001/*
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: SAML2Constants.java,v 1.44 2009/11/24 21:53:02 madan_ranganath Exp $
026 *
027 * Portions Copyrighted 2010-2015 ForgeRock AS.
028 */
029package com.sun.identity.saml2.common;
030
031import com.sun.identity.cot.COTConstants;
032
033/**
034 * This interface defines constants common to all SAMLv2 elements.
035 *
036 * @supported.all.api
037 */
038public interface SAML2Constants {
039
040    /**
041     * XML name space URI
042     */
043    public String NS_XML = "http://www.w3.org/2000/xmlns/";
044    
045    /**
046     * String used to declare SAMLv2 assertion namespace prefix.
047     */
048    public String ASSERTION_PREFIX = "saml:";
049    
050    /**
051     * String used to declare SAMLv2 assertion namespace.
052     */
053    public String ASSERTION_DECLARE_STR =
054    " xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"";
055    
056    /**
057     * SAMLv2 assertion namespace URI.
058     */
059    public String ASSERTION_NAMESPACE_URI =
060    "urn:oasis:names:tc:SAML:2.0:assertion";
061    
062    /**
063     * Default namespace attribute for <code>Action</code>.
064     */
065    public String ACTION_NAMESPACE_NEGATION =
066    "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation";
067    
068    /**
069     * String used to declare SAMLv2 protocol namespace prefix.
070     */
071    public String PROTOCOL_PREFIX = "samlp:";
072    
073    /**
074     * String used to declare SAMLv2 protocol namespace.
075     */
076    public String PROTOCOL_NAMESPACE = "urn:oasis:names:tc:SAML:2.0:protocol";
077    
078    /**
079     * String used to declare SAMLv2 protocol namespace.
080     */
081    public String PROTOCOL_DECLARE_STR =
082                " xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"";
083    
084    /**
085     * String used to represent HTTP Redirect Binding.
086     */
087    public String HTTP_REDIRECT =
088                "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
089
090    /**
091     * String used to represent SOAP Binding.
092     */
093    public String SOAP =
094                "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
095
096    /**
097     * String used to represent PAOS Binding.
098     */
099    public static final String PAOS =
100                "urn:oasis:names:tc:SAML:2.0:bindings:PAOS";
101
102    /**
103     * String used to represent HTTP POST Binding.
104     */
105    public String HTTP_POST =
106                "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
107
108    /**
109     * String used to represent HTTP ARTIFACT Binding.
110     */
111    public String HTTP_ARTIFACT =
112                "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact";
113
114    /**
115     * String used to represent URI Binding.
116     */
117    public String URI =
118                "urn:oasis:names:tc:SAML:2.0:bindings:URI";
119
120    /**
121     * String to represent Name Identifier Format name space
122     */
123    public String NAMEID_FORMAT_NAMESPACE=
124                "urn:oasis:names:tc:SAML:2.0:nameid-format:";
125
126    /**
127     * String to represent Name Identifier Format name space
128     * version 1.1
129     */
130    public static final String NAMEID_FORMAT_NAMESPACE_V_1_1=
131          "urn:oasis:names:tc:SAML:1.1:nameid-format:";
132
133    /**
134     * String to represent Encrypted Format Name Identifier
135     */
136    public String ENCRYPTED =
137                NAMEID_FORMAT_NAMESPACE + "encrypted";
138
139
140    /**
141     * String to represent Persitent Name Identifier
142     */
143    public String PERSISTENT =
144                NAMEID_FORMAT_NAMESPACE + "persistent";
145    
146    /**
147     * String to represent Unspecified Name Identifier
148     */
149    public String UNSPECIFIED =
150        NAMEID_FORMAT_NAMESPACE_V_1_1 + "unspecified";
151  
152    /**
153     * String to represent Email Address Name Identifier
154     */
155    public String EMAIL_ADDRESS =
156        NAMEID_FORMAT_NAMESPACE_V_1_1 + "emailAddress";
157
158    /**
159     * String to represent Entity Name Identifier
160     */
161    public String ENTITY =
162                NAMEID_FORMAT_NAMESPACE + "entity";
163
164    /**
165     * String to represent X509 Subejct Name Identifier
166     */
167    public String X509_SUBJECT_NAME =
168        NAMEID_FORMAT_NAMESPACE_V_1_1 + "X509SubjectName";
169
170    /**
171     * String to represent Windows Domain Qualified Name Identifier
172     */
173    public String WINDOWS_DOMAIN_QUALIFIED_NAME =
174        NAMEID_FORMAT_NAMESPACE_V_1_1 + "WindowsDomainQualifiedName";
175
176    /**
177     * String to represent Kerberos Principal Name Identifier
178     */
179    public String KERBEROS_PRINCIPAL_NAME =
180        NAMEID_FORMAT_NAMESPACE + "kerberos";
181
182    /**
183     * String to represent the authentication service url
184     */
185    public String AUTH_URL = "AuthUrl";
186
187    /**
188     * Used when the SAML endpoints are RP'd to a non-server/site URL, typically
189     * to DAS
190     */
191    public String RP_URL = "RpUrl";
192
193    /**
194     * Strings represent primitive top-level StatusCode values 
195     */
196    public String SUCCESS =
197        "urn:oasis:names:tc:SAML:2.0:status:Success";
198
199    public String REQUESTER =
200        "urn:oasis:names:tc:SAML:2.0:status:Requester";
201
202    public String RESPONDER =
203        "urn:oasis:names:tc:SAML:2.0:status:Responder";
204
205    public String NOPASSIVE =
206        "urn:oasis:names:tc:SAML:2.0:status:NoPassive";
207    
208    public String VERSION_MISMATCH =
209        "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch";
210
211    public String UNKNOWN_PRINCIPAL =
212        "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal";
213
214    public String AUTHN_FAILED =
215        "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed";
216
217    public String INVALID_ATTR_NAME_OR_VALUE =
218        "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue";
219
220    public String INVALID_NAME_ID_POLICY =
221        "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy";
222
223    public String NO_AUTHN_CONTEXT =
224        "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext";
225
226    /**
227     * Basic name format
228     */
229    public String BASIC_NAME_FORMAT =
230        "urn:oasis:names:tc:SAML:2.0:attrname-format:basic";
231
232    /**
233     * Basic attribute profile
234     */
235    public String BASIC_ATTRIBUTE_PROFILE =
236        "urn:oasis:names:tc:SAML:2.0:profiles:attribute:basic";
237
238    /**
239     * Attribute Query default profile
240     */
241    public static final String DEFAULT_ATTR_QUERY_PROFILE =
242        "urn:oasis:names:tc:SAML:2.0:profiles:query";
243
244    /**
245     * Attribute Query x509 Subject profile
246     */
247    public static final String X509_SUBJECT_ATTR_QUERY_PROFILE =
248        "urn:oasis:names:tc:SAML:2.0:profiles:query:attribute:X509";
249
250    /**
251     * Attribute Query default profile alias
252     */
253    public static final String DEFAULT_ATTR_QUERY_PROFILE_ALIAS =
254        "default";
255
256    /**
257     * Attribute Query x509 Subject profile alias
258     */
259    public static final String X509_SUBJECT_ATTR_QUERY_PROFILE_ALIAS =
260        "x509Subject";
261
262    /**
263     * Strings represent subject confirmation methods
264     */
265    public String SUBJECT_CONFIRMATION_METHOD_BEARER =
266        "urn:oasis:names:tc:SAML:2.0:cm:bearer";
267    
268    /**
269     * Confirmation method for holder of key
270     */
271    public String SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY =
272        "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
273    
274    /**
275     * Confirmation method for sender vouches
276     */
277    public String SUBJECT_CONFIRMATION_METHOD_SENDER_VOUCHES =
278        "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches";
279    
280    /**
281     * Session Property name indicating if response is redirected or not
282     */
283    public String RESPONSE_REDIRECTED = "SAML2ResponseRedirected";
284
285    /**
286     * Length for SAMLv2 IDs.
287     */
288    public int ID_LENGTH = 20;
289    
290    /**
291     * SAMLv2 Version String
292     */
293    public String VERSION_2_0 = "2.0";
294
295    /**
296     * SAMLRequest query parameter name
297     */
298    public String SAML_REQUEST = "SAMLRequest";
299
300    /**
301     * SAMLResponse query parameter name
302     */
303    public String SAML_RESPONSE = "SAMLResponse";
304    
305    
306    /**
307     * Maximum value of unsigned integer/short type.
308     */
309    public int MAX_INT_VALUE=65535;
310    
311    /**
312     * Start Tag for XML String
313     */
314    public String START_TAG="<";
315    /**
316     * End Tag for XML String
317     */
318    public String END_TAG =">";
319    
320    /**
321     * Constant for space
322     */
323    public String SPACE=" ";
324    /**
325     * Constant for equal
326     */
327    public String EQUAL= "=";
328    
329    /**
330     * Constant for quote
331     */
332    public String QUOTE = "\"";
333    
334    /**
335     * Constant for newline
336     */
337    public String NEWLINE= "\n";
338    
339    /**
340     * Constant for xml name space
341     */
342    public String NAMESPACE_PREFIX="xmlns";
343    
344    /**
345     * Constant for SAML2 end tag
346     */
347    public String SAML2_END_TAG="</samlp:";
348    
349    /**
350     * Constant for AuthnRequest
351     */
352    public String AUTHNREQUEST="AuthnRequest";
353
354    /**
355     * Constant for LogoutRequest
356     */
357    public String LOGOUT_REQUEST="LogoutRequest";
358
359    /**
360     * Constant for LogoutResponse
361     */
362    public String LOGOUT_RESPONSE="LogoutResponse";
363
364    /**
365     * Constant for AssertionIDRequest
366     */
367    public String ASSERTION_ID_REQUEST = "AssertionIDRequest";
368
369    /**
370     * Constant for AttributeQuery
371     */
372    public String ATTRIBUTE_QUERY = "AttributeQuery";
373
374    /**
375     * Constant for AuthnQuery
376     */
377    public String AUTHN_QUERY = "AuthnQuery";
378
379    /**
380     * Constant for NameIDMappingRequest
381     */
382    public String NAME_ID_MAPPING_REQUEST = "NameIDMappingRequest";
383
384    /**
385     * Constant for NameIDMappingResponse
386     */
387    public String NAME_ID_MAPPING_RESPONSE = "NameIDMappingResponse";
388
389    /**
390     * Constant for AssertionIDRef
391     */
392    public String ASSERTION_ID_REF = "AssertionIDRef";
393
394    /**
395     * Constant for Attribute
396     */
397    public String ATTRIBUTE="Attribute";
398
399    /**
400     * Constant for SessionIndex
401     */
402    public String SESSION_INDEX="SessionIndex";
403
404    /**
405     * Constant for BaseID
406     */
407    public String BASEID="BaseID";
408
409    /**
410     * Constant for NameID
411     */
412    public String NAMEID="NameID";
413
414    /**
415     * Constant for EncryptedID
416     */
417    public String ENCRYPTEDID="EncryptedID";
418    
419    /**
420     * Constant for Reason
421     */
422    public String REASON="Reason";
423
424    /**
425     * Constant for NotOnOrAfter
426     */
427    public String NOTONORAFTER="NotOnOrAfter";
428
429    /**
430     * Constant for NotOnOrAfter
431     */
432    public String NOTBEFORE="NotBefore";
433
434    /**
435     * Constant for InResponseTo
436     */
437    public String INRESPONSETO="InResponseTo";
438   
439    /**
440     * Constant for ID
441     */
442    public String ID="ID";
443    
444    
445    /**
446     * Constant for Version
447     */
448    public String VERSION="Version";
449    
450    
451    /**
452     * Constant for IssueInstant
453     */
454    public String ISSUE_INSTANT="IssueInstant";
455    
456    /**
457     * Constant for Destination
458     */
459    public String DESTINATION="Destination";
460    
461    /**
462     * Constant for Value
463     */
464    public String VALUE="Value";
465    
466    /**
467     * Constant for Destination
468     */
469    public String CONSENT="Consent";
470    
471    /**
472     * Constant for Issuer
473     */
474    public String ISSUER="Issuer";
475    
476    
477    /**
478     * Constant for Signature
479     */
480    public String SIGNATURE="Signature";
481    
482    /**
483     * Constant for forceAuthn attribute
484     */
485    public String FORCEAUTHN="ForceAuthn";
486    
487    /**
488     * Constant for IsPassive attribute
489     */
490    public String ISPASSIVE="IsPassive";
491    
492    /**
493     * Constant for AllowCreate attribute
494     */
495    public String ALLOWCREATE="AllowCreate";
496
497    /**
498     * Constant for ProtocolBinding attribute
499     */
500    public String PROTOBINDING="ProtocolBinding";
501    
502    /**
503     * Constant for mustUnderstand attribute
504     */
505    public static final String MUST_UNDERSTAND = "mustUnderstand";
506
507    /**
508     * Constant for actor attribute
509     */
510    public static final String ACTOR = "actor";
511
512    /**
513     * Constant for Binding parameter name
514     */
515    public String BINDING="binding";
516
517    /**
518     * Constant for reqBinding parameter name
519     */
520    public String REQ_BINDING = "reqBinding";
521
522    /**
523     * Constant for affiliationID parameter name
524     */
525    public String AFFILIATION_ID = "affiliationID";
526
527    /**
528     * Constant for Binding namespace
529     */
530    public String BINDING_PREFIX =
531    "urn:oasis:names:tc:SAML:2.0:bindings:";
532
533    /**
534     * Constant for AssertionConsumerServiceIndex attribute
535     */
536    public String ASSERTION_CONSUMER_SVC_INDEX=
537    "AssertionConsumerServiceIndex";
538    /**
539     * Constant for AssertionConsumerServiceURL attribute
540     */
541    public String ASSERTION_CONSUMER_SVC_URL=
542    "AssertionConsumerServiceURL";
543    /**
544     * Constant for AttributeConsumingServiceIndex attribute
545     */
546    public String ATTR_CONSUMING_SVC_INDEX=
547    "AttributeConsumingServiceIndex";
548    /**
549     * Constant for ProviderName attribute
550     */
551    public String PROVIDER_NAME="ProviderName";
552    
553    /**
554     * Constant for Subject Element
555     */
556    public String SUBJECT="Subject";
557
558    /**
559     * Constant for AuthnRequest object
560     */
561    public String AUTHN_REQUEST = "AuthnRequest";
562    
563    /**
564     * Constant for NameIDPolicy Element
565     */
566    public String NAMEID_POLICY="NameIDPolicy";
567    
568    /**
569     * Constant for Conditions Element.
570     */
571    public String CONDITIONS="Conditions";
572    
573    /**
574     * Constant for RequestedAuthnContext Element.
575     */
576    public String REQ_AUTHN_CONTEXT="RequestedAuthnContext";
577
578    /** 
579     * Constant for Comparison Attribute
580     */
581    public String COMPARISON ="Comparison";
582
583    /**
584     * Constant for Scoping Element.
585     */
586    public String SCOPING="Scoping";
587    
588    /**
589     * Constant for Extensions Element.
590     */
591    public String EXTENSIONS="Extensions";
592    
593    /**
594     * Constant for StatusDetail Element.
595     */
596    public String STATUS_DETAIL="StatusDetail";
597    
598    /**
599     * Constant for StatusCode Element.
600     */
601    public String STATUS_CODE="StatusCode";
602    
603    /**
604     * Constant for Status Element.
605     */
606    public String STATUS="Status";
607    
608    /**
609     * Constant for StatusMessage Element.
610     */
611    public String STATUS_MESSAGE="StatusMessage";
612    
613    /**
614     * Constant for GetComplete Element.
615     */
616    public String GETCOMPLETE="GetComplete";
617    
618    /**
619     * Constant for IDPEntry Element.
620     */
621    public String IDPENTRY="IDPEntry";
622    
623    /**
624     * Constant for IDPList Element.
625     */
626    public String IDPLIST="IDPList";
627    
628    /**
629     * Constant for NameIDPolicy Element.
630     */
631    public String NAMEIDPOLICY="NameIDPolicy";
632    
633    /**
634     * Constant for RequesterID Element.
635     */
636    public String REQUESTERID="RequesterID";
637
638    // for SAMLPOSTProfileServlet
639    public String SOURCE_SITE_SOAP_ENTRY = "sourceSite";
640    public String POST_ASSERTION = "assertion";
641    public String CLEANUP_INTERVAL_NAME =
642                                "iplanet-am-saml-cleanup-interval";
643
644    /**
645     * NameID info attribute.
646     */ 
647    public String NAMEID_INFO = "sun-fm-saml2-nameid-info";
648
649    /**
650     * NameID info key attribute.
651     */
652    public String NAMEID_INFO_KEY = "sun-fm-saml2-nameid-infokey";
653
654    /**
655     * SAML2 data store provider name.
656     */ 
657    public String SAML2 = "saml2";
658
659    /**
660     * Auto federation attribute.
661     */
662    public String AUTO_FED_ATTRIBUTE = 
663                        "autofedAttribute";
664
665    /**
666     * Auto federation enable attribute.
667     */
668    public String AUTO_FED_ENABLED =
669                        "autofedEnabled";
670
671    /**
672     * Transient federation users.
673     */
674    public String TRANSIENT_FED_USER =
675                        "transientUser";
676
677    public String NAMEID_TRANSIENT_FORMAT = 
678         NAMEID_FORMAT_NAMESPACE + "transient";
679
680    /**
681     * certficate alias attribute.
682     */
683    public String CERT_ALIAS = "sun-fm-saml2-cert-alias";
684 
685    /**
686     * NameID format map configuration.
687     */
688    public String NAME_ID_FORMAT_MAP = "nameIDFormatMap";
689
690    /**
691     * Attribute map configuration.
692     */
693    public String ATTRIBUTE_MAP = "attributeMap";
694
695    /**
696     * Service provider adapter implementation class
697     */
698    public String SP_ADAPTER_CLASS = "spAdapter";
699    
700    /**
701     * Environment (attribute/value pair) for Service provider adapter 
702     * implementation class. Those variables will be passed down as
703     * Map to the implementation class for initialization.
704     */
705    public String SP_ADAPTER_ENV = "spAdapterEnv";
706    
707    /**
708     * Fedlet adapter implementation class.
709     */
710    public String FEDLET_ADAPTER_CLASS = "fedletAdapter";
711    
712    /**
713     * Environment (attribute/value pair) for fedlet adapter 
714     * implementation class. Those variables will be passed down as
715     * Map to the implementation class for initialization.
716     */
717    public String FEDLET_ADAPTER_ENV = "fedletAdapterEnv";
718    
719    /**
720     * Service provider account mapper.
721     */
722    public String SP_ACCOUNT_MAPPER = 
723                        "spAccountMapper";
724
725    /**
726     * Use NameID value as local user ID in service provider account mapper.
727     */ 
728    public String USE_NAMEID_AS_SP_USERID = "useNameIDAsSPUserID";
729
730    /**
731     * Service provider attribute mapper.
732     */
733    public String SP_ATTRIBUTE_MAPPER = 
734                        "spAttributeMapper";
735
736    /**
737     * Identity provider account mapper.
738     */
739    public String IDP_ACCOUNT_MAPPER = 
740                        "idpAccountMapper";
741
742    /**
743     * Identity provider attribute mapper.
744     */
745    public String IDP_ATTRIBUTE_MAPPER = 
746                        "idpAttributeMapper";
747
748    /**
749     * Attribute authority mapper.
750     */
751    public String ATTRIBUTE_AUTHORITY_MAPPER = 
752                        "attributeAuthorityMapper";
753
754    /**
755     * Assertion ID request mapper.
756     */
757    public String ASSERTION_ID_REQUEST_MAPPER = 
758                        "assertionIDRequestMapper";
759
760    /**
761     * RelayState Parameter
762     */
763    public String RELAY_STATE="RelayState";
764
765    /**
766     * RelayState Alias Parameter
767     */
768    public String RELAY_STATE_ALIAS="RelayStateAlias";
769
770    /**
771     * Realm Parameter
772     */
773    public String REALM="realm";
774
775    /**
776     * AssertionConsumerServiceIndex Parameter
777     */
778    public String ACS_URL_INDEX="AssertionConsumerServiceIndex";
779
780    /**
781     * AttributeConsumingServiceIndex Parameter
782     */
783    public String ATTR_INDEX="AttributeConsumingServiceIndex";
784
785    /**
786     * NameIDPolicy Format Identifier Parameter
787     */
788    public String NAMEID_POLICY_FORMAT="NameIDFormat";
789
790    /**
791     * True Value String
792     */
793    public String TRUE="true";
794
795    /**
796     * False Value String
797     */
798    public String FALSE="false";
799
800    public String AUTH_LEVEL="AuthLevel";
801    public String ORGANIZATION = "Organization";
802    public String AUTH_LEVEL_ATTR="sunFMAuthContextComparison";
803    public String AUTH_TYPE="authType";
804    public String AUTH_LEVEL_ADVICE = "sunamcompositeadvice";
805
806    public String AUTH_TYPE_ATTR ="sunFMAuthContextType";
807
808    public String DECLARE_REF_AUTH_TYPE = "AuthContextDeclareRef";
809    public String CLASS_REF_AUTH_TYPE = "AuthContextClassRef";
810
811    public String AUTH_CONTEXT_DECL_REF ="AuthContextDeclRef";
812    public String AUTH_CONTEXT_DECL_REF_ATTR 
813                                        ="sunFMAuthContextDeclareRef";
814
815    public String AUTH_CONTEXT_CLASS_REF ="AuthnContextClassRef";
816
817    public String AUTH_CONTEXT_CLASS_REF_ATTR 
818                                        ="sunFMAuthContextClassRef";
819
820    /**
821     * Parameter name for SAML artifact in http request.
822     */
823    public String SAML_ART = "SAMLart";
824
825    /**
826     * Service Provider Role
827     */
828    public String SP_ROLE = "SPRole";
829
830    /**
831     * Identity Provider Role
832     */
833    public String IDP_ROLE = "IDPRole";
834    
835    /**
836     * Constant value for entity acting as both SP and IDP role.
837     */
838    public String DUAL_ROLE ="DualRole";
839
840
841    /**
842     * Policy Decision Point Role
843     */
844    String PDP_ROLE = "PDPRole";
845
846    /**
847     * Policy Enforcement Point Role
848     */
849    String PEP_ROLE = "PEPRole";
850    
851    /**
852     * Attribute Authority Role
853     */
854    String ATTR_AUTH_ROLE = "AttrAuthRole";
855
856    /**
857     * Attribute Query Role
858     */
859    String ATTR_QUERY_ROLE = "AttrQueryRole";
860
861    /**
862     * Authentication Authority Role
863     */
864    String AUTHN_AUTH_ROLE = "AuthnAuthRole";
865
866    /**
867     * Unknown Role
868     */
869    public String UNKNOWN_ROLE = "UNKNOWN";
870    
871
872    /**
873     * Attribute to be configured in SPSSOConfig for SAML2 authentication
874     * module instance name.
875     */
876    public String AUTH_MODULE_NAME = "saml2AuthModuleName";
877
878    /**
879     * Attribute to be configured in SPSSOConfig for local authentication url.
880     */
881    public String LOCAL_AUTH_URL = "localAuthURL";
882
883    /**
884     * Attribute to be configured in SPSSOConfig for intermediate url.
885     */
886    public String INTERMEDIATE_URL = "intermediateUrl";
887
888    /**
889     * Attribute to be configure in SPSSOConfig for default relay state url.
890     */
891    public String DEFAULT_RELAY_STATE = "defaultRelayState";
892
893    /**
894     * This is an attribute in entity config for the
895     * entity description
896     */
897    public String ENTITY_DESCRIPTION = "description";
898
899    /**
900     * This is an attribute in entity config for the
901     * signing certificate alias
902     */
903    public String SIGNING_CERT_ALIAS = "signingCertAlias";
904
905    /**
906     * This is an attribute in entity config for the
907     * signing certificate encrypted keypass
908     */
909    public String SIGNING_CERT_KEYPASS = "signingCertKeyPass";
910
911    /**
912     * This is an attribute in entity config for the
913     * encryption certificate alias
914     */
915    public String ENCRYPTION_CERT_ALIAS = "encryptionCertAlias";
916    
917    /**
918     * The entity role
919     */
920    public String ROLE = "role";
921
922    public String SIG_PROVIDER =
923    "com.sun.identity.saml2.xmlsig.SignatureProvider";
924
925    public String ENC_PROVIDER =
926    "com.sun.identity.saml2.xmlenc.EncryptionProvider";
927    
928    /**
929     * Signing  
930     */
931    public String SIGNING = "signing";
932    
933    /**
934     * Encryption  
935     */
936    public String ENCRYPTION = "encryption";
937    
938    // Delimiter used to separate multiple NameIDKey values.
939    public String SECOND_DELIM = ";";
940
941    /**
942     * Http request parameter used to indicate whether the intent is
943     * federation or not. Its values are "true" and "false".
944     */
945    public String FEDERATE = "federate";
946    
947    /** xmlsig signing parameters*/
948    public String CANONICALIZATION_METHOD =
949         "com.sun.identity.saml.xmlsig.c14nMethod";
950    public String TRANSFORM_ALGORITHM =
951         "com.sun.identity.saml.xmlsig.transformAlg";
952    public String XMLSIG_ALGORITHM =
953         "com.sun.identity.saml.xmlsig.xmlSigAlgorithm";
954    /**
955     * Property name for the global default query signature algorithm for RSA keys.
956     */
957    public String QUERY_SIGNATURE_ALGORITHM_RSA = "org.forgerock.openam.saml2.query.signature.alg.rsa";
958    /**
959     * Property name for the global default query signature algorithm for DSA keys.
960     */
961    public String QUERY_SIGNATURE_ALGORITHM_DSA = "org.forgerock.openam.saml2.query.signature.alg.dsa";
962    /**
963     * Property name for the global default query signature algorithm for EC keys.
964     */
965    public String QUERY_SIGNATURE_ALGORITHM_EC = "org.forgerock.openam.saml2.query.signature.alg.ec";
966    public String DSA = "DSA";
967    public String RSA = "RSA";      
968
969    public String SIG_ALG = "SigAlg"; 
970    public String SHA1_WITH_DSA = "SHA1withDSA";
971    public String SHA1_WITH_RSA = "SHA1withRSA";
972
973    public String DEFAULT_ENCODING = "UTF-8";
974
975    // SOAP fault code for requester error
976    public String CLIENT_FAULT = "Client";
977
978    // SOAP fault code for responder error
979    public String SERVER_FAULT = "Server";
980
981    public String SESSION = "session";
982
983    // more constants defined for auth module
984    public String ASSERTIONS = "assertions";
985    public String MAX_SESSION_TIME = "maxSessionTime";
986    public String IN_RESPONSE_TO = "inResponseTo";
987
988    public String SP_METAALIAS = "spMetaAlias";
989    public String METAALIAS = "metaAlias";
990    public String SPENTITYID = "spEntityID";
991    public String IDPENTITYID = "idpEntityID";
992    public String REQUESTTYPE = "requestType";
993    
994    // Encryption attributes
995    /**
996     * SP Entity Config attribute name. Used to specify whether it wants
997     * Assertion encrypted or not.
998     */
999    public String WANT_ASSERTION_ENCRYPTED = "wantAssertionEncrypted";
1000
1001    public String WANT_ATTRIBUTE_ENCRYPTED 
1002                                   = "wantAttributeEncrypted";
1003    public String WANT_NAMEID_ENCRYPTED = "wantNameIDEncrypted";
1004
1005    // Signing attributes
1006    /**
1007     * IDP Entity Config attribute name. Used to specify whether it wants
1008     * ArtifactResolve signed or not.
1009     */
1010    public String WANT_ARTIFACT_RESOLVE_SIGNED = "wantArtifactResolveSigned";
1011
1012    /**
1013     * SP Entity Config attribute name. Used to specify whether it wants
1014     * ArtifactResponse signed or not.
1015     */
1016    public String WANT_ARTIFACT_RESPONSE_SIGNED =
1017                              "wantArtifactResponseSigned";
1018    public String WANT_LOGOUT_REQUEST_SIGNED  
1019                                   = "wantLogoutRequestSigned";
1020    public String WANT_LOGOUT_RESPONSE_SIGNED   
1021                                   = "wantLogoutResponseSigned";
1022    public String WANT_MNI_REQUEST_SIGNED = "wantMNIRequestSigned";
1023    public String WANT_MNI_RESPONSE_SIGNED 
1024                                   = "wantMNIResponseSigned";
1025    public String WANT_POST_RESPONSE_SIGNED = "wantPOSTResponseSigned";
1026    
1027    /**
1028     * SP Entity Config attribute name. Used to specify IDPList child element
1029     * of ECP request.
1030     */
1031    public static final String ECP_REQUEST_IDP_LIST =
1032        "ECPRequestIDPList";
1033
1034    /**
1035     * SP Entity Config attribute name. Used to specify an implementation class
1036     * that finds IDPList child element of ECP request.
1037     */
1038    public static final String ECP_REQUEST_IDP_LIST_FINDER_IMPL =
1039        "ECPRequestIDPListFinderImpl";
1040
1041    /**
1042     * SP Entity Config attribute name. Used to specify attribute 'GetComplete'
1043     * of IDPList child element of ECP request
1044     */
1045    public static final String ECP_REQUEST_IDP_LIST_GET_COMPLETE =
1046        "ECPRequestIDPListGetComplete";
1047
1048    /**
1049     * Attribute Authority Config attribute name. Used to specify data store
1050     * attribute name that contains X509 subject DN.
1051     */
1052    public String X509_SUBJECT_DATA_STORE_ATTR_NAME =
1053        "x509SubjectDataStoreAttrName";
1054
1055    /**
1056     * Constant for SAML2IDPSessionIndex SSO token property
1057     */
1058    public String IDP_SESSION_INDEX = "SAML2IDPSessionIndex";
1059    /**
1060     * Constant for IDPMetaAlias SSO token property
1061     */
1062    public String IDP_META_ALIAS="IDPMetaAlias";
1063
1064    // Basic auth for SOAP binding
1065    public String BASIC_AUTH_ON = "basicAuthOn";
1066    public String BASIC_AUTH_USER = "basicAuthUser";
1067    public String BASIC_AUTH_PASSWD = "basicAuthPassword";
1068
1069    /**
1070     * Service provider AuthnContext mapper.
1071     */
1072    public String SP_AUTHCONTEXT_MAPPER =
1073                        "spAuthncontextMapper";
1074
1075    /**
1076     * Default value for Service provider AuthnContext mapper value.
1077     */
1078    public String DEFAULT_SP_AUTHCONTEXT_MAPPER =
1079        "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper";
1080
1081    /**
1082     * Service provider AuthnContext Class Reference and AuthLevel Mapping.
1083     */
1084    public String SP_AUTH_CONTEXT_CLASS_REF_ATTR=
1085                        "spAuthncontextClassrefMapping";
1086
1087    /**
1088     * Constant for AuthnContext Class Reference namespace
1089     */
1090    public String AUTH_CTX_PREFIX =
1091    "urn:oasis:names:tc:SAML:2.0:ac:classes:";
1092
1093    /**
1094     * Default Service provider AuthnContext Class Reference and 
1095     * AuthLevel Mapping value.
1096     */
1097    public String SP_AUTHCONTEXT_CLASSREF_VALUE=
1098        "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|0|default";
1099    /**
1100     * Service provider AuthnContext Comparison Type attribute name.
1101     */
1102    public String SP_AUTHCONTEXT_COMPARISON_TYPE =
1103                        "spAuthncontextComparisonType";
1104
1105    /**
1106     * Default Service provider AuthnContext Comparison Type 
1107     * attribute value.
1108     */
1109    public String SP_AUTHCONTEXT_COMPARISON_TYPE_VALUE = "exact";
1110
1111    /**
1112     * Flag to indicate if the RequestedAuthnContext should be included in an AuthnRequest.
1113     */
1114    public String INCLUDE_REQUESTED_AUTHN_CONTEXT = "includeRequestedAuthnContext";
1115
1116    /**
1117     * Service provider AuthnContext Comparison Parameter Name
1118     */
1119    public String SP_AUTHCONTEXT_COMPARISON = "AuthComparison";
1120
1121    // Time Skew for Assertion NotOnOrAfter. In seconds.
1122    public String ASSERTION_TIME_SKEW = "assertionTimeSkew";
1123    public int ASSERTION_TIME_SKEW_DEFAULT = 300;
1124
1125    // key for SAML2 SDK class mapping
1126    public String SDK_CLASS_MAPPING = 
1127        "com.sun.identity.saml2.sdk.mapping.";
1128
1129    // Default assertion effective time in seconds
1130    public int ASSERTION_EFFECTIVE_TIME = 600;
1131
1132    // Default assertion NotBefore skew in seconds
1133    public int NOTBEFORE_ASSERTION_SKEW_DEFAULT = 600;
1134
1135    // Assertion effective time attribute name
1136    public String ASSERTION_EFFECTIVE_TIME_ATTRIBUTE = 
1137                            "assertionEffectiveTime";
1138
1139    // NotBefore Assertion skew attribute name
1140    public String ASSERTION_NOTBEFORE_SKEW_ATTRIBUTE =
1141                             "assertionNotBeforeTimeSkew";
1142
1143    // IDP authn context mapper class attribute name
1144    public String IDP_AUTHNCONTEXT_MAPPER_CLASS =
1145                            "idpAuthncontextMapper";
1146
1147    // IDP ECP Session mapper class attribute name
1148    public static final String IDP_ECP_SESSION_MAPPER_CLASS =
1149                            "idpECPSessionMapper";
1150
1151    // Default IDP authn context mapper class name
1152    public String DEFAULT_IDP_AUTHNCONTEXT_MAPPER_CLASS =
1153        "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper";
1154
1155    // Default IDP account mapper class name
1156    public String DEFAULT_IDP_ACCOUNT_MAPPER_CLASS =
1157        "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper";
1158
1159    // Default SP account mapper class name
1160    public String DEFAULT_SP_ACCOUNT_MAPPER_CLASS =
1161        "com.sun.identity.saml2.plugins.DefaultSPAccountMapper";
1162
1163    /**
1164     * Default SP attribute mapper class name
1165     */
1166    public String DEFAULT_SP_ATTRIBUTE_MAPPER_CLASS = "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper";
1167
1168    // Default IDP attribute mapper class name
1169    public String DEFAULT_IDP_ATTRIBUTE_MAPPER_CLASS =
1170        "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper";
1171
1172    // Default Attribute Authority mapper class name
1173    public static final String DEFAULT_ATTRIBUTE_AUTHORITY_MAPPER_CLASS =
1174        "com.sun.identity.saml2.plugins.DefaultAttributeAuthorityMapper";
1175
1176    // Default Assertion ID request mapper class name
1177    public static final String DEFAULT_ASSERTION_ID_REQUEST_MAPPER_CLASS =
1178        "com.sun.identity.saml2.plugins.DefaultAssertionIDRequestMapper";
1179
1180    // Default IDP ECP Session mapper class name
1181    public static final String DEFAULT_IDP_ECP_SESSION_MAPPER_CLASS =
1182        "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper";
1183
1184    // IDP authn context class reference mapping attribute name
1185    public String IDP_AUTHNCONTEXT_CLASSREF_MAPPING =
1186                            "idpAuthncontextClassrefMapping";
1187
1188    // AuthnContext Class Reference names
1189    public String CLASSREF_PASSWORD_PROTECTED_TRANSPORT =
1190        "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport";
1191        
1192    // COT List
1193    public String COT_LIST = COTConstants.COT_LIST;
1194
1195    // http parameter to default.jsp
1196    public String MESSAGE = "message";
1197
1198    // Cache Cleanup interval attribute name in AMConfig.properties.
1199    // value in seconds
1200    public String CACHE_CLEANUP_INTERVAL = 
1201                "com.sun.identity.saml2.cacheCleanUpInterval";
1202
1203    // default Cache cleanup interval in seconds
1204    public int CACHE_CLEANUP_INTERVAL_DEFAULT = 3600;
1205
1206    // IDP SLO parameter name for logout all sessions
1207    public String LOGOUT_ALL = "logoutAll";
1208
1209    // IDP response info ID
1210    public String RES_INFO_ID = "resInfoID";
1211     
1212    // Default query parameter to use for RelayState if
1213    // RelayState is no specified and if RelayState cannot
1214    // be obtained from query parameters list specified in 
1215    // RelayStateAlias 
1216
1217    public String GOTO = "goto";
1218    
1219    // Delimiter for values of multi-valued property set in SSO token
1220    public char DELIMITER = '|';
1221
1222    // Escape string for the <code>DELIMITER</code> contained in the values
1223    // of multi-valued property set in SSO token
1224    public String ESCAPE_DELIMITER = "&#124;";
1225
1226    /**
1227     * Namespace declaration for XML Encryption
1228     */
1229    public String NS_XMLENC = "http://www.w3.org/2001/04/xmlenc#";
1230
1231    /**
1232     * Namespace declaration for XML Digital Signature
1233     */
1234    public String NS_XMLSIG = "http://www.w3.org/2000/09/xmldsig#";
1235
1236    /**
1237     * Want XACML Authorization Decision Query Signed.
1238     */
1239    String WANT_XACML_AUTHZ_DECISION_QUERY_SIGNED =
1240        "wantXACMLAuthzDecisionQuerySigned";
1241
1242    /**
1243     * Want Authorization Decision Response Signed.
1244     */
1245    String WANT_XACML_AUTHZ_DECISION_RESPONSED_SIGNED =
1246        "wantXACMLAuthzDecisionResponseSigned";
1247
1248    /**
1249     * Generate Discovery Bootstrapping
1250     */
1251    public String DISCO_BOOTSTRAPPING_ENABLED =
1252        "discoveryBootstrappingEnabled";
1253
1254    /**
1255     * Constant for Response Artifact message encoding property
1256     */
1257    public String RESPONSE_ARTIFACT_MESSAGE_ENCODING =
1258        "responseArtifactMessageEncoding";
1259
1260    /**
1261     * URI encoding
1262     */
1263    public String URI_ENCODING = "URI";
1264
1265    /**
1266     * FORM encoding 
1267     */
1268    public String FORM_ENCODING = "FORM";
1269
1270    /**
1271     * Cache Assertion
1272     */
1273    public String ASSERTION_CACHE_ENABLED =
1274        "assertionCacheEnabled";
1275
1276    /**
1277     * Attribute name format for ID-WSF 1.1 Discovery bootstrap
1278     */    
1279    public String DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME_FORMAT =
1280        "urn:oasis:names:tc:SAML:2.0:attrname-format:uri";
1281
1282    /**
1283     * Attribute name for ID-WSF 1.1 Discovery bootstrap
1284     */    
1285    public String DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME =
1286        "urn:liberty:disco:2003-08:DiscoveryResourceOffering";
1287
1288    /**
1289     * Constant for Discovery bootstrap credentials SSO token
1290     * property
1291     */
1292    public String DISCOVERY_BOOTSTRAP_CREDENTIALS =
1293        "DiscoveryBootstrapCrendentials";
1294    
1295    /**
1296     * XML Schema Instance namespace URI
1297     */
1298    public String NS_XSI = 
1299        "http://www.w3.org/2001/XMLSchema-instance";
1300
1301    /**
1302     * String used to declare XML Schema Instance namespace.
1303     */
1304    public String XSI_DECLARE_STR =
1305        "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"";
1306
1307    /**
1308     * List of SAE appliation name to encrypted secret mapping.
1309     */
1310    public String SAE_APP_SECRET_LIST = "saeAppSecretList";
1311
1312    /**
1313     * List of valid Relay State Urls
1314     */
1315    public String RELAY_STATE_URL_LIST = "relayStateUrlList";
1316
1317    /**
1318     * IDP SAE endpoint url.
1319     */
1320    public String SAE_IDP_URL = "saeIDPUrl";
1321
1322    /**
1323     * SP SAE endpoint url.
1324     */
1325    public String SAE_SP_URL = "saeSPUrl";
1326
1327    /**
1328     * SP SAE logout url.
1329     */
1330    public String SAE_SP_LOGOUT_URL = "saeSPLogoutUrl";
1331
1332    /**
1333     * SAE : Extended meta param : SPApp url
1334     */
1335    public String SAE_XMETA_URL = "url";
1336
1337    /**
1338     * SAE : Extended meta param : shared secret for symmetric crypto
1339     */
1340    public String SAE_XMETA_SECRET = "secret";
1341
1342    /**
1343     * SAE : Derived from SAML2 meta
1344     */
1345    public String SAE_XMETA_PKEY_ALIAS = "privatekeyalias";
1346
1347    /**
1348     * HTTP parameters that will be passed to SAE auth modules.
1349     */
1350    public String SAE_REALM = "realm";
1351    public String SAE_IDP_ENTITYID = "idpEntityID";
1352    public String SAE_IDPAPP_URL = "idpAppUrl";
1353            
1354    /**
1355     * Enable IDP Proxy
1356     */
1357    public String ENABLE_IDP_PROXY = "enableIDPProxy";
1358
1359    /**
1360     * Always proxy the Authn Request
1361     */
1362    public String ALWAYS_IDP_PROXY = "alwaysIdpProxy";
1363
1364    /**
1365     *IDP Proxy Name List
1366     */
1367    public String IDP_PROXY_LIST = "idpProxyList";
1368 
1369    /**
1370     * IDP Proxy Count
1371     */
1372    public String IDP_PROXY_COUNT = "idpProxyCount";
1373 
1374    /**
1375     * Use Introduction for IDP Proxy
1376     */
1377    public String USE_INTRODUCTION_FOR_IDP_PROXY =
1378        "useIntroductionForIDPProxy";      
1379
1380    /**
1381     * Idp finder URL
1382     */
1383    public String IDP_FINDER_URL ="/idpfinder";
1384    
1385    /**
1386     * IDP Proxy finder name
1387     */
1388    public String IDP_PROXY_FINDER_NAME = 
1389         "com.sun.identity.saml2.idpproxy"; 
1390         
1391    /**
1392     * Default class name of IDP Proxy finder   
1393     */     
1394    public String  DEFAULT_IDP_PROXY_FINDER = 
1395        "com.sun.identity.saml2.plugins.SAML2IDPProxyImpl";
1396
1397    /**
1398     * IDP Proxy finder attribute name in the IDP Extended metadata
1399     */
1400    public String IDP_PROXY_FINDER_ATTR_NAME = "idpProxyFinder";
1401
1402    /**
1403     * IDP Proxy finder implmentation classe attribute name
1404     * in the IDP Extended metadata
1405     */
1406    public static final String PROXY_IDP_FINDER_CLASS = "proxyIDPFinderClass";
1407    
1408    /**
1409     * Flag to indicate if the IdP must enable the IdP Finder
1410     * This is the name of the attribute flag in the IDP Extended metadata
1411     */
1412    public static final String ENABLE_PROXY_IDP_FINDER_FOR_ALL_SPS =
1413            "enableProxyIDPFinderForAllSPs";
1414    
1415    /**
1416     * Attribute Name in the extended metadata that takes the value of
1417     * the JSP that will present the list of IdPs to the user
1418     */
1419    public static final String PROXY_IDP_FINDER_JSP =
1420            "proxyIDPFinderJSP";
1421
1422    /**
1423     * Default IDP Proxy Finder JSP
1424     */
1425    public static final String DEFAULT_PROXY_IDP_FINDER = "proxyidpfinder.jsp";
1426
1427    /**
1428     * IDP Adapter class attribute name
1429     */
1430    public static final String IDP_ADAPTER_CLASS = "idpAdapter";
1431
1432    /**
1433     * Default IDP Adapter class
1434     */
1435    public static final String DEFAULT_IDP_ADAPTER = "com.sun.identity.saml2.plugins.DefaultIDPAdapter";
1436
1437    /**
1438     * Key used to save IDP Session in a map
1439     */    
1440    public String IDP_SESSION = "IDPSESSION"; 
1441    
1442    /**
1443     * Key used to save session partners in a map 
1444     */
1445    public String  PARTNERS = "PARTNERS";        
1446
1447    /**
1448     * String used to declare ECP namespace prefix.
1449     */
1450    public static final String ECP_PREFIX = "ecp:";
1451    
1452    /**
1453     * ECP namespace URI.
1454     */
1455    public static final String ECP_NAMESPACE =
1456        "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp";
1457    
1458    /**
1459     * String used to declare ECP namespace.
1460     */
1461    public static final String ECP_DECLARE_STR =
1462        "xmlns:ecp=\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\"";
1463
1464    /**
1465     * Constant for ECP end tag
1466     */
1467    public static final String ECP_END_TAG="</ecp:";
1468
1469    /**
1470     * ECP service name in PAOS header
1471     */
1472    public static final String PAOS_ECP_SERVICE =
1473        "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp";
1474
1475    /**
1476     * String used to declare SOAP envelope namespace prefix.
1477     */
1478    public static final String SOAP_ENV_PREFIX = "soap-env:";
1479    
1480    /**
1481     * SOAP envelope namespace URI.
1482     */
1483    public static final String SOAP_ENV_NAMESPACE =
1484        "http://schemas.xmlsoap.org/soap/envelope/";
1485    
1486    /**
1487     * String used to declare SOAP envelope namespace.
1488     */
1489    public static final String SOAP_ENV_DECLARE_STR =
1490        "xmlns:soap-env=\"http://schemas.xmlsoap.org/soap/envelope/\"";
1491
1492    /**
1493     * SOAP actor.
1494     */
1495    public static final String SOAP_ACTOR_NEXT =
1496        "http://schemas.xmlsoap.org/soap/actor/next";
1497    
1498    /**
1499     * Check Certificate status
1500     */
1501    public static final String CHECK_SAML2_CERTIFICATE_STATUS =
1502        "com.sun.identity.saml2.crl.check";
1503
1504    /**
1505     * Check CA Certificate status
1506     */
1507    public static final String CHECK_SAML2_CA_STATUS =
1508        "com.sun.identity.saml2.crl.check.ca";
1509
1510    /**
1511     * Wild card to indicate mapping any attribute name as it is in
1512     * the Assertion
1513     */
1514    public String ATTR_WILD_CARD = "*";
1515
1516    /**
1517     * Key name for Response object
1518     */
1519    public String RESPONSE = "Response"; 
1520
1521    /**
1522     * Key name for Assertion object
1523     */
1524    public String ASSERTION = "Assertion"; 
1525    
1526    /**
1527     * One Time Use.
1528     */
1529    public String ONETIME="ONE"; 
1530    /**
1531     * Is Bearer assertion
1532     */
1533    public String IS_BEARER="isBearer";  
1534
1535    /**
1536     * String to represent the logout url for external application.
1537     * SAML2 component will send request to the external logout URL 
1538     * using back channel HTTP POST mechanism.
1539     * This is used when the single logout is initiated from remote party
1540     * (SP or IDP).
1541     */
1542    public String APP_LOGOUT_URL = "appLogoutUrl";
1543
1544    /**
1545     * URL parameter name in external application logout URL for requesting 
1546     * user session property. Value is a session property name whose
1547     * value will be posted to application as http header and content for its 
1548     * logout use.
1549     */
1550    public String APP_SESSION_PROPERTY = "appsessionproperty";
1551  
1552    /**
1553     * IDP Session Synchronize Enabled
1554     */
1555    public String IDP_SESSION_SYNC_ENABLED =
1556            "idpSessionSyncEnabled";
1557
1558    /**
1559     * SP Session Synchronize Enabled
1560     */
1561    public String SP_SESSION_SYNC_ENABLED =
1562            "spSessionSyncEnabled";
1563
1564    /**
1565     * Map key used in fedlet case to specify federation info key.
1566     */
1567    public String INFO_KEY = "infoKey";
1568
1569    /**
1570     * Single Sign-On service.
1571     */
1572    public String SSO_SERVICE = "sso";
1573
1574    /**
1575     * NameIDMapping service.
1576     */
1577    public String NAMEID_MAPPING_SERVICE = "nip";
1578
1579    /**
1580     * AssertionIDRequest service.
1581     */
1582    public String ASSERTION_ID_REQUEST_SERVICE = "air";
1583
1584    /**
1585     * ArtifactResolution service.
1586     */
1587    public String ARTIFACT_RESOLUTION_SERVICE = "ars";
1588
1589    /**
1590     * SingleLogout service.
1591     */
1592    public String SLO_SERVICE = "slo";
1593
1594    /**
1595     * ManageNameID service.
1596     */
1597    public String MNI_SERVICE = "mni";
1598
1599    /**
1600     * AssertionConsumer service.
1601     */
1602    public String ACS_SERVICE = "acs";
1603
1604    /**
1605     * Map key used in SLO request redirect code
1606     */
1607    public static final String AM_REDIRECT_URL = "AM_REDIRECT_URL";
1608
1609    /**
1610     * Map key used in SLO request redirect code
1611     */
1612    public static final String OUTPUT_DATA = "OUTPUT_DATA";
1613
1614    public static final String RESPONSE_CODE = "RESPONSE_CODE";
1615
1616    /**
1617     * Flag to Indicate that we do not want to write the Federation info in the local User Data Store. This flag is
1618     * set in the local/remote SP extended metadata configuration.
1619     */
1620    public static final String SP_DO_NOT_WRITE_FEDERATION_INFO = "spDoNotWriteFederationInfo";
1621
1622    /**
1623     * Flag to indicate that we do not want to write the federation info in the IdP's local User Data Store. This flag
1624     * is set in the local IdP extended metadata configuration.
1625     */
1626    String IDP_DISABLE_NAMEID_PERSISTENCE = "idpDisableNameIDPersistence";
1627
1628    /**
1629     * Property to determine whether SAML SP Decryption Debug mode has been enabled.
1630     */
1631    String SAML_DECRYPTION_DEBUG_MODE = "openam.saml.decryption.debug.mode";
1632
1633    /**
1634     * Property name used to store the remote IdP's SAML response as an attribute of the HttpServletRequest.
1635     */
1636    String SAML_PROXY_IDP_RESPONSE_KEY = "openam.saml.idpproxy.idp.response";
1637
1638    /**
1639     * property name used to store whether or not saml single logout in enabled.
1640     */
1641    String SINGLE_LOGOUT = "openam.saml.singlelogout.enabled";
1642
1643    /**
1644     * Default Value for the SAML2 Server Port
1645     */
1646    int DEFAULT_SERVER_PORT = 18080;
1647}