001/* 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: SAMLConstants.java,v 1.17 2009/06/12 22:21:39 mallas Exp $ 026 * 027 * Portions Copyrighted 2010-2015 ForgeRock AS. 028 */ 029 030package com.sun.identity.saml.common; 031 032import java.util.HashSet; 033import java.util.Set; 034 035/** 036 * This is a common class defining some constants common to all SAML elements. 037 * 038 * @supported.api 039 */ 040public final class SAMLConstants 041{ 042 public static Set passwordAuthMethods = null; 043 public static Set tokenAuthMethods = null; 044 static { 045 passwordAuthMethods = new HashSet(); 046 passwordAuthMethods.add("nt"); 047 passwordAuthMethods.add("ldap"); 048 passwordAuthMethods.add("membership"); 049 passwordAuthMethods.add("anonymous"); 050 tokenAuthMethods = new HashSet(); 051 tokenAuthMethods.add("radius"); 052 } 053 054 /** 055 * String to identify a quote. 056 */ 057 public static final String QUOTE = "\""; 058 059 /** 060 * String to identify a new line charactor. 061 */ 062 public static final String NL = "\n"; 063 064 /** 065 * String to identify a left angle. 066 */ 067 public static final String LEFT_ANGLE = "<"; 068 069 /** 070 * String to identify a right angle. 071 */ 072 public static final String RIGHT_ANGLE = ">"; 073 074 /** 075 * String to identify "/>". 076 */ 077 public static final String END_ELEMENT = "/>"; 078 079 /** 080 * String to identify "</". 081 */ 082 public static final String START_END_ELEMENT = "</"; 083 084 /** 085 * String to identify a space charactor. 086 */ 087 public static final String SPACE = " "; 088 089 /** 090 * SAML assertion namespace URI. 091 * 092 * @supported.api 093 */ 094 public static final String assertionSAMLNameSpaceURI = 095 "urn:oasis:names:tc:SAML:1.0:assertion"; 096 /** 097 * SOAP 1.1 namespace URI. 098 * 099 * @supported.api 100 */ 101 public static final String SOAP_URI = 102 "http://schemas.xmlsoap.org/soap/envelope/"; 103 104 /** 105 * SOAP 1.2 namespace URI. 106 * 107 * @supported.api 108 */ 109 public static final String SOAP12_URI = 110 "http://www.w3.org/2003/05/soap-envelope"; 111 /** 112 * SOAP envelope prefix. 113 */ 114 public static final String SOAP_ENV_PREFIX = "soap-env"; 115 116 /** 117 * SAML request-response protocol namespace URI. 118 * 119 * @supported.api 120 */ 121 public static final String PROTOCOL_NAMESPACE_URI = 122 "urn:oasis:names:tc:SAML:1.0:protocol"; 123 124 /** 125 * XML Digital Signature namespace. 126 * 127 * @supported.api 128 */ 129 public static final String XMLSIG_NAMESPACE_URI = 130 "http://www.w3.org/2000/09/xmldsig#"; 131 132 /** 133 * Element name for xml signature. 134 */ 135 public static final String XMLSIG_ELEMENT_NAME = "Signature"; 136 137 /** 138 * Pointer to Signature name space. 139 */ 140 public static final String DSSAMLNameSpace = 141 "xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\""; 142 143 /** 144 * String which gets incorporated into 145 * <code>toString(includeNS, declareNS)</code> when 146 * <code>declareNS</code> is true for any assertion element. 147 */ 148 public static final String assertionDeclareStr = 149 " xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\""; 150 151 /** 152 * String used in the <code>toString(includeNS, declareNS)</code> method. 153 */ 154 public static final String PROTOCOL_NAMESPACE_STRING = 155 " xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\""; 156 157 /** 158 * <code>NameQualifier</code> in <code>NameIdetifier</code> for 159 * <code>X509SubjectName</code>. 160 */ 161 public static final String X509SUBJECTNAME = 162 assertionSAMLNameSpaceURI+"#X509SubjectName"; 163 164 /** 165 * String used in the <code>ActionNamespace</code> attribute to refer to 166 * common sets of actions to perform on resources. 167 * 168 * Title: Read/Write/Execute/Delete/Control 169 * Defined actions: <code>Read Write Execute Delete Control</code> 170 * These actions are interpreted in the normal manner, i.e. 171 * <ul> 172 * <li><code>Read</code>: The subject may read the resource </li> 173 * <li><code>Write</code>: The subject may modify the resource </li> 174 * <li><code>Execute</code>: The subject may execute the resource </li> 175 * <li><code>Delete</code>: The subject may delete the resource </li> 176 * <li><code>Control</code>: The subject may specify the access control 177 * policy for the resource.</li> 178 * </ul> 179 * 180 * @supported.api 181 */ 182 public static final String ACTION_NAMESPACE = 183 "urn:oasis:names:tc:SAML:1.0:action:rwedc"; 184 185 /** 186 * String used in the <code>ActionNamespace</code> attribute to refer to 187 * common sets of actions to perform on resources. 188 * 189 * Title: Read/Write/Execute/Delete/Control with Negation 190 * Defined actions: 191 * <code>Read Write Execute Delete Control ~Read ~Write ~Execute ~Delete 192 * ~Control</code> 193 * <ul> 194 * <li><code>Read</code>: The subject may read the resource </li> 195 * <li><code>Write</code>: The subject may modify the resource </li> 196 * <li><code>Execute</code>: The subject may execute the resource </li> 197 * <li><code>Delete</code>: The subject may delete the resource </li> 198 * <li><code>Control</code>: The subject may specify the access control 199 * policy for the resource </li> 200 * <li><code>~Read</code>: The subject may NOT read the resource </li> 201 * <li><code>~Write</code>: The subject may NOT modify the resource </li> 202 * <li><code>~Execute</code>: The subject may NOT execute the resource </li> 203 * <li><code>~Delete</code>: The subject may NOT delete the resource </li> 204 * <li><code>~Control</code>: The subject may NOT specify the access 205 * control policy for the resource </li> 206 * </ul> 207 * An application MUST NOT authorize both an action and its negated form. 208 * 209 * @supported.api 210 */ 211 public static final String ACTION_NAMESPACE_NEGATION = 212 "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation"; 213 214 /** 215 * String used in the <code>ActionNamespace</code> attribute to refer to 216 * common sets of actions to perform on resources. 217 * 218 * Title: <code>Get/Head/Put/Post</code> 219 * Defined actions: 220 * <code>GET HEAD PUT POST</code> 221 * These actions bind to the corresponding HTTP operations. For example a 222 * subject authorized to perform the GET action on a resource is authorized 223 * to retrieve it. The GET and HEAD actions loosely correspond to the 224 * conventional read permission and the PUT and POST actions to the write 225 * permission. The correspondence is not exact however since a HTTP GET 226 * operation may cause data to be modified and a POST operation may cause 227 * modification to a resource other than the one specified in the request. 228 * For this reason a separate Action URI specifier is provided. 229 * 230 * @supported.api 231 */ 232 public static final String ACTION_NAMESPACE_GHPP = 233 "urn:oasis:names:tc:SAML:1.0:ghpp"; 234 235 /** 236 * String used in the <code>ActionNamespace<code> attribute to refer to 237 * common sets of actions to perform on resources. 238 * 239 * Title: UNIX File Permissions 240 * Defined actions: 241 * The defined actions are the set of UNIX file access permissions 242 * expressed in the numeric (octal) notation. The action string is a four 243 * digit numeric code: extended user group world 244 * Where the extended access permission has the value 245 * <ul> 246 * <li><code>+2 if sgid is set</code> 247 * <li><code>+4 if suid is set</code> 248 * The user group and world access permissions have the value 249 * <li><code>+1 if execute permission is granted</code> 250 * <li><code>+2 if write permission is granted</code> 251 * <li><code>+4 if read permission is granted</code> 252 * For example 0754 denotes the UNIX file access permission: user read, 253 * write and execute, group read and execute and world read. 254 * 255 * @supported.api 256 */ 257 public static final String ACTION_NAMESPACE_UNIX = 258 "urn:oasis:names:tc:SAML:1.0:action:unix"; 259 260 /** 261 * saml namespace prefix with ":". 262 */ 263 public static final String ASSERTION_PREFIX = "saml:"; 264 265 /** 266 * samlp namespace prefix with ":". 267 */ 268 public static final String PROTOCOL_PREFIX = "samlp:"; 269 270 /** 271 * Assertion version 1.0. 272 */ 273 public static final String ASSERTION_VERSION_1_0 = "1.0"; 274 275 /** 276 * Assertion version 1.1. 277 */ 278 public static final String ASSERTION_VERSION_1_1 = "1.1"; 279 280 /** 281 * Major version of assertion. 282 */ 283 public static final int ASSERTION_MAJOR_VERSION = 1; 284 /** 285 * Default Assertion minor version. 286 */ 287 public static int ASSERTION_MINOR_VERSION = 1; 288 289 /** 290 * Assertion minor version 0. 291 */ 292 public static final int ASSERTION_MINOR_VERSION_ZERO = 0; 293 294 /** 295 * Assertion minor version 1. 296 */ 297 public static final int ASSERTION_MINOR_VERSION_ONE = 1; 298 299 /** 300 * Protocol version 1.0. 301 */ 302 public static final String PROTOCOL_VERSION_1_0 = "1.0"; 303 304 /** 305 * Protocol version 1.1. 306 */ 307 public static final String PROTOCOL_VERSION_1_1 = "1.1"; 308 309 /** 310 * Protocol major version 1. 311 */ 312 public static final int PROTOCOL_MAJOR_VERSION = 1; 313 314 /** 315 * Default protocol minor version 1. 316 */ 317 public static int PROTOCOL_MINOR_VERSION = 1; 318 319 /** 320 * Protocol minor version 0. 321 */ 322 public static final int PROTOCOL_MINOR_VERSION_ZERO = 0; 323 324 /** 325 * Protocol minor version 1. 326 */ 327 public static final int PROTOCOL_MINOR_VERSION_ONE = 1; 328 329 /** 330 * Assertion handle, request id, and response id have this length. 331 * If server id cannot be found, assertion id has this length also. 332 * request id, response id, and assertion id will be base64 encoded for 333 * printing. 334 */ 335 public static final int ID_LENGTH = 20; 336 337 /** 338 * Length for server id. Used in load balancing. 339 */ 340 public static final int SERVER_ID_LENGTH = 2; 341 342 /** 343 * Default encoding used in the xml string conversion. 344 */ 345 public static final String DEFAULT_ENCODING = "UTF-8"; 346 347 /** 348 * SAML artifact confirmation method identifier URI. 349 * 350 * @supported.api 351 */ 352 public static String CONFIRMATION_METHOD_ARTIFACT = 353 "urn:oasis:names:tc:SAML:1.0:cm:artifact"; 354 355 /** 356 * Deprecated SAML Artifact confirmation method identifier URI. 357 * 358 * @supported.api 359 */ 360 public static final String DEPRECATED_CONFIRMATION_METHOD_ARTIFACT = 361 "urn:oasis:names:tc:SAML:1.0:cm:artifact-01"; 362 363 /** 364 * OpenAM confirmation method identifier URI. 365 * 366 * @supported.api 367 */ 368 public static final String CONFIRMATION_METHOD_IS = 369 "urn:com:sun:identity"; 370 371 /** 372 * SAML Bearer confirmation method identifier URI. 373 * 374 * @supported.api 375 */ 376 public static final String CONFIRMATION_METHOD_BEARER = 377 "urn:oasis:names:tc:SAML:1.0:cm:bearer"; 378 379 /** 380 * SAML "Holder of Key" confirmation method identifier URI. 381 * 382 * @supported.api 383 */ 384 public static final String CONFIRMATION_METHOD_HOLDEROFKEY = 385 "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key"; 386 387 /** 388 * SAML "Sender Vouches" confirmation method identifier URI. 389 * 390 * @supported.api 391 */ 392 public static final String CONFIRMATION_METHOD_SENDERVOUCHES = 393 "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches"; 394 395 // used by SAML service schema related operations 396 397 /** 398 * SAML service name. 399 */ 400 public static final String SAML_SERVICE_NAME = "SAML1"; 401 402 /** 403 * 1.0 version of SAML service. 404 */ 405 public static final String SAML_SERVICE_VERSION = "1.0"; 406 407 /** 408 * SAML service attribute that specifies time skew for not before attribute 409 * in assertion. 410 */ 411 public static final String NOTBEFORE_TIMESKEW_NAME = 412 "iplanet-am-saml-notbefore-timeskew"; 413 414 /** 415 * SAML service attribute that specifies artifact timeout period. 416 */ 417 public static final String ARTIFACT_TIMEOUT_NAME = 418 "iplanet-am-saml-artifact-timeout"; 419 420 /** 421 * SAML service attribute that specifies assertion timeout period. 422 */ 423 public static final String ASSERTION_TIMEOUT_NAME = 424 "iplanet-am-saml-assertion-timeout"; 425 426 /** 427 * SAML service attribute that specifies whether needs to remove 428 * assertion after it's being dereferenced or not. 429 */ 430 public static final String REMOVE_ASSERTION_NAME = 431 "com.sun.identity.saml.removeassertion"; 432 433 /** 434 * Default not before time skew. It's in seconds. 435 */ 436 public static final int NOTBEFORE_TIMESKEW_DEFAULT = 300; 437 438 /** 439 * Default artifact timeout period. It's in seconds. 440 */ 441 public static final int ARTIFACT_TIMEOUT_DEFAULT = 120; 442 443 /** 444 * Default assertion timeout period. It's in seconds. 445 */ 446 public static final int ASSERTION_TIMEOUT_DEFAULT = 60; 447 448 /** 449 * SAML service attribute that specifies list of saml site IDs. 450 */ 451 public static final String SITE_ID_LIST = "iplanet-am-saml-siteid-list"; 452 453 /** 454 * SAML service attribute that specifies list of instances. 455 */ 456 public static final String INSTANCE_LIST = "iplanet-am-saml-instance-list"; 457 458 /** 459 * This site's ID. 460 */ 461 public static final String SITE_ID = "mysiteid"; 462 463 /** 464 * SAML service attribute that specifies list of issuer names. 465 */ 466 public static final String ISSUER_NAME_LIST = 467 "iplanet-am-saml-issuername-list"; 468 469 /** 470 * This site's issuer name. 471 */ 472 public static final String ISSUER_NAME = "mysitename"; 473 474 /** 475 * SAML service attribute name for list of site ID and issuer names. 476 */ 477 public static final String SITE_ID_ISSUER_NAME_LIST = 478 "iplanet-am-saml-siteid-issuername-list"; 479 480 /** 481 * Constant for instance id. 482 */ 483 public static final String INSTANCEID = "INSTANCEID"; 484 485 /** 486 * Constant for site id. 487 */ 488 public static final String SITEID = "SITEID"; 489 490 /** 491 * Constant for issuer name. 492 */ 493 public static final String ISSUERNAME = "ISSUERNAME"; 494 495 /** 496 * SAML service attribute that specifies site's certificate alias. 497 */ 498 public static final String SITE_CERT_ALIAS = 499 "iplanet-am-saml-sitecertalias"; 500 501 /** 502 * SAML service attribute that specifies whether to sign a request or not. 503 */ 504 public static final String SIGN_REQUEST = 505 "iplanet-am-saml-signrequest"; 506 507 /** 508 * Default is to not sign request. 509 */ 510 public static final String SIGN_REQUEST_DEFAULT = "false"; 511 512 /** 513 * SAML service attribute that specifies whether to sign a response or not. 514 */ 515 public static final String SIGN_RESPONSE = 516 "iplanet-am-saml-signresponse"; 517 518 /** 519 * Default is to not sign response. 520 */ 521 public static final String SIGN_RESPONSE_DEFAULT = "false"; 522 523 /** 524 * SAML service attribute that specifies whether to sign an assertion 525 * or not. 526 */ 527 public static final String SIGN_ASSERTION = 528 "iplanet-am-saml-signassertion"; 529 530 /** 531 * Default is to not sign the assertion. 532 */ 533 public static final String SIGN_ASSERTION_DEFAULT = "false"; 534 535 /** 536 * SAML service attribute that specifies the name for artifact. 537 */ 538 public static final String ARTIFACT_NAME = "iplanet-am-saml-artifact-name"; 539 540 /** 541 * SAML service attribute that specifies the name id format attribute map. 542 */ 543 public static final String NAME_ID_FORMAT_MAP = 544 "iplanet-am-saml-name-id-format-attr-map"; 545 546 /** 547 * SAML service attribute that specifies the attribute map. 548 */ 549 public static final String ATTRIBUTE_MAP = 550 "iplanet-am-saml-attr-map"; 551 552 /** 553 * Default SAML artifact name. 554 * 555 * @supported.api 556 */ 557 public static final String ARTIFACT_NAME_DEFAULT = "SAMLart" ; 558 559 /** 560 * SAML service attribute that specifies target parameter. 561 */ 562 public static final String TARGET_SPECIFIER = 563 "iplanet-am-saml-target-specifier" ; 564 565 /** 566 * Default parameter for target. 567 */ 568 public static final String TARGET_SPECIFIER_DEFAULT = "TARGET" ; 569 570 /** 571 * SAML service attribute that specifies list of trusted partners. 572 * A sample trusted server list entry is like 573 * target=.iplanet.com:8080| 574 * SAMLUrl=http://dsame.red.iplanet.com:8080/amserver/SAMLAwareServlet| 575 * POSTUrl=http://dsame.red.iplanet.com:8080/amserver/SAMLPOSTProfileServlet 576 */ 577 public static final String TRUSTED_SERVER_LIST = 578 "iplanet-am-saml-trusted-server-list"; 579 580 /** 581 * SAML service attribute that specifies partner urls. 582 * A sample Parter URL list entry is like: 583 * SourceID=encoded 20 bytes| 584 * SOAPUrl=http://dsame2.red.iplanet.com:8080/amserver/SAMLSOAPReceiver 585 */ 586 public static final String PARTNER_URLS = "iplanet-am-saml-partner-urls"; 587 588 /** 589 * Constants for target. 590 */ 591 public static final String TARGET = "TARGET"; 592 593 /** 594 * Constants for url which handles saml web browser artifact profile. 595 */ 596 public static final String SAMLURL = "SAMLURL"; 597 598 /** 599 * Constants for url which handles saml web browser post profile. 600 */ 601 public static final String POSTURL = "POSTURL"; 602 603 604 /** 605 * A SAML service attribute parameter. The 20-byte sequence defined as in 606 * the SiteID and Issuer name. 607 * 608 * @supported.api 609 */ 610 public static final String SOURCEID = "SOURCEID"; 611 612 /** 613 * A SAML service attribute parameter that defines partner's name. 614 * 615 * iPlanet-PUBLIC-STATIC 616 */ 617 public static final String PARTNERNAME = "PARTNERNAME"; 618 619 /** 620 * A SAML service attribute parameter that defines the URL that provides 621 * the SAML service. The servlet specified in the URL implements the 622 * Web-browser SSO with Artifact profile defined in the OASIS-SAML 623 * Bindings and Profiles specification. 624 * 625 * @supported.api 626 */ 627 public static final String SOAPUrl = "SOAPURL"; 628 629 /** 630 * A SAML service attribute parameter that defines the authentication type 631 * used in SAML. It should be one of the following: 632 * NOAUTH 633 * BASICAUTH 634 * SSL 635 * SSLWITHBASICAUTH 636 * This parameter is optional, and if not specified, the default is NOAUTH. 637 * If BASICAUTH or SSLWITHBASICAUTH is specified, the User parameter is 638 * require and the SOAPUrl should be HTTPS. 639 * 640 * @supported.api 641 */ 642 public static final String AUTHTYPE = "AUTHTYPE"; 643 644 /** 645 * A SAML service attribute parameter that defines the uid of the partner 646 * which is used to protect the partner's SOAP Receiver 647 * 648 * @supported.api 649 */ 650 public static final String UID = "USER"; 651 652 /** 653 * A SAML service attribute parameter that defines the user id of the 654 * partner which is used for Basic Authentication. 655 * 656 * @supported.api 657 */ 658 public static final String AUTH_UID = "AUTHUSER"; 659 660 /** 661 * A SAML service attribute parameter that defines the password of the 662 * partner which is used for Basic Authentication. 663 * 664 * @supported.api 665 */ 666 public static final String AUTH_PASSWORD = "AUTHPASSWORD"; 667 668 /** 669 * A SAML service attribute parameter that specifies a pluggable class 670 * which defines how the subject of an Assertion is related to an identity 671 * at the destination site. By default, it is: 672 * com.sun.identity.saml.plugins.DefaultAccountMapper 673 * 674 * @supported.api 675 */ 676 public static final String ACCOUNTMAPPER = "ACCOUNTMAPPER"; 677 678 /** 679 * A SAML service attribute parameter that specifies a pluggable class 680 * which defines how the subject of an Assertion is related to an identity 681 * at the destination site and a target URL. By default, it is: 682 * com.sun.identity.saml.plugins.DefaultPartnerAccountMapper 683 * 684 * @supported.api 685 */ 686 public static final String PARTNERACCOUNTMAPPER = "PARTNERACCOUNTMAPPER"; 687 688 /** 689 * A SAML service attribute parameter that specifies the class with the 690 * path where the siteAttributeMapper is located. Applications can develop 691 * a siteAttributeMapper to obtain attributes to be included in the 692 * assertion during SSO. If no siteAttributeMapper is found, then no 693 * attributes will be included in the assertion during SSO. 694 * 695 * @supported.api 696 */ 697 public static final String SITEATTRIBUTEMAPPER = "siteattributemapper"; 698 public static final String SITEATTRIBUTEMAPPERDEFAULT = 699 "com.sun.identity.saml.plugins.DefaultSiteAttributeMapper"; 700 701 /** 702 * A SAML service attribute parameter that specifies the class with the 703 * path where the partnerSiteAttributeMapper is located. Applications can 704 * develop a partnerSiteAttributeMapper to obtain attributes to be included 705 * in the assertion during SSO based on target URL. If no 706 * partnerSiteAttributeMapper is found, then no attributes will be included 707 * in the assertion during SSO. 708 * 709 * @supported.api 710 */ 711 public static final String PARTNERSITEATTRIBUTEMAPPER = 712 "partnersiteattributemapper"; 713 714 715 /** 716 * A SAML service attribute parameter that specifies the class with the 717 * path where the nameIdentifierMapper is located. Applications can develop 718 * a nameIdentifierMapper to obtain a name identifier to be included in the 719 * assertion during SSO. If no nameIdentifierMapper is found, then a 720 * default implementation will be used. 721 * 722 * @supported.api 723 */ 724 public static final String NAMEIDENTIFIERMAPPER = "nameidentifiermapper"; 725 726 /** 727 * A SAML service attribute parameter that lists the IP addresses and/or 728 * the certAlias for all of the hosts, within the specified partner site, 729 * that can send requests to this site. This ensures that the requester is 730 * indeed the intended receiver for the SAML artifact. 731 * 732 * @supported.api 733 */ 734 public static final String HOST_LIST = "hostlist"; 735 736 /** 737 * A POST attribute name that specifies an assertion. 738 * 739 * @supported.api 740 */ 741 public static final String POST_ASSERTION_NAME = "ASSERTION"; 742 743 /** 744 * A POST attribute name that specifies attribute names of an assertion. 745 * 746 * @supported.api 747 */ 748 public static final String POST_ATTR_NAMES = "ATTRIBUTENAMES"; 749 750 /** 751 * A SAML service attribute parameter that specifies a certAlias name used 752 * for verifying the signature in an assertion, when the assertion is 753 * signed by a partner and the certificate of the partner can not be found 754 * in the KeyInfo portion of the signed assertion. 755 * 756 * @supported.api 757 */ 758 public static final String CERTALIAS = "CERTALIAS"; 759 760 /** 761 * A SAML service attribute parameter that defines the creator of an 762 * assertion generated within OpenAM. The syntax is 763 * hostname:port. 764 * 765 * @supported.api 766 */ 767 public static final String ISSUER = "ISSUER"; 768 769 /** 770 * A SAML service attribute parameter that specifies the class with the 771 * path to where the attributeMapper is located. Applications can develop 772 * an attributeMapper to obtain either an Session ID or an assertion 773 * containing AuthenticationStatement from the query. The mapper is then 774 * used to retrieve the attributes for the subject. If no attributeMapper 775 * is specified, DefaultAttributeMapper will be used. 776 * 777 * @supported.api 778 */ 779 public static final String ATTRIBUTEMAPPER = "ATTRIBUTEMAPPER"; 780 781 /** 782 * A SAML service attribute parameter that specifies the class with the 783 * path to where the actionMapper is located. Applications can develop an 784 * actionMapper to obtain either an Session ID or an assertion containing 785 * AuthenticationStatement from the query. The mapper is then used to 786 * retrieve the authorization decisions for the actions defined in the 787 * query. If no actionMapper is specified, DefaultActionMapper will be 788 * used. 789 * 790 * @supported.api 791 */ 792 public static final String ACTIONMAPPER = "ACTIONMAPPER"; 793 794 /** 795 * A SAML service attribute parameter that specifies SAML version 796 * 797 * @supported.api 798 */ 799 public static final String VERSION = "VERSION"; 800 801 /** 802 * SAML service attribute that specifies action service mapping. 803 */ 804 public static final String ACTION_SERVICE_MAPPING = 805 "iplanet-am-saml-action-service-mapping"; 806 807 /** 808 * SAML service attribute that specifies POST to Target URLs. 809 */ 810 public static final String POST_TO_TARGET_URLS = 811 "iplanet-am-saml-post-to-target-urls"; 812 813 /** 814 * SAML service attribute that specifies maximum number of assertions 815 * the server can have at a given time. 816 */ 817 public static final String ASSERTION_MAX_NUMBER_NAME = 818 "iplanet-am-saml-assertion-max-number"; 819 /** 820 * Default maximum number of assertions of the server. It means no limit. 821 */ 822 public static final int ASSERTION_MAX_NUMBER_DEFAULT = 0; 823 824 /** 825 * SAML service attribute that specifies server clean up interval. 826 */ 827 public static final String CLEANUP_INTERVAL_NAME = 828 "iplanet-am-saml-cleanup-interval"; 829 /** 830 * System property name that specifies cleanup interval for internal 831 * cache, such as assertions, artifacts and keystore etc. 832 * This property is mapped to the CLEANUP_INTERVAL_NAME attribute in 833 * SAML service on the server side. 834 */ 835 public static final String CLEANUP_INTERVAL_PROPERTY = 836 "com.sun.identity.saml.cleanup.interval"; 837 838 /** 839 * Default server cleanup interval. It is in seconds. 840 */ 841 public static final int CLEANUP_INTERVAL_DEFAULT = 180; 842 843 /** 844 * Kerberos authentication method. 845 */ 846 public static final String AUTH_METHOD_KERBEROS = "Kerberos"; 847 848 /** 849 * Certificate authentication method. 850 */ 851 public static final String AUTH_METHOD_CERT = "Cert"; 852 853 /** 854 * Certificate authentication method URI. 855 */ 856 public static final String AUTH_METHOD_CERT_URI = "urn:ietf:rfc:2246"; 857 858 /** 859 * Password authentication method URI. 860 */ 861 public static final String AUTH_METHOD_PASSWORD_URI = 862 "urn:oasis:names:tc:SAML:1.0:am:password"; 863 864 /** 865 * Hardware token authentication method uri. 866 */ 867 public static final String AUTH_METHOD_HARDWARE_TOKEN_URI = 868 "urn:oasis:names:tc:SAML:1.0:am:HardwareToken"; 869 870 /** 871 * Kerberos authentication method uri. 872 */ 873 public static final String AUTH_METHOD_KERBEROS_URI = "urn:ietf:rfc:1510"; 874 875 /** 876 * Private authentication method prefix. 877 */ 878 public static final String AUTH_METHOD_URI_PREFIX = 879 "urn:com:sun:identity:"; 880 881 /** 882 * SAML service attribute which identifies basic authentication user. 883 */ 884 public static final String USER = "iplanet-am-saml-user"; 885 886 /** 887 * SAML service attribute which identifies basic authentication password. 888 */ 889 public static final String PASSWORD="iplanet-am-saml-password"; 890 891 /** 892 * A SAML authentication type that uses HTTP protocol and username/password 893 * 894 * @supported.api 895 */ 896 public static final String BASICAUTH= "BASICAUTH"; 897 898 /** 899 * A SAML authentication type that uses HTTPS protocol and 900 * username/password 901 * 902 * @supported.api 903 */ 904 public static final String SSLWITHBASICAUTH = "SSLWITHBASICAUTH"; 905 906 /** 907 * A SAML authentication type that uses HTTP protocol 908 * 909 * @supported.api 910 */ 911 public static final String NOAUTH = "NOAUTH"; 912 913 /** 914 * A SAML authentication type that uses HTTPS protocol 915 * 916 * @supported.api 917 */ 918 public static final String SSL = "SSL"; 919 920 /** 921 * Parameter for Name Identifier format used in SAML web browser post 922 * profile and SAML web browser artifact profile. 923 */ 924 public static final String NAME_ID_FORMAT="NameIDFormat"; 925 926 /** 927 * Constant for servlet which does SAML web browser artifact profile. 928 */ 929 public static final String SAML_AWARE_NAMING="samlawareservlet"; 930 931 /** 932 * Constant for endpoint which accepts SOAP request. 933 */ 934 public static final String SAML_SOAP_NAMING="samlsoapreceiver"; 935 936 /** 937 * Constant for servlet which does SAML web browser post profile. 938 */ 939 public static final String SAML_POST_NAMING="samlpostservlet"; 940 941 /** 942 * Constant for process which handles all assertion related requests. 943 */ 944 public static final String SAML_AM_NAMING = "samlassertionmanager"; 945 946 /** 947 * Parameter for SAML response used in SAML web browser post profile. 948 */ 949 public static final String POST_SAML_RESPONSE_PARAM = "SAMLResponse"; 950 951 /** 952 * Parameter for SAML TARGET. 953 */ 954 public static final String POST_TARGET_PARAM = "TARGET"; 955 956 // for SAMLPOSTProfileServlet 957 958 /** 959 * Constant which identifies source site. 960 */ 961 public static final String SOURCE_SITE_SOAP_ENTRY = "sourceSite"; 962 963 /** 964 * Constant for assertion parameter. 965 */ 966 public static final String POST_ASSERTION = "assertion"; 967 968 /** 969 * Constant for subject. 970 */ 971 public static final String SUBJECT = "subject"; 972 973 /** 974 * Success status code. 975 */ 976 public static final String STATUS_CODE_SUCCESS = "samlp:Success"; 977 978 /** 979 * Success status code with no namespace prefix. 980 */ 981 public static final String STATUS_CODE_SUCCESS_NO_PREFIX = ":Success"; 982 983 /** 984 * http protocol. 985 */ 986 public static final String HTTP="http"; 987 988 /** 989 * https protocol. 990 */ 991 public static final String HTTPS="https"; 992 993 // Used for xml digital signing 994 public static final String CANONICALIZATION_METHOD = 995 "com.sun.identity.saml.xmlsig.c14nMethod"; 996 public static final String TRANSFORM_ALGORITHM= 997 "com.sun.identity.saml.xmlsig.transformAlg"; 998 public static final String XMLSIG_ALGORITHM = 999 "com.sun.identity.saml.xmlsig.xmlSigAlgorithm"; 1000 public static final String JKS_KEY_PROVIDER = 1001 "com.sun.identity.saml.xmlsig.JKSKeyProvider"; 1002 public static final String KEY_PROVIDER_IMPL_CLASS = 1003 "com.sun.identity.saml.xmlsig.keyprovider.class"; 1004 public static final String SIGNATURE_PROVIDER_IMPL_CLASS = 1005 "com.sun.identity.saml.xmlsig.signatureprovider.class"; 1006 public static final String AM_SIGNATURE_PROVIDER = 1007 "com.sun.identity.saml.xmlsig.AMSignatureProvider"; 1008 1009 // constants for XML Signature SignatureMethodURI 1010 1011 /** 1012 * MAC Algorithm HMAC-SHA1 URI - Required. 1013 * 1014 * @supported.api 1015 */ 1016 public static final String ALGO_ID_MAC_HMAC_SHA1 = 1017 "http://www.w3.org/2000/09/xmldsig#hmac-sha1"; 1018 1019 /** 1020 * Signature Algorithm DSAwithSHA1 URI - Required. 1021 * 1022 * @supported.api 1023 */ 1024 public static final String ALGO_ID_SIGNATURE_DSA = 1025 "http://www.w3.org/2000/09/xmldsig#dsa-sha1"; 1026 1027 /** 1028 * Signature Algorithm RSAwithSHA1 URI - Recommended. 1029 * 1030 * @supported.api 1031 */ 1032 public static final String ALGO_ID_SIGNATURE_RSA = 1033 "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; 1034 /** 1035 * Signature Algorithm RSAwithSHA1 URI. 1036 * 1037 * @supported.api 1038 */ 1039 public static final String ALGO_ID_SIGNATURE_RSA_SHA1 = 1040 "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; 1041 1042 /** 1043 * Signature Algorithm RSA-MD5 URI. 1044 * 1045 * @supported.api 1046 */ 1047 public static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 = 1048 "http://www.w3.org/2001/04/xmldsig-more#rsa-md5"; 1049 1050 /** 1051 * Signature Algorithm RSA-RIPEMD160 URI. 1052 * 1053 * @supported.api 1054 */ 1055 public static final String ALGO_ID_SIGNATURE_RSA_RIPEMD160 = 1056 "http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"; 1057 1058 /** 1059 * Signature Algorithm RSA-SHA256 URI. 1060 * 1061 * @supported.api 1062 */ 1063 public static final String ALGO_ID_SIGNATURE_RSA_SHA256 = 1064 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; 1065 1066 /** 1067 * Signature Algorithm RSA-SHA384 URI. 1068 * 1069 * @supported.api 1070 */ 1071 public static final String ALGO_ID_SIGNATURE_RSA_SHA384 = 1072 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"; 1073 1074 /** 1075 * Signature Algorithm RSA-SHA512 URI. 1076 * 1077 * @supported.api 1078 */ 1079 public static final String ALGO_ID_SIGNATURE_RSA_SHA512 = 1080 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"; 1081 1082 /** 1083 * MAC Algorithm HMAC-MD5 URI. 1084 * 1085 * @supported.api 1086 */ 1087 public static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 = 1088 "http://www.w3.org/2001/04/xmldsig-more#hmac-md5"; 1089 1090 /** 1091 * MAC Algorithm HMAC-RIPEMD160 URI. 1092 * 1093 * @supported.api 1094 */ 1095 public static final String ALGO_ID_MAC_HMAC_RIPEMD160 = 1096 "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"; 1097 1098 /** 1099 * MAC Algorithm HMAC-SHA256 URI. 1100 * 1101 * @supported.api 1102 */ 1103 public static final String ALGO_ID_MAC_HMAC_SHA256 = 1104 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"; 1105 1106 /** 1107 * MAC Algorithm HMAC-SHA384 URI. 1108 * 1109 * @supported.api 1110 */ 1111 public static final String ALGO_ID_MAC_HMAC_SHA384 = 1112 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"; 1113 1114 /** 1115 * MAC Algorithm HMAC-SHA512 URI. 1116 * 1117 * @supported.api 1118 */ 1119 public static final String ALGO_ID_MAC_HMAC_SHA512 = 1120 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"; 1121 1122 /** 1123 * Attribute that identifies server protocol in 1124 * <code>AMConfig.properties</code> file. 1125 */ 1126 public static final String SERVER_PROTOCOL = 1127 "com.iplanet.am.server.protocol"; 1128 1129 /** 1130 * Attribute that identifies server host in 1131 * <code>AMConfig.properties</code> file. 1132 */ 1133 public static final String SERVER_HOST = "com.iplanet.am.server.host"; 1134 1135 /** 1136 * Attribute that identifies server port in 1137 * <code>AMConfig.properties</code> file. 1138 */ 1139 public static final String SERVER_PORT = "com.iplanet.am.server.port"; 1140 1141 /** 1142 * Attribute that identifies server port in 1143 * <code>AMConfig.properties</code> file. 1144 */ 1145 public static final String SERVER_URI = 1146 "com.iplanet.am.services.deploymentDescriptor"; 1147 1148 /** 1149 * Attribute that identifies default version for saml assertion in 1150 * <code>AMConfig.properties</code> file. 1151 */ 1152 public static final String SAML_ASSERTION_VERSION = 1153 "com.sun.identity.saml.assertion.version"; 1154 1155 /** 1156 * Attribute that identifies default version for saml protocol in 1157 * <code>AMConfig.properties</code> file. 1158 */ 1159 public static final String SAML_PROTOCOL_VERSION = 1160 "com.sun.identity.saml.protocol.version"; 1161 1162 /** 1163 * XML canonicalization Algorithm URI. 1164 * 1165 * @supported.api 1166 */ 1167 public static final String ALGO_ID_C14N_OMIT_COMMENTS = 1168 "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; 1169 1170 /** 1171 * XML canonicalization with comments Algorithm URI. 1172 * 1173 * @supported.api 1174 */ 1175 public static final String ALGO_ID_C14N_WITH_COMMENTS = 1176 ALGO_ID_C14N_OMIT_COMMENTS + "#WithComments"; 1177 1178 /** 1179 * Exclusive XML canonicalization Algorithm URI. 1180 * 1181 * @supported.api 1182 */ 1183 public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS = 1184 "http://www.w3.org/2001/10/xml-exc-c14n#"; 1185 1186 /** 1187 * Exclusive XML canonicalization with comments Algorithm URI. 1188 * 1189 * @supported.api 1190 */ 1191 public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS = 1192 ALGO_ID_C14N_EXCL_OMIT_COMMENTS + "WithComments"; 1193 1194 //constants for XML Signature -Transform algorithm 1195 //supported in Apache xml security package 1.0.5 1196 1197 /** 1198 * XML canonicalization Transform URI. 1199 * 1200 * @supported.api 1201 */ 1202 public static final String TRANSFORM_C14N_OMIT_COMMENTS = 1203 ALGO_ID_C14N_OMIT_COMMENTS; 1204 1205 /** 1206 * XML canonicalization with comments Transform URI. 1207 * 1208 * @supported.api 1209 */ 1210 public static final String TRANSFORM_C14N_WITH_COMMENTS = 1211 ALGO_ID_C14N_WITH_COMMENTS; 1212 1213 /** 1214 * Exclusive XML canonicalization Transform URI. 1215 * 1216 * @supported.api 1217 */ 1218 public static final String TRANSFORM_C14N_EXCL_OMIT_COMMENTS = 1219 ALGO_ID_C14N_EXCL_OMIT_COMMENTS; 1220 1221 /** 1222 * Exclusive XML canonicalization with comments Transform URI. 1223 * 1224 * @supported.api 1225 */ 1226 public static final String TRANSFORM_C14N_EXCL_WITH_COMMENTS = 1227 ALGO_ID_C14N_EXCL_WITH_COMMENTS; 1228 1229 /** 1230 * XSLT Transform URI. 1231 * 1232 * @supported.api 1233 */ 1234 public static final String TRANSFORM_XSLT = 1235 "http://www.w3.org/TR/1999/REC-xslt-19991116"; 1236 1237 /** 1238 * Base64 decoding Transform URI. 1239 * 1240 * @supported.api 1241 */ 1242 public static final String TRANSFORM_BASE64_DECODE = 1243 XMLSIG_NAMESPACE_URI + "base64"; 1244 1245 /** 1246 * XPath Transform URI. 1247 * 1248 * @supported.api 1249 */ 1250 public static final String TRANSFORM_XPATH = 1251 "http://www.w3.org/TR/1999/REC-xpath-19991116"; 1252 1253 /** 1254 * Enveloped Signature Transform URI. 1255 * 1256 * @supported.api 1257 */ 1258 public static final String TRANSFORM_ENVELOPED_SIGNATURE = 1259 XMLSIG_NAMESPACE_URI + "enveloped-signature"; 1260 1261 /** 1262 * XPointer Transform URI. 1263 * 1264 * @supported.api 1265 */ 1266 public static final String TRANSFORM_XPOINTER = 1267 "http://www.w3.org/TR/2001/WD-xptr-20010108"; 1268 1269 /** 1270 * XPath Filter v2.0 Transform URI. 1271 * 1272 * @supported.api 1273 */ 1274 public static final String TRANSFORM_XPATH2FILTER04 = 1275 "http://www.w3.org/2002/04/xmldsig-filter2"; 1276 1277 /** 1278 * XPath Filter v2.0 Transform URI. 1279 * 1280 * @supported.api 1281 */ 1282 public static final String TRANSFORM_XPATH2FILTER = 1283 "http://www.w3.org/2002/06/xmldsig-filter2"; 1284 1285 /** 1286 * XPath Filter v2.0 CHGP Transform URI. 1287 * 1288 * @supported.api 1289 */ 1290 public static final String TRANSFORM_XPATHFILTERCHGP = 1291 "http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter"; 1292 1293 /** 1294 * XML schema namespace. 1295 * 1296 * @supported.api 1297 */ 1298 public static final String NS_XMLNS = "http://www.w3.org/2000/xmlns/"; 1299 1300 /** 1301 * SOAP security namespace. 1302 * 1303 * @supported.api 1304 */ 1305 public static final String NS_SEC = "urn:liberty:sec:2003-08"; 1306 1307 /** 1308 * SOAP utility namespace. 1309 * 1310 * @supported.api 1311 */ 1312 public static final String NS_WSSE = 1313 "http://schemas.xmlsoap.org/ws/2003/06/secext"; 1314 1315 /** 1316 * Liberty security namespace. 1317 * 1318 * @supported.api 1319 */ 1320 public static final String NS_WSU = 1321 "http://schemas.xmlsoap.org/ws/2003/06/utility"; 1322 1323 /** 1324 * String that identifies wsu prefix. 1325 */ 1326 public static final String PREFIX_WSU = "wsu"; 1327 1328 /** 1329 * String that identifies ds prefix. 1330 */ 1331 public static final String PREFIX_DS = "ds"; 1332 1333 /** 1334 * String that identifies tag name "SecurityTokenReference". 1335 */ 1336 public static final String TAG_SECURITYTOKENREFERENCE = 1337 "SecurityTokenReference"; 1338 1339 /** 1340 * String that identifies tag xmlns. 1341 */ 1342 public static final String TAG_XMLNS = "xmlns"; 1343 1344 /** 1345 * String that identifies "xmlns:sec". 1346 */ 1347 public static final String TAG_XMLNS_SEC = "xmlns:sec"; 1348 1349 /** 1350 * Usage tag name. 1351 */ 1352 public static final String TAG_USAGE = "Usage"; 1353 1354 /** 1355 * MessageAuthentication tag name with namespace prefix. 1356 */ 1357 public static final String TAG_SEC_MESSAGEAUTHENTICATION = 1358 "sec:MessageAuthentication"; 1359 1360 /** 1361 * Tag name for <code>BinarySecurityToken</code> with namespace prefix. 1362 */ 1363 public static final String TAG_WSSE_BINARYSECURITYTOKEN = 1364 "wsse:BinarySecurityToken"; 1365 1366 /** 1367 * Tag name for <code>Security</code>. 1368 */ 1369 public static final String TAG_SECURITY = "Security"; 1370 1371 /** 1372 * Tag name for <code>AssertionIDReference</code>. 1373 */ 1374 public static final String TAG_ASSERTIONIDREFERENCE = 1375 "AssertionIDReference"; 1376 1377 /** 1378 * Tag name for <code>Assertion</code>. 1379 */ 1380 public static final String TAG_ASSERTION = "Assertion"; 1381 1382 /** 1383 * String that identifies <code>AssertionID</code>. 1384 */ 1385 public static final String TAG_ASSERTION_ID = "AssertionID"; 1386 1387 /** 1388 * Tag name for <code>BinarySecurityToken</code>. 1389 */ 1390 public static final String BINARYSECURITYTOKEN = "BinarySecurityToken"; 1391 1392 /** 1393 * Tag name for "Id". 1394 */ 1395 public static final String TAG_ID = "Id"; 1396 1397 /** 1398 * Tag name for <code>Reference</code>. 1399 */ 1400 public static final String TAG_REFERENCE = "Reference"; 1401 1402 /** 1403 * Tag name for <code>URI</code>. 1404 */ 1405 public static final String TAG_URI = "URI"; 1406 1407 /** 1408 * Tag name for <code>ValueType</code>. 1409 */ 1410 public static final String TAG_VALUETYPE = "ValueType"; 1411 1412 /** 1413 * Tag name for <code>KeyInfo</code>. 1414 */ 1415 public static final String TAG_KEYINFO = "KeyInfo"; 1416 1417 /** 1418 * Tag name for <code>KeyName</code>. 1419 */ 1420 public static final String TAG_KEYNAME = "KeyName"; 1421 1422 /** 1423 * Tag name for <code>KeyValue<code>. 1424 */ 1425 public static final String TAG_KEYVALUE = "KeyValue"; 1426 1427 /** 1428 * Tag name for <code>PKCS7</code> with wsse namespace prefix. 1429 */ 1430 public static final String TAG_PKCS7 = "wsse:PKCS7"; 1431 1432 /** 1433 * Tag name for <code>X509Data</code>. 1434 */ 1435 public static final String TAG_X509DATA = "X509Data"; 1436 1437 /** 1438 * Tag name for <code>X509Certificate</code>. 1439 */ 1440 public static final String TAG_X509CERTIFICATE = "X509Certificate"; 1441 1442 /** 1443 * Beginning of certificate string. 1444 */ 1445 public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----\n"; 1446 1447 /** 1448 * End of certificate string. 1449 */ 1450 public static final String END_CERT = "\n-----END CERTIFICATE-----"; 1451 1452 /** 1453 * <code>DSAKeyValue</code> tag name. 1454 */ 1455 public static final String TAG_DSAKEYVALUE = "DSAKeyValue"; 1456 1457 /** 1458 * <code>RSAKeyValue</code> tag name. 1459 */ 1460 public static final String TAG_RSAKEYVALUE = "RSAKeyValue"; 1461 1462 /** 1463 * Attribute which identifies certificate alias of this site. 1464 * This value is configured through <code>AMConfig.properties</code>. 1465 */ 1466 public static final String MYCERTALIAS = 1467 "com.sun.identity.saml.xmlsig.certalias"; 1468 1469 /** 1470 * User Name attribute key in the Attribute Map. 1471 */ 1472 public static final String USER_NAME = "USER_NAME"; 1473 1474 /** 1475 * SAML component name to be used to get datastore provider. 1476 */ 1477 public static final String SAML = "saml"; 1478 /** 1479 * SAML component default name space. 1480 */ 1481 public static final String ATTR_NAME_SPACE = 1482 "urn:com:sun:identity:attrnamespace"; 1483 1484 public static final String TAG_USERNAME_TOKEN = "UsernameToken"; 1485 /** 1486 * Keyname for escaping special characters in <code>AttributeValue</code>. 1487 * If true, escaping special characters. Otherwise, will not. Default 1488 * value is "true". 1489 */ 1490 public static final String ESCAPE_ATTR_VALUE = 1491 "com.sun.identity.saml.escapeattributevalue"; 1492 1493 /** 1494 * HTTP POST binding. 1495 */ 1496 public static final String HTTP_POST = "HTTP-POST"; 1497 1498 /** 1499 * HTTP Redirect binding. 1500 */ 1501 public static final String HTTP_REDIRECT = "HTTP-Redirect"; 1502 1503 /** 1504 * Property to identity the HTTP binding for displaying error page. 1505 */ 1506 public static final String ERROR_PAGE_HTTP_BINDING = 1507 "com.sun.identity.saml.errorpage.httpbinding"; 1508 1509 /** 1510 * Property to identify the error page url. 1511 */ 1512 public static final String ERROR_PAGE_URL = 1513 "com.sun.identity.saml.errorpage.url"; 1514 /** 1515 * Default error page url. 1516 */ 1517 public static final String DEFAULT_ERROR_PAGE_URL = 1518 "/saml2/jsp/saml2error.jsp"; 1519 /** 1520 * HTTP status code. 1521 */ 1522 public static final String HTTP_STATUS_CODE = "httpstatuscode"; 1523 1524 /** 1525 * Error message. 1526 */ 1527 public static final String ERROR_MESSAGE = "errormessage"; 1528 1529 /** 1530 * Error code. 1531 */ 1532 public static final String ERROR_CODE = "errorcode"; 1533 1534 /** 1535 * Accept Language HTTP header 1536 */ 1537 public static final String ACCEPT_LANG_HEADER = "Accept-Language"; 1538}