /**
547     * SAML service attribute that specifies the attribute map.
548     */
549    public static final String ATTRIBUTE_MAP =
550            "iplanet-am-saml-attr-map";
551
552    /**
553     * Default SAML artifact name.
554     *
555     * @supported.api
556     */
557    public static final String ARTIFACT_NAME_DEFAULT = "SAMLart" ;
558
559    /**
560     * SAML service attribute that specifies target parameter.
561     */
562    public static final String TARGET_SPECIFIER = 
563                                           "iplanet-am-saml-target-specifier" ; 
564
565    /**
566     * Default parameter for target.
567     */
568    public static final String TARGET_SPECIFIER_DEFAULT = "TARGET" ;
569
570    /**
571     * SAML service attribute that specifies list of trusted partners.
572     * A sample trusted server list entry is like
573     * target=.iplanet.com:8080|
574     *      SAMLUrl=http://dsame.red.iplanet.com:8080/amserver/SAMLAwareServlet|
575     * POSTUrl=http://dsame.red.iplanet.com:8080/amserver/SAMLPOSTProfileServlet
576     */
577    public static final String TRUSTED_SERVER_LIST =
578                                        "iplanet-am-saml-trusted-server-list"; 
579
580    /**
581     * SAML service attribute that specifies partner urls.
582     * A sample Parter URL list entry is like: 
583     * SourceID=encoded 20 bytes|
584     * SOAPUrl=http://dsame2.red.iplanet.com:8080/amserver/SAMLSOAPReceiver
585     */
586    public static final String PARTNER_URLS = "iplanet-am-saml-partner-urls"; 
587
588    /**
589     * Constants for target.
590     */
591    public static final String TARGET = "TARGET"; 
592
593    /**
594     * Constants for url which handles saml web browser artifact profile.
595     */
596    public static final String SAMLURL = "SAMLURL"; 
597
598    /**
599     * Constants for url which handles saml web browser post profile.
600     */
601    public static final String POSTURL = "POSTURL";
602    
603
604    /**
605     * A SAML service attribute parameter. The 20-byte sequence defined as in
606     * the SiteID and Issuer name.
607     *
608     * @supported.api
609     */
610    public static final String SOURCEID = "SOURCEID"; 
611
612    /**
613     * A SAML service attribute parameter that defines partner's name.
614     *
615     * iPlanet-PUBLIC-STATIC
616     */
617    public static final String PARTNERNAME = "PARTNERNAME"; 
618
619    /**
620     * A SAML service attribute parameter that defines the URL that provides
621     * the SAML service. The servlet specified in the URL implements the
622     * Web-browser SSO with Artifact profile defined in the OASIS-SAML
623     * Bindings and Profiles specification.
624     *
625     * @supported.api
626     */
627    public static final String SOAPUrl = "SOAPURL"; 
628
629    /**
630     * A SAML service attribute parameter that defines the authentication type
631     * used in SAML. It should be one of the following:
632     *     NOAUTH
633     *     BASICAUTH
634     *     SSL
635     *     SSLWITHBASICAUTH
636     * This parameter is optional, and if not specified, the default is NOAUTH.
637     * If BASICAUTH or SSLWITHBASICAUTH is specified, the User parameter is
638     * require and the SOAPUrl should be HTTPS. 
639     *
640     * @supported.api
641     */
642    public static final String AUTHTYPE = "AUTHTYPE"; 
643
644    /**
645     * A SAML service attribute parameter that defines the uid of the partner
646     * which is used to protect the partner's SOAP Receiver
647     *
648     * @supported.api
649     */
650    public static final String UID = "USER"; 
651
652    /**
653     * A SAML service attribute parameter that defines the user id of the
654     * partner which is used for Basic Authentication.
655     *
656     * @supported.api
657     */
658    public static final String AUTH_UID = "AUTHUSER"; 
659
660    /**
661     * A SAML service attribute parameter that defines the password of the
662     * partner which is used for Basic Authentication.
663     *
664     * @supported.api
665     */
666    public static final String AUTH_PASSWORD = "AUTHPASSWORD"; 
667
668    /**
669     * A SAML service attribute parameter that specifies a pluggable class
670     * which defines how the subject of an Assertion is related to an identity
671     * at the destination site. By default, it is:
672     *     com.sun.identity.saml.plugins.DefaultAccountMapper
673     *
674     * @supported.api
675     */
676    public static final String ACCOUNTMAPPER = "ACCOUNTMAPPER";
677
678    /**
679     * A SAML service attribute parameter that specifies a pluggable class
680     * which defines how the subject of an Assertion is related to an identity
681     * at the destination site and a target URL. By default, it is:
682     *     com.sun.identity.saml.plugins.DefaultPartnerAccountMapper
683     *
684     * @supported.api
685     */
686    public static final String PARTNERACCOUNTMAPPER = "PARTNERACCOUNTMAPPER";
687
688    /**
689     * A SAML service attribute parameter that specifies the class with the
690     * path where the siteAttributeMapper is located. Applications can develop
691     * a siteAttributeMapper to obtain attributes to be included in the
692     * assertion during SSO. If no siteAttributeMapper is found, then no
693     * attributes will be included in the assertion during SSO. 
694     *
695     * @supported.api
696     */
697    public static final String SITEATTRIBUTEMAPPER = "siteattributemapper";
698    public static final String SITEATTRIBUTEMAPPERDEFAULT =
699            "com.sun.identity.saml.plugins.DefaultSiteAttributeMapper";
700    
701    /**
702     * A SAML service attribute parameter that specifies the class with the
703     * path where the partnerSiteAttributeMapper is located. Applications can
704     * develop a partnerSiteAttributeMapper to obtain attributes to be included
705     * in the assertion during SSO based on target URL. If no
706     * partnerSiteAttributeMapper is found, then no attributes will be included
707     * in the assertion during SSO. 
708     *
709     * @supported.api
710     */
711    public static final String PARTNERSITEATTRIBUTEMAPPER =
712                                "partnersiteattributemapper";
713
714
715    /**
716     * A SAML service attribute parameter that specifies the class with the
717     * path where the nameIdentifierMapper is located. Applications can develop
718     * a nameIdentifierMapper to obtain a name identifier to be included in the
719     * assertion during SSO. If no nameIdentifierMapper is found, then a
720     * default implementation will be used.
721     *
722     * @supported.api
723     */
724    public static final String NAMEIDENTIFIERMAPPER = "nameidentifiermapper";
725
726    /**
727     * A SAML service attribute parameter that lists the IP addresses and/or
728     * the certAlias for all of the hosts, within the specified partner site,
729     * that can send requests to this site. This ensures that the requester is
730     * indeed the intended receiver for the SAML artifact. 
731     *
732     * @supported.api
733     */
734    public static final String HOST_LIST = "hostlist";
735
736    /**
737     * A POST attribute name that specifies an assertion.
738     *
739     * @supported.api
740     */
741    public static final String POST_ASSERTION_NAME = "ASSERTION";
742
743    /**
744     * A POST attribute name that specifies attribute names of an assertion.
745     *
746     * @supported.api
747     */
748    public static final String POST_ATTR_NAMES = "ATTRIBUTENAMES";
749
750    /**
751     * A SAML service attribute parameter that specifies a certAlias name used
752     * for verifying the signature in an assertion, when the assertion is
753     * signed by a partner and the certificate of the partner can not be found
754     * in the KeyInfo portion of the signed assertion.
755     *
756     * @supported.api
757     */
758    public static final String CERTALIAS = "CERTALIAS";
759
760    /**
761     * A SAML service attribute parameter that defines the creator of an
762     * assertion generated within OpenAM. The syntax is
763     * hostname:port.
764     *
765     * @supported.api
766     */
767    public static final String ISSUER = "ISSUER";
768
769    /**
770     * A SAML service attribute parameter that specifies the class with the
771     * path to where the attributeMapper is located. Applications can develop
772     * an attributeMapper to obtain either an Session  ID or an assertion
773     * containing AuthenticationStatement from the query. The mapper is then
774     * used to retrieve the attributes for the subject. If no attributeMapper
775     * is specified, DefaultAttributeMapper will be used. 
776     *
777     * @supported.api
778     */
779    public static final String ATTRIBUTEMAPPER = "ATTRIBUTEMAPPER";
780
781    /**
782     * A SAML service attribute parameter that specifies the class with the
783     * path to where the actionMapper is located. Applications can develop an
784     * actionMapper to obtain either an Session ID or an assertion containing
785     * AuthenticationStatement from the query. The mapper is then used to
786     * retrieve the authorization decisions for the actions defined in the
787     * query. If no actionMapper is specified, DefaultActionMapper will be
788     * used. 
789     *
790     * @supported.api
791     */
792    public static final String ACTIONMAPPER = "ACTIONMAPPER";
793
794    /**
795     * A SAML service attribute parameter that specifies SAML version
796     *
797     * @supported.api
798     */
799    public static final String VERSION = "VERSION";
800
801    /**
802     * SAML service attribute that specifies action service mapping.
803     */
804    public static final String ACTION_SERVICE_MAPPING =
805                                "iplanet-am-saml-action-service-mapping";
806
807    /**
808     * SAML service attribute that specifies POST to Target URLs.
809     */
810    public static final String POST_TO_TARGET_URLS = 
811        "iplanet-am-saml-post-to-target-urls";
812
813    /**
814     * SAML service attribute that specifies maximum number of assertions
815     * the server can have at a given time.
816     */
817    public static final String ASSERTION_MAX_NUMBER_NAME =
818                                "iplanet-am-saml-assertion-max-number";
819    /**
820     * Default maximum number of assertions of the server. It means no limit.
821     */
822    public static final int ASSERTION_MAX_NUMBER_DEFAULT = 0;
823
824    /**
825     * SAML service attribute that specifies server clean up interval.
826     */
827    public static final String CLEANUP_INTERVAL_NAME =
828                                "iplanet-am-saml-cleanup-interval";
829    /**
830     * System property name that specifies cleanup interval for internal
831     * cache, such as assertions, artifacts and keystore etc. 
832     * This property is mapped to the CLEANUP_INTERVAL_NAME attribute in 
833     * SAML service on the server side.
834     */
835    public static final String CLEANUP_INTERVAL_PROPERTY =
836                            "com.sun.identity.saml.cleanup.interval";
837
838    /**
839     * Default server cleanup interval. It is in seconds.
840     */
841    public static final int CLEANUP_INTERVAL_DEFAULT = 180;
842
843    /**
844     * Kerberos authentication method.
845     */
846    public static final String AUTH_METHOD_KERBEROS = "Kerberos";
847
848    /**
849     * Certificate authentication method.
850     */
851    public static final String AUTH_METHOD_CERT = "Cert";
852
853    /**
854     * Certificate authentication method URI.
855     */
856    public static final String AUTH_METHOD_CERT_URI = "urn:ietf:rfc:2246";
857
858    /**
859     * Password authentication method URI.
860     */
861    public static final String AUTH_METHOD_PASSWORD_URI = 
862        "urn:oasis:names:tc:SAML:1.0:am:password";
863
864    /**
865     * Hardware token authentication method uri.
866     */
867    public static final String AUTH_METHOD_HARDWARE_TOKEN_URI = 
868        "urn:oasis:names:tc:SAML:1.0:am:HardwareToken";
869
870    /**
871     * Kerberos authentication method uri.
872     */
873    public static final String AUTH_METHOD_KERBEROS_URI = "urn:ietf:rfc:1510";
874
875    /**
876     * Private authentication method prefix.
877     */
878    public static final String AUTH_METHOD_URI_PREFIX =
879                                "urn:com:sun:identity:";
880
881    /**
882     * SAML service attribute which identifies basic authentication user.
883     */
884    public static final String USER = "iplanet-am-saml-user"; 
885
886    /**
887     * SAML service attribute which identifies basic authentication password.
888     */
889    public static final String PASSWORD="iplanet-am-saml-password"; 
890
891    /**
892     * A SAML authentication type that uses HTTP protocol and username/password
893     *
894     * @supported.api
895     */
896    public static final String BASICAUTH= "BASICAUTH";
897
898    /**
899     * A SAML authentication type that uses HTTPS protocol and
900     * username/password
901     *
902     * @supported.api
903     */
904    public static final String SSLWITHBASICAUTH = "SSLWITHBASICAUTH"; 
905
906    /**
907     * A SAML authentication type that uses HTTP protocol
908     *
909     * @supported.api
910     */
911    public static final String NOAUTH = "NOAUTH";
912
913    /**
914     * A SAML authentication type that uses HTTPS protocol
915     *
916     * @supported.api
917     */
918    public static final String SSL = "SSL"; 
919
920    /**
921     * Parameter for Name Identifier format used in SAML web browser post
922     * profile and SAML web browser artifact profile.
923     */
924    public static final String NAME_ID_FORMAT="NameIDFormat";
925
926    /**
927     * Constant for servlet which does SAML web browser artifact profile.
928     */
929    public static final String SAML_AWARE_NAMING="samlawareservlet";
930
931    /**
932     * Constant for endpoint which accepts SOAP request.
933     */
934    public static final String SAML_SOAP_NAMING="samlsoapreceiver"; 
935
936    /**
937     * Constant for servlet which does SAML web browser post profile.
938     */
939    public static final String SAML_POST_NAMING="samlpostservlet";
940
941    /**
942     * Constant for process which handles all assertion related requests.
943     */
944    public static final String SAML_AM_NAMING = "samlassertionmanager";
945
946    /**
947     * Parameter for SAML response used in SAML web browser post profile.
948     */
949    public static final String POST_SAML_RESPONSE_PARAM = "SAMLResponse";
950
951    /**
952     * Parameter for SAML TARGET.
953     */
954    public static final String POST_TARGET_PARAM = "TARGET";
955
956    // for SAMLPOSTProfileServlet
957
958    /**
959     * Constant which identifies source site.
960     */
961    public static final String SOURCE_SITE_SOAP_ENTRY = "sourceSite";
962
963    /**
964     * Constant for assertion parameter.
965     */
966    public static final String POST_ASSERTION = "assertion";
967
968    /**
969     * Constant for subject.
970     */
971    public static final String SUBJECT = "subject";
972
973    /**
974     * Success status code.
975     */
976    public static final String STATUS_CODE_SUCCESS = "samlp:Success";
977
978    /**
979     * Success status code with no namespace prefix.
980     */
981    public static final String STATUS_CODE_SUCCESS_NO_PREFIX = ":Success";
982
983    /**
984     * http protocol.
985     */
986    public static final String HTTP="http"; 
987
988    /**
989     * https protocol.
990     */
991    public static final String HTTPS="https";
992 
993    // Used for xml digital signing
994    public static final String CANONICALIZATION_METHOD =
995        "com.sun.identity.saml.xmlsig.c14nMethod";
996    public static final String TRANSFORM_ALGORITHM=
997        "com.sun.identity.saml.xmlsig.transformAlg";
998    public static final String XMLSIG_ALGORITHM =
999        "com.sun.identity.saml.xmlsig.xmlSigAlgorithm";    
1000    public static final String JKS_KEY_PROVIDER = 
1001        "com.sun.identity.saml.xmlsig.JKSKeyProvider"; 
1002    public static final String KEY_PROVIDER_IMPL_CLASS =
1003        "com.sun.identity.saml.xmlsig.keyprovider.class";
1004    public static final String SIGNATURE_PROVIDER_IMPL_CLASS =
1005        "com.sun.identity.saml.xmlsig.signatureprovider.class";
1006    public static final String AM_SIGNATURE_PROVIDER =
1007        "com.sun.identity.saml.xmlsig.AMSignatureProvider";
1008   
1009    // constants for XML Signature SignatureMethodURI
1010
1011    /**
1012     * MAC Algorithm HMAC-SHA1 URI - Required.
1013     *
1014     * @supported.api
1015     */
1016    public static final String ALGO_ID_MAC_HMAC_SHA1 = 
1017                                "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
1018
1019    /**
1020     * Signature Algorithm DSAwithSHA1 URI - Required.
1021     *
1022     * @supported.api
1023     */
1024    public static final String ALGO_ID_SIGNATURE_DSA =
1025                                "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
1026
1027    /**
1028     * Signature Algorithm RSAwithSHA1 URI - Recommended.
1029     *
1030     * @supported.api
1031     */
1032    public static final String ALGO_ID_SIGNATURE_RSA = 
1033                                "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
1034    /**
1035     * Signature Algorithm RSAwithSHA1 URI.
1036     *
1037     * @supported.api
1038     */
1039    public static final String ALGO_ID_SIGNATURE_RSA_SHA1 =
1040                                "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
1041
1042    /**
1043     * Signature Algorithm RSA-MD5 URI.
1044     *
1045     * @supported.api
1046     */
1047    public static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 =
1048                              "http://www.w3.org/2001/04/xmldsig-more#rsa-md5";
1049
1050    /**
1051     * Signature Algorithm RSA-RIPEMD160 URI.
1052     *
1053     * @supported.api
1054     */
1055    public static final String ALGO_ID_SIGNATURE_RSA_RIPEMD160 = 
1056                        "http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160";
1057
1058    /**
1059     * Signature Algorithm RSA-SHA256 URI.
1060     *
1061     * @supported.api
1062     */
1063    public static final String ALGO_ID_SIGNATURE_RSA_SHA256 =
1064                        "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
1065
1066    /**
1067     * Signature Algorithm RSA-SHA384 URI.
1068     *
1069     * @supported.api
1070     */
1071    public static final String ALGO_ID_SIGNATURE_RSA_SHA384 = 
1072                        "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
1073
1074    /**
1075     * Signature Algorithm RSA-SHA512 URI.
1076     *
1077     * @supported.api
1078     */
1079    public static final String ALGO_ID_SIGNATURE_RSA_SHA512 = 
1080                        "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
1081
1082    /**
1083     * MAC Algorithm HMAC-MD5 URI.
1084     *
1085     * @supported.api
1086     */
1087    public static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 = 
1088                        "http://www.w3.org/2001/04/xmldsig-more#hmac-md5";
1089
1090    /**
1091     * MAC Algorithm HMAC-RIPEMD160 URI.
1092     *
1093     * @supported.api
1094     */
1095    public static final String ALGO_ID_MAC_HMAC_RIPEMD160 = 
1096                       "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160";
1097
1098    /**
1099     * MAC Algorithm HMAC-SHA256 URI.
1100     *
1101     * @supported.api
1102     */
1103    public static final String ALGO_ID_MAC_HMAC_SHA256 = 
1104                        "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
1105
1106    /**
1107     * MAC Algorithm HMAC-SHA384 URI.
1108     *
1109     * @supported.api
1110     */
1111    public static final String ALGO_ID_MAC_HMAC_SHA384 =
1112                        "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384";
1113
1114    /**
1115     * MAC Algorithm HMAC-SHA512 URI.
1116     *
1117     * @supported.api
1118     */
1119    public static final String ALGO_ID_MAC_HMAC_SHA512 = 
1120                        "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
1121
1122    /**
1123     * Attribute that identifies server protocol in
1124     * <code>AMConfig.properties</code> file.
1125     */
1126    public static final String SERVER_PROTOCOL =
1127                        "com.iplanet.am.server.protocol";
1128
1129    /**
1130     * Attribute that identifies server host in
1131     * <code>AMConfig.properties</code> file.
1132     */
1133    public static final String SERVER_HOST = "com.iplanet.am.server.host";
1134
1135    /**
1136     * Attribute that identifies server port in
1137     * <code>AMConfig.properties</code> file.
1138     */
1139    public static final String SERVER_PORT = "com.iplanet.am.server.port";
1140
1141    /**
1142     * Attribute that identifies server port in
1143     * <code>AMConfig.properties</code> file.
1144     */
1145    public static final String SERVER_URI =
1146        "com.iplanet.am.services.deploymentDescriptor";
1147
1148    /**
1149     * Attribute that identifies default version for saml assertion in
1150     * <code>AMConfig.properties</code> file.
1151     */
1152    public static final String SAML_ASSERTION_VERSION =
1153                        "com.sun.identity.saml.assertion.version";
1154
1155    /**
1156     * Attribute that identifies default version for saml protocol in
1157     * <code>AMConfig.properties</code> file.
1158     */
1159    public static final String SAML_PROTOCOL_VERSION =
1160                        "com.sun.identity.saml.protocol.version";
1161   
1162    /**
1163     * XML canonicalization Algorithm URI.
1164     *
1165     * @supported.api
1166     */
1167    public static final String ALGO_ID_C14N_OMIT_COMMENTS =
1168                        "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
1169
1170    /**
1171     * XML canonicalization with comments Algorithm URI.
1172     *
1173     * @supported.api
1174     */
1175    public static final String ALGO_ID_C14N_WITH_COMMENTS =
1176                        ALGO_ID_C14N_OMIT_COMMENTS + "#WithComments";
1177
1178    /**
1179     * Exclusive XML canonicalization Algorithm URI.
1180     *
1181     * @supported.api
1182     */
1183    public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS =
1184                        "http://www.w3.org/2001/10/xml-exc-c14n#";
1185
1186    /**
1187     * Exclusive XML canonicalization with comments Algorithm URI.
1188     *
1189     * @supported.api
1190     */
1191    public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS =
1192                        ALGO_ID_C14N_EXCL_OMIT_COMMENTS + "WithComments";
1193   
1194    //constants for XML Signature -Transform algorithm
1195    //supported in Apache xml security package 1.0.5
1196  
1197    /**
1198     * XML canonicalization Transform URI.
1199     *
1200     * @supported.api
1201     */
1202    public static final String TRANSFORM_C14N_OMIT_COMMENTS =
1203                        ALGO_ID_C14N_OMIT_COMMENTS;
1204
1205    /**
1206     * XML canonicalization with comments Transform URI.
1207     *
1208     * @supported.api
1209     */
1210    public static final String TRANSFORM_C14N_WITH_COMMENTS =
1211                         ALGO_ID_C14N_WITH_COMMENTS;
1212
1213    /**
1214     * Exclusive XML canonicalization Transform URI.
1215     *
1216     * @supported.api
1217     */
1218    public static final String TRANSFORM_C14N_EXCL_OMIT_COMMENTS =
1219                         ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
1220
1221    /**
1222     * Exclusive XML canonicalization with comments Transform URI.
1223     *
1224     * @supported.api
1225     */
1226    public static final String TRANSFORM_C14N_EXCL_WITH_COMMENTS =
1227                         ALGO_ID_C14N_EXCL_WITH_COMMENTS;
1228
1229    /**
1230     * XSLT Transform URI.
1231     *
1232     * @supported.api
1233     */
1234    public static final String TRANSFORM_XSLT =
1235                         "http://www.w3.org/TR/1999/REC-xslt-19991116";
1236
1237    /**
1238     * Base64 decoding Transform URI.
1239     *
1240     * @supported.api
1241     */
1242    public static final String TRANSFORM_BASE64_DECODE =
1243                         XMLSIG_NAMESPACE_URI + "base64";
1244
1245    /**
1246     * XPath Transform URI.
1247     *
1248     * @supported.api
1249     */
1250    public static final String TRANSFORM_XPATH =
1251                         "http://www.w3.org/TR/1999/REC-xpath-19991116";
1252
1253    /**
1254     * Enveloped Signature Transform URI.
1255     *
1256     * @supported.api
1257     */
1258    public static final String TRANSFORM_ENVELOPED_SIGNATURE =
1259                         XMLSIG_NAMESPACE_URI + "enveloped-signature";
1260
1261    /**
1262     * XPointer Transform URI.
1263     *
1264     * @supported.api
1265     */
1266    public static final String TRANSFORM_XPOINTER =
1267                         "http://www.w3.org/TR/2001/WD-xptr-20010108";
1268
1269    /**
1270     * XPath Filter v2.0 Transform URI.
1271     *
1272     * @supported.api
1273     */
1274    public static final String TRANSFORM_XPATH2FILTER04 =
1275                         "http://www.w3.org/2002/04/xmldsig-filter2";
1276
1277    /**
1278     * XPath Filter v2.0 Transform URI.
1279     *
1280     * @supported.api
1281     */
1282    public static final String TRANSFORM_XPATH2FILTER =
1283                         "http://www.w3.org/2002/06/xmldsig-filter2";
1284
1285    /**
1286     * XPath Filter v2.0 CHGP Transform URI.
1287     *
1288     * @supported.api
1289     */
1290    public static final String TRANSFORM_XPATHFILTERCHGP =
1291          "http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter";
1292
1293    /**
1294     * XML schema namespace.
1295     *
1296     * @supported.api
1297     */
1298    public static final String NS_XMLNS = "http://www.w3.org/2000/xmlns/";
1299
1300    /**
1301     * SOAP security namespace.
1302     *
1303     * @supported.api
1304     */
1305    public static final String NS_SEC = "urn:liberty:sec:2003-08";
1306
1307    /**
1308     * SOAP utility namespace.
1309     *
1310     * @supported.api
1311     */
1312    public static final String NS_WSSE =
1313                         "http://schemas.xmlsoap.org/ws/2003/06/secext";
1314
1315    /**
1316     * Liberty security namespace.
1317     *
1318     * @supported.api
1319     */
1320    public static final String NS_WSU =
1321                        "http://schemas.xmlsoap.org/ws/2003/06/utility";
1322
1323    /**
1324     * String that identifies wsu prefix.
1325     */
1326    public static final String PREFIX_WSU = "wsu";
1327
1328    /**
1329     * String that identifies ds prefix.
1330     */
1331    public static final String PREFIX_DS = "ds";
1332
1333    /**
1334     * String that identifies tag name "SecurityTokenReference".
1335     */
1336    public static final String TAG_SECURITYTOKENREFERENCE =
1337                        "SecurityTokenReference";
1338
1339    /**
1340     * String that identifies tag xmlns.
1341     */
1342    public static final String TAG_XMLNS = "xmlns";
1343
1344    /**
1345     * String that identifies "xmlns:sec".
1346     */
1347    public static final String TAG_XMLNS_SEC = "xmlns:sec";
1348
1349    /**
1350     * Usage tag name.
1351     */
1352    public static final String TAG_USAGE = "Usage";
1353
1354    /**
1355     * MessageAuthentication tag name with namespace prefix.
1356     */
1357    public static final String TAG_SEC_MESSAGEAUTHENTICATION =
1358                        "sec:MessageAuthentication";
1359
1360    /**
1361     * Tag name for <code>BinarySecurityToken</code> with namespace prefix.
1362     */
1363    public static final String TAG_WSSE_BINARYSECURITYTOKEN =
1364                        "wsse:BinarySecurityToken";
1365
1366    /**
1367     * Tag name for <code>Security</code>.
1368     */
1369    public static final String TAG_SECURITY = "Security";
1370
1371    /**
1372     * Tag name for <code>AssertionIDReference</code>.
1373     */
1374    public static final String TAG_ASSERTIONIDREFERENCE =
1375                        "AssertionIDReference";
1376
1377    /**
1378     * Tag name for <code>Assertion</code>.
1379     */
1380    public static final String TAG_ASSERTION = "Assertion";
1381
1382    /**
1383     * String that identifies <code>AssertionID</code>.
1384     */
1385    public static final String TAG_ASSERTION_ID = "AssertionID";
1386
1387    /**
1388     * Tag name for <code>BinarySecurityToken</code>.
1389     */
1390    public static final String BINARYSECURITYTOKEN = "BinarySecurityToken";
1391
1392    /**
1393     * Tag name for "Id".
1394     */
1395    public static final String TAG_ID = "Id";
1396
1397    /**
1398     * Tag name for <code>Reference</code>.
1399     */
1400    public static final String TAG_REFERENCE = "Reference";
1401
1402    /**
1403     * Tag name for <code>URI</code>.
1404     */
1405    public static final String TAG_URI = "URI";
1406
1407    /**
1408     * Tag name for <code>ValueType</code>.
1409     */
1410    public static final String TAG_VALUETYPE = "ValueType";
1411
1412    /**
1413     * Tag name for <code>KeyInfo</code>.
1414     */
1415    public static final String TAG_KEYINFO = "KeyInfo";
1416
1417    /**
1418     * Tag name for <code>KeyName</code>.
1419     */
1420    public static final String TAG_KEYNAME = "KeyName";
1421
1422    /**
1423     * Tag name for <code>KeyValue<code>.
1424     */
1425    public static final String TAG_KEYVALUE = "KeyValue";
1426
1427    /**
1428     * Tag name for <code>PKCS7</code> with wsse namespace prefix.
1429     */
1430    public static final String TAG_PKCS7 = "wsse:PKCS7";
1431
1432    /**
1433     * Tag name for <code>X509Data</code>.
1434     */
1435    public static final String TAG_X509DATA = "X509Data";
1436
1437    /**
1438     * Tag name for <code>X509Certificate</code>.
1439     */
1440    public static final String TAG_X509CERTIFICATE = "X509Certificate";
1441
1442    /**
1443     * Beginning of certificate string.
1444     */
1445    public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----\n";
1446
1447    /**
1448     * End of certificate string.
1449     */
1450    public static final String END_CERT    = "\n-----END CERTIFICATE-----";
1451
1452    /**
1453     * <code>DSAKeyValue</code> tag name.
1454     */
1455    public static final String TAG_DSAKEYVALUE = "DSAKeyValue";
1456
1457    /**
1458     * <code>RSAKeyValue</code> tag name.
1459     */
1460    public static final String TAG_RSAKEYVALUE = "RSAKeyValue";
1461
1462    /**
1463     * Attribute which identifies certificate alias of this site.
1464     * This value is configured through <code>AMConfig.properties</code>.
1465     */
1466    public static final String MYCERTALIAS =
1467                        "com.sun.identity.saml.xmlsig.certalias";
1468    
1469    /**
1470     * User Name attribute key in the Attribute Map.
1471     */
1472    public static final String USER_NAME = "USER_NAME";
1473
1474    /**
1475     * SAML component name to be used to get datastore provider.
1476     */
1477    public static final String SAML = "saml";
1478    /**
1479     * SAML component default name space.
1480     */
1481    public static final String ATTR_NAME_SPACE =
1482        "urn:com:sun:identity:attrnamespace";
1483
1484    public static final String TAG_USERNAME_TOKEN = "UsernameToken";
1485    /**
1486     * Keyname for escaping special characters in <code>AttributeValue</code>.
1487     * If true, escaping special characters. Otherwise, will not. Default 
1488     * value is "true". 
1489     */
1490    public static final String ESCAPE_ATTR_VALUE = 
1491        "com.sun.identity.saml.escapeattributevalue";
1492    
1493    /**
1494     * HTTP POST binding.
1495     */
1496    public static final String HTTP_POST = "HTTP-POST";
1497
1498    /**
1499     * HTTP Redirect binding.
1500     */
1501    public static final String HTTP_REDIRECT = "HTTP-Redirect";
1502
1503    /**
1504     * Property to identity the HTTP binding for displaying error page.
1505     */
1506    public static final String ERROR_PAGE_HTTP_BINDING =
1507                       "com.sun.identity.saml.errorpage.httpbinding";
1508
1509    /**
1510     * Property to identify the error page url.
1511     */
1512    public static final String ERROR_PAGE_URL =
1513                       "com.sun.identity.saml.errorpage.url";
1514    /**
1515     * Default error page url.
1516     */
1517    public static final String DEFAULT_ERROR_PAGE_URL =
1518                                "/saml2/jsp/saml2error.jsp";
1519    /**
1520     * HTTP status code.
1521     */
1522    public static final String HTTP_STATUS_CODE = "httpstatuscode";
1523
1524    /**
1525     * Error message.
1526     */
1527    public static final String ERROR_MESSAGE = "errormessage";
1528
1529    /**
1530     * Error code.
1531     */
1532    public static final String ERROR_CODE = "errorcode";
1533
1534        /**
1535         * Accept Language HTTP header
1536         */
1537        public static final String ACCEPT_LANG_HEADER = "Accept-Language";
1538}