1 /* saml2.h - Widely used SAML 2.0 constants 2 * Copyright (c) 2011 Sampo Kellomaki (sampo@iki.fi), All Rights Reserved. 3 * Copyright (c) 2006-2008 Symlabs (symlabs@symlabs.com), All Rights Reserved. 4 * Author: Sampo Kellomaki (sampo@iki.fi) 5 * This is confidential unpublished proprietary source code of the author. 6 * NO WARRANTY, not even implied warranties. Contains trade secrets. 7 * Distribution prohibited unless authorized in writing. 8 * Licensed under Apache License 2.0, see file COPYING. 9 * $Id: saml2.h,v 1.3 2008-04-14 04:23:58 sampo Exp $ 10 * 11 * 26.8.2006, created --Sampo 12 * 14.4.2008, added SimpleSign --Sampo 13 * 10.12.2011, added OAuth2, OpenID Connect, and UMA support --Sampo 14 */ 15 16 #ifndef _saml2_h 17 #define _saml2_h 18 19 #define SAML2_PROTO "urn:oasis:names:tc:SAML:2.0:protocol" 20 #define SAML2_VERSION "2.0" 21 22 /* TOP LEVEL STATUS CODES */ 23 #define SAML2_SC_SUCCESS "urn:oasis:names:tc:SAML:2.0:status:Success" 24 #define SAML2_SC_REQUESTER "urn:oasis:names:tc:SAML:2.0:status:Requester" 25 #define SAML2_SC_RESPONDER "urn:oasis:names:tc:SAML:2.0:status:Responder" 26 #define SAML2_SC_VERSION "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch" 27 28 /* SECOND LEVEL STATUS CODES */ 29 #define SAML2_SC_AUTHNFAIL "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed" 30 #define SAML2_SC_INVATTRNV "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrnameOrValue" 31 #define SAML2_SC_INVNIDPOL "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy" 32 #define SAML2_SC_NOAUTNCTX "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext" 33 #define SAML2_SC_NOAVALIDP "urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP" 34 #define SAML2_SC_NOPASSIVE "urn:oasis:names:tc:SAML:2.0:status:NoPassive" 35 #define SAML2_SC_NOSUPPIDP "urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP" 36 #define SAML2_SC_PARLOGOUT "urn:oasis:names:tc:SAML:2.0:status:PartialLogout" 37 #define SAML2_SC_PROXYCEXC "urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded" 38 #define SAML2_SC_REQDENIED "urn:oasis:names:tc:SAML:2.0:status:RequestDenied" 39 #define SAML2_SC_REQUNSUPP "urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported" 40 #define SAML2_SC_REQVERDEP "urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated" 41 #define SAML2_SC_REQVERHIG "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh" 42 #define SAML2_SC_REQVERLOW "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow" 43 #define SAML2_SC_RESONRECG "urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized" 44 #define SAML2_SC_TOOMNYRES "urn:oasis:names:tc:SAML:2.0:status:TooManyResponses" 45 #define SAML2_SC_UNKATTPRO "urn:oasis:names:tc:SAML:2.0:status:UnknownAttributeProfile" 46 #define SAML2_SC_UNKPRNCPL "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal" 47 #define SAML2_SC_UNSUPPBIN "urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding" 48 49 /* Authentication contexts: how was the user authenticated, or how dowe want him authenticated. */ 50 51 #define SAML_AUTHCTX_PASSWORDPROTECTED "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" 52 #define SAML_AUTHCTX_PASSWORD "urn:oasis:names:tc:SAML:2.0:ac:classes:Password" 53 #define SAML_AUTHCTX_SSL_TLS_CERT "urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient" 54 #define SAML_AUTHCTX_PREVSESS "urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession" 55 #define SAML_AUTHCTX_UNSPCFD "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified" 56 #define SAML_AUTHCTX_INPROT "urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol" 57 58 /* NameID formats */ 59 60 #define SAML2_UNSPECIFIED_NID_FMT "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" 61 #define SAML2_EMAILADDR_NID_FMT "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" 62 #define SAML2_X509_NID_FMT "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" 63 #define SAML2_WINDOMAINQN_NID_FMT "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName" 64 #define SAML2_KERBEROS_NID_FMT "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos" 65 #define SAML2_ENTITY_NID_FMT "urn:oasis:names:tc:SAML:2.0:nameid-format:entity" 66 #define SAML2_PERSISTENT_NID_FMT "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" 67 #define SAML2_TRANSIENT_NID_FMT "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" 68 69 /* Protocol profiles and bindings identify various negotiable subprotocols. */ 70 71 #define SAML2_SSO_BRWS "urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser" 72 #define SAML2_SSO_ECP "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp" 73 #define SAML2_SLO "urn:oasis:names:tc:SAML:2.0:profiles:SSO:logout" 74 #define SAML2_NIREG "urn:oasis:names:tc:SAML:2.0:profiles:SSO:nameid-mgmt" 75 #define SAML2_NIMAP "urn:oasis:names:tc:SAML:2.0:profiles:SSO:nameidmapping" 76 #define SAML2_ARTIFACT "urn:oasis:names:tc:SAML:2.0:profiles:SSO:artifact" 77 #define SAML2_QUERY "urn:oasis:names:tc:SAML:2.0:profiles:SSO:query" 78 79 #define SAML2_PAOS "urn:oasis:names:tc:SAML:2.0:bindings:PAOS" 80 #define SAML2_SOAP "urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 81 #define SAML2_REDIR "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 82 #define SAML2_ART "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" 83 #define SAML2_POST "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 84 #define SAML2_POST_SIMPLE_SIGN "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" 85 #define SAML2_URI "urn:oasis:names:tc:SAML:2.0:bindings:URI" 86 87 /* OAUTH2.0 or OpenID-Connect 1.0 specifics */ 88 89 #define OAUTH2_REDIR "urn:zxid:OAUTH:2.0:bindings:HTTP-Redirect" 90 91 /* Attribute types describe how attributes are encoded. */ 92 93 #define SAML2_AP_BASIC "urn:oasis:names:tc:SAML:2.0:profiles:attribute:basic" 94 #define SAML2_AP_X500 "urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500" 95 #define SAML2_AP_UUID "urn:oasis:names:tc:SAML:2.0:profiles:attribute:UUID" 96 #define SAML2_AP_DCE "urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE" 97 #define SAML2_AP_XACML "urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML" 98 99 #define ATTRNAME_UNSPECIFIED "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" 100 #define ATTRNAME_BASIC "urn:oasis:names:tc:SAML:2.0:attrname-format:basic" 101 102 /* Misc. */ 103 104 #define SOAP_ACTOR_NEXT "http://schemas.xmlsoap.org/soap/actor/next" 105 #define SAML2_BEARER "urn:oasis:names:tc:SAML:2.0:cm:bearer" 106 #define SAML2_SOAP_ACTION "http://www.oasis-open.org/committees/security" 107 108 #define ACTION_RW "urn:oasis:names:tc:SAML:1.0:action:rwedc" 109 #define ACTION_RWN "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation" 110 #define ACTION_GHPP "urn:oasis:names:tc:SAML:1.0:action:ghpp" 111 #define ACTION_UNIX "urn:oasis:names:tc:SAML:1.0:action:unix" 112 113 #define PAOS_CONTENT "application/vnd.paos+xml" 114 115 #endif 116