1 //----------------------------------------------------------------------- 2 // <copyright file="Saml2Constants.cs" company="Microsoft"> 3 // Copyright (c) Microsoft Corporation. All rights reserved. 4 // </copyright> 5 //----------------------------------------------------------------------- 6 7 namespace System.IdentityModel.Tokens 8 { 9 using System; 10 11 /// <summary> 12 /// Contains constants related to SAML2. 13 /// </summary> 14 internal static class Saml2Constants 15 { 16 #pragma warning disable 1591 17 public const string Prefix = "saml"; 18 public const string Namespace = "urn:oasis:names:tc:SAML:2.0:assertion"; 19 20 internal static class ActionNamespaces 21 { 22 /// <summary> 23 /// Read/Write/Execute/Delete/Control [Saml2Core, 8.1.1] 24 /// </summary> 25 public static readonly Uri Rwedc = new Uri(RwedcString); 26 27 /// <summary> 28 /// Read/Write/Execute/Delete/Control with Negation [Saml2Core, 8.1.2] 29 /// </summary> 30 public static readonly Uri RwedcNegation = new Uri(RwedcNegationString); 31 32 /// <summary> 33 /// Get/Head/Put/Post [Saml2Core, 8.1.3] 34 /// </summary> 35 public static readonly Uri Ghpp = new Uri(GhppString); 36 37 /// <summary> 38 /// UNIX file permissions [Saml2Core, 8.1.4] 39 /// </summary> 40 public static readonly Uri Unix = new Uri(UnixString); 41 42 public const string RwedcString = "urn:oasis:names:tc:SAML:1.0:action:rwedc"; 43 public const string RwedcNegationString = "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation"; 44 public const string GhppString = "urn:oasis:names:tc:SAML:1.0:action:ghpp"; 45 public const string UnixString = "urn:oasis:names:tc:SAML:1.0:action:unix"; 46 } 47 48 internal static class Attributes 49 { 50 public const string Address = "Address"; 51 public const string AuthnInstant = "AuthnInstant"; 52 public const string Count = "Count"; 53 public const string Decision = "Decision"; 54 public const string DNSName = "DNSName"; 55 public const string Format = "Format"; 56 public const string FriendlyName = "FriendlyName"; 57 public const string ID = "ID"; 58 public const string InResponseTo = "InResponseTo"; 59 public const string IssueInstant = "IssueInstant"; 60 public const string Method = "Method"; 61 public const string Name = "Name"; 62 public const string NameFormat = "NameFormat"; 63 public const string NameQualifier = "NameQualifier"; 64 public const string Namespace = "Namespace"; 65 public const string NotBefore = "NotBefore"; 66 public const string NotOnOrAfter = "NotOnOrAfter"; 67 public const string OriginalIssuer = "OriginalIssuer"; 68 public const string Recipient = "Recipient"; 69 public const string Resource = "Resource"; 70 public const string SessionIndex = "SessionIndex"; 71 public const string SessionNotOnOrAfter = "SessionNotOnOrAfter"; 72 public const string SPNameQualifier = "SPNameQualifier"; 73 public const string SPProvidedID = "SPProvidedID"; 74 public const string Version = "Version"; 75 } 76 77 internal static class AuthenticationContextClasses 78 { 79 // [Saml2AuthnContext, 3.4.1] 80 public static readonly Uri InternetProtocol = new Uri(InternetProtocolString); 81 82 // [Saml2AuthnContext, 3.4.2] 83 public static readonly Uri InternetProtocolPassword = new Uri(InternetProtocolPasswordString); 84 85 // [Saml2AuthnContext, 3.4.3] 86 public static readonly Uri Kerberos = new Uri(KerberosString); 87 88 // [Saml2AuthnContext, 3.4.4] 89 public static readonly Uri MobileOneFactorUnregistered = new Uri(MobileOneFactorUnregisteredString); 90 91 // [Saml2AuthnContext, 3.4.5] 92 public static readonly Uri MobileTwoFactorUnregistered = new Uri(MobileTwoFactorUnregisteredString); 93 94 // [Saml2AuthnContext, 3.4.6] 95 public static readonly Uri MobileOneFactorContract = new Uri(MobileOneFactorContractString); 96 97 // [Saml2AuthnContext, 3.4.7] 98 public static readonly Uri MobileTwoFactorContract = new Uri(MobileTwoFactorContractString); 99 100 // [Saml2AuthnContext, 3.4.8] 101 public static readonly Uri Password = new Uri(PasswordString); 102 103 // [Saml2AuthnContext, 3.4.9] 104 public static readonly Uri PasswordProtectedTransport = new Uri(PasswordProtectedTransportString); 105 106 // [Saml2AuthnContext, 3.4.10] 107 public static readonly Uri PreviousSession = new Uri(PreviousSessionString); 108 109 // [Saml2AuthnContext, 3.4.11] 110 public static readonly Uri X509 = new Uri(X509String); 111 112 // [Saml2AuthnContext, 3.4.12] 113 public static readonly Uri Pgp = new Uri(PgpString); 114 115 // [Saml2AuthnContext, 3.4.13] 116 public static readonly Uri Spki = new Uri(SpkiString); 117 118 // [Saml2AuthnContext, 3.4.14] 119 public static readonly Uri XmlDSig = new Uri(XmlDsigString); 120 121 // [Saml2AuthnContext, 3.4.15] 122 public static readonly Uri Smartcard = new Uri(SmartcardString); 123 124 // [Saml2AuthnContext, 3.4.16] 125 public static readonly Uri SmartcardPki = new Uri(SmartcardPkiString); 126 127 // [Saml2AuthnContext, 3.4.17] 128 public static readonly Uri SoftwarePki = new Uri(SoftwarePkiString); 129 130 // [Saml2AuthnContext, 3.4.18] 131 public static readonly Uri Telephony = new Uri(TelephonyString); 132 133 // [Saml2AuthnContext, 3.4.19] 134 public static readonly Uri NomadTelephony = new Uri(NomadTelephonyString); 135 136 // [Saml2AuthnContext, 3.4.20] 137 public static readonly Uri PersonalTelephony = new Uri(PersonalTelephonyString); 138 139 // [Saml2AuthnContext, 3.4.21] 140 public static readonly Uri AuthenticatedTelephony = new Uri(AuthenticatedTelephonyString); 141 142 // [Saml2AuthnContext, 3.4.22] 143 public static readonly Uri SecureRemotePassword = new Uri(SecureRemotePasswordString); 144 145 // [Saml2AuthnContext, 3.4.23] 146 public static readonly Uri TlsClient = new Uri(TlsClientString); 147 148 // [Saml2AuthnContext, 3.4.24] 149 public static readonly Uri TimeSyncToken = new Uri(TimeSyncTokenString); 150 151 // [Saml2AuthnContext, 3.4.25] 152 public static readonly Uri Unspecified = new Uri(UnspecifiedString); 153 154 public const string InternetProtocolString = "urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol"; 155 public const string InternetProtocolPasswordString = "urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword"; 156 public const string KerberosString = "urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"; 157 public const string MobileOneFactorUnregisteredString = "urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered"; 158 public const string MobileTwoFactorUnregisteredString = "urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered"; 159 public const string MobileOneFactorContractString = "urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract"; 160 public const string MobileTwoFactorContractString = "urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract"; 161 public const string PasswordString = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"; 162 public const string PasswordProtectedTransportString = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"; 163 public const string PreviousSessionString = "urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession"; 164 public const string X509String = "urn:oasis:names:tc:SAML:2.0:ac:classes:X509"; 165 public const string PgpString = "urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"; 166 public const string SpkiString = "urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"; 167 public const string XmlDsigString = "urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig"; 168 public const string SecureRempotePasswordString = "urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword"; 169 public const string SmartcardString = "urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard"; 170 public const string SmartcardPkiString = "urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI"; 171 public const string SoftwarePkiString = "urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI"; 172 public const string TelephonyString = "urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony"; 173 public const string NomadTelephonyString = "urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony"; 174 public const string PersonalTelephonyString = "urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalTelephony"; 175 public const string AuthenticatedTelephonyString = "urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony"; 176 public const string SecureRemotePasswordString = "urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword"; 177 public const string TlsClientString = "urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient"; 178 public const string TimeSyncTokenString = "urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken"; 179 public const string UnspecifiedString = "urn:oasis:names:tc:SAML:2.0:ac:classes:Unspecified"; 180 public const string WindowsString = "urn:federation:authentication:windows"; 181 } 182 183 internal static class ConfirmationMethods 184 { 185 public const string BearerString = "urn:oasis:names:tc:SAML:2.0:cm:bearer"; 186 public const string HolderOfKeyString = "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"; 187 public const string SenderVouchesString = "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"; 188 189 /// <summary> 190 /// The subject of the assertion is the bearer of the assertion. [Saml2Prof, 3.3] 191 /// </summary> 192 public static readonly Uri Bearer = new Uri(BearerString); 193 194 /// <summary> 195 /// The holder of a specified key is considered to be the subject of the assertion 196 /// by the asserting party. [Saml2Prof, 3.1] 197 /// </summary> 198 public static readonly Uri HolderOfKey = new Uri(HolderOfKeyString); 199 200 /// <summary> 201 /// Indicates that no other information is available about the context of use of the 202 /// assertion. [Saml2Prof, 3.2] 203 /// </summary> 204 public static readonly Uri SenderVouches = new Uri(SenderVouchesString); 205 } 206 207 internal static class Elements 208 { 209 public const string Action = "Action"; 210 public const string Advice = "Advice"; 211 public const string Assertion = "Assertion"; 212 public const string AssertionIDRef = "AssertionIDRef"; 213 public const string AssertionURIRef = "AssertionURIRef"; 214 public const string Attribute = "Attribute"; 215 public const string AttributeStatement = "AttributeStatement"; 216 public const string AttributeValue = "AttributeValue"; 217 public const string Audience = "Audience"; 218 public const string AudienceRestriction = "AudienceRestriction"; 219 public const string AuthenticatingAuthority = "AuthenticatingAuthority"; 220 public const string AuthnContext = "AuthnContext"; 221 public const string AuthnContextClassRef = "AuthnContextClassRef"; 222 public const string AuthnContextDecl = "AuthnContextDecl"; 223 public const string AuthnContextDeclRef = "AuthnContextDeclRef"; 224 public const string AuthnStatement = "AuthnStatement"; 225 public const string AuthzDecisionStatement = "AuthzDecisionStatement"; 226 public const string BaseID = "BaseID"; 227 public const string Condition = "Condition"; 228 public const string Conditions = "Conditions"; 229 public const string EncryptedAssertion = "EncryptedAssertion"; 230 public const string EncryptedAttribute = "EncryptedAttribute"; 231 public const string EncryptedID = "EncryptedID"; 232 public const string Evidence = "Evidence"; 233 public const string Issuer = "Issuer"; 234 public const string NameID = "NameID"; 235 public const string OneTimeUse = "OneTimeUse"; 236 public const string ProxyRestricton = "ProxyRestriction"; 237 public const string Statement = "Statement"; 238 public const string Subject = "Subject"; 239 public const string SubjectConfirmation = "SubjectConfirmation"; 240 public const string SubjectConfirmationData = "SubjectConfirmationData"; 241 public const string SubjectLocality = "SubjectLocality"; 242 } 243 244 /// <summary> 245 /// These identifiers MAY be used in the Format attribute of the NameID, 246 /// NameIDPolicy, or Issuer elements to refer to common formats for the 247 /// content of the elements and the associated processing rules, if any. 248 /// [Saml2Core, 8.3] 249 /// </summary> 250 internal static class NameIdentifierFormats 251 { 252 /// <summary> 253 /// The interpretation of the content of the element is left to 254 /// individual implementations. [Saml2Core, 8.3.1] 255 /// </summary> 256 public static readonly Uri Unspecified = new Uri(UnspecifiedString); 257 258 /// <summary> 259 /// Indicates that the content of the element is in the form of an 260 /// email address, specifically "addr-spec" as defined in 261 /// [RFC 2822, 3.4.1]. [Saml2Core, 8.3.2] 262 /// </summary> 263 public static readonly Uri EmailAddress = new Uri(EmailAddressString); 264 265 /// <summary> 266 /// Indicates that the content of the element is in the form specified 267 /// for the contents of the X509SubjectName element from [XMLSig]. 268 /// [Saml2Core, 8.3.3] 269 /// </summary> 270 public static readonly Uri X509SubjectName = new Uri(X509SubjectNameString); 271 272 /// <summary> 273 /// Indicates that the content of the element is a Windows domain 274 /// qualified name. [Saml2Core, 8.3.4] 275 /// </summary> 276 public static readonly Uri WindowsDomainQualifiedName = new Uri(WindowsDomainQualifiedNameString); 277 278 /// <summary> 279 /// Indicates that the content of the element is in the form of a 280 /// Kerberos principal name using the format name[/instance]@REALM. 281 /// [Saml2Core, 8.3.5] 282 /// </summary> 283 public static readonly Uri Kerberos = new Uri(KerberosString); 284 285 /// <summary> 286 /// Indicates that the content of the element is a URI identifying an 287 /// entity that provides SAML-based services (such as a SAML authority, 288 /// requester, or responder) or is a participant in SAML profiles (such 289 /// as a service provider supporting the browser SSO profile). 290 /// [Saml2Core, 8.3.6] 291 /// </summary> 292 public static readonly Uri Entity = new Uri(EntityString); 293 294 /// <summary> 295 /// Indicates that the content of the element is a persistent opaque 296 /// identifier for a principal that is specific to an identity provider 297 /// and a service provider or affiliation of service providers. 298 /// [Saml2Core, 8.3.7] (See also for many restrictions on the data.) 299 /// </summary> 300 public static readonly Uri Persistent = new Uri(PersistentString); 301 302 /// <summary> 303 /// Indicates that the content of the element is an identifier with 304 /// transient semantics and SHOULD be treated as an opaque and 305 /// temporary value by the relying party. [Saml2Core, 8.3.8] 306 /// </summary> 307 public static readonly Uri Transient = new Uri(TransientString); 308 309 /// <summary> 310 /// When included in the Format attribute of the NameIDPolicy attribute, 311 /// requests that the resulting identifier be encrypted. [Saml2Core, 3.4.1.1] 312 /// </summary> 313 public static readonly Uri Encrypted = new Uri(EncryptedString); 314 315 public const string UnspecifiedString = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"; 316 public const string EmailAddressString = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"; 317 public const string X509SubjectNameString = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"; 318 public const string WindowsDomainQualifiedNameString = "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName"; 319 public const string KerberosString = "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos"; 320 public const string EntityString = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"; 321 public const string PersistentString = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"; 322 public const string TransientString = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"; 323 public const string EncryptedString = "urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted"; 324 } 325 326 internal static class Types 327 { 328 public const string ActionType = "ActionType"; 329 public const string AdviceType = "AdviceType"; 330 public const string AssertionType = "AssertionType"; 331 public const string AttributeStatementType = "AttributeStatementType"; 332 public const string AttributeType = "AttributeType"; 333 public const string AudienceRestrictionType = "AudienceRestrictionType"; 334 public const string AuthnContextType = "AuthnContextType"; 335 public const string AuthnStatementType = "AuthnStatementType"; 336 public const string AuthzDecisionStatementType = "AuthzDecisionStatementType"; 337 public const string BaseIDAbstractType = "BaseIDAbstractType"; 338 public const string ConditionAbstractType = "ConditionAbstractType"; 339 public const string ConditionsType = "ConditionsType"; 340 public const string EncryptedElementType = "EncryptedElementType"; 341 public const string EvidenceType = "EvidenceType"; 342 public const string KeyInfoConfirmationDataType = "KeyInfoConfirmationDataType"; 343 public const string NameIDType = "NameIDType"; 344 public const string OneTimeUseType = "OneTimeUseType"; 345 public const string ProxyRestrictionType = "ProxyRestrictionType"; 346 public const string SubjectType = "SubjectType"; 347 public const string SubjectConfirmationDataType = "SubjectConfirmationDataType"; 348 public const string SubjectConfirmationType = "SubjectConfirmationType"; 349 public const string SubjectLocalityType = "SubjectLocalityType"; 350 public const string StatementAbstractType = "StatementAbstractType"; 351 } 352 #pragma warning restore 1591 353 } 354 } 355