1 /* saml2.h  -  Widely used SAML 2.0 constants
2  * Copyright (c) 2011 Sampo Kellomaki (sampo@iki.fi), All Rights Reserved.
3  * Copyright (c) 2006-2008 Symlabs (symlabs@symlabs.com), All Rights Reserved.
4  * Author: Sampo Kellomaki (sampo@iki.fi)
5  * This is confidential unpublished proprietary source code of the author.
6  * NO WARRANTY, not even implied warranties. Contains trade secrets.
7  * Distribution prohibited unless authorized in writing.
8  * Licensed under Apache License 2.0, see file COPYING.
9  * $Id: saml2.h,v 1.3 2008-04-14 04:23:58 sampo Exp $
10  *
11  * 26.8.2006,  created --Sampo
12  * 14.4.2008,  added SimpleSign --Sampo
13  * 10.12.2011, added OAuth2, OpenID Connect, and UMA support --Sampo
14  */
15 
16 #ifndef _saml2_h
17 #define _saml2_h
18 
19 #define SAML2_PROTO "urn:oasis:names:tc:SAML:2.0:protocol"
20 #define SAML2_VERSION "2.0"
21 
22 /* TOP LEVEL STATUS CODES */
23 #define SAML2_SC_SUCCESS    "urn:oasis:names:tc:SAML:2.0:status:Success"
24 #define SAML2_SC_REQUESTER  "urn:oasis:names:tc:SAML:2.0:status:Requester"
25 #define SAML2_SC_RESPONDER  "urn:oasis:names:tc:SAML:2.0:status:Responder"
26 #define SAML2_SC_VERSION    "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"
27 
28 /* SECOND LEVEL STATUS CODES */
29 #define SAML2_SC_AUTHNFAIL  "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"
30 #define SAML2_SC_INVATTRNV  "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrnameOrValue"
31 #define SAML2_SC_INVNIDPOL  "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy"
32 #define SAML2_SC_NOAUTNCTX  "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext"
33 #define SAML2_SC_NOAVALIDP  "urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP"
34 #define SAML2_SC_NOPASSIVE  "urn:oasis:names:tc:SAML:2.0:status:NoPassive"
35 #define SAML2_SC_NOSUPPIDP  "urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP"
36 #define SAML2_SC_PARLOGOUT  "urn:oasis:names:tc:SAML:2.0:status:PartialLogout"
37 #define SAML2_SC_PROXYCEXC  "urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded"
38 #define SAML2_SC_REQDENIED  "urn:oasis:names:tc:SAML:2.0:status:RequestDenied"
39 #define SAML2_SC_REQUNSUPP  "urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported"
40 #define SAML2_SC_REQVERDEP  "urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated"
41 #define SAML2_SC_REQVERHIG  "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh"
42 #define SAML2_SC_REQVERLOW  "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow"
43 #define SAML2_SC_RESONRECG  "urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized"
44 #define SAML2_SC_TOOMNYRES  "urn:oasis:names:tc:SAML:2.0:status:TooManyResponses"
45 #define SAML2_SC_UNKATTPRO  "urn:oasis:names:tc:SAML:2.0:status:UnknownAttributeProfile"
46 #define SAML2_SC_UNKPRNCPL  "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal"
47 #define SAML2_SC_UNSUPPBIN  "urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding"
48 
49 /* Authentication contexts: how was the user authenticated, or how dowe want him authenticated. */
50 
51 #define SAML_AUTHCTX_PASSWORDPROTECTED "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
52 #define SAML_AUTHCTX_PASSWORD          "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
53 #define SAML_AUTHCTX_SSL_TLS_CERT      "urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient"
54 #define SAML_AUTHCTX_PREVSESS          "urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession"
55 #define SAML_AUTHCTX_UNSPCFD           "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"
56 #define SAML_AUTHCTX_INPROT            "urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol"
57 
58 /* NameID formats */
59 
60 #define SAML2_UNSPECIFIED_NID_FMT "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
61 #define SAML2_EMAILADDR_NID_FMT   "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
62 #define SAML2_X509_NID_FMT        "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"
63 #define SAML2_WINDOMAINQN_NID_FMT "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName"
64 #define SAML2_KERBEROS_NID_FMT    "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos"
65 #define SAML2_ENTITY_NID_FMT      "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
66 #define SAML2_PERSISTENT_NID_FMT  "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
67 #define SAML2_TRANSIENT_NID_FMT   "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
68 
69 /* Protocol profiles and bindings identify various negotiable subprotocols. */
70 
71 #define SAML2_SSO_BRWS "urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser"
72 #define SAML2_SSO_ECP  "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
73 #define SAML2_SLO      "urn:oasis:names:tc:SAML:2.0:profiles:SSO:logout"
74 #define SAML2_NIREG    "urn:oasis:names:tc:SAML:2.0:profiles:SSO:nameid-mgmt"
75 #define SAML2_NIMAP    "urn:oasis:names:tc:SAML:2.0:profiles:SSO:nameidmapping"
76 #define SAML2_ARTIFACT "urn:oasis:names:tc:SAML:2.0:profiles:SSO:artifact"
77 #define SAML2_QUERY    "urn:oasis:names:tc:SAML:2.0:profiles:SSO:query"
78 
79 #define SAML2_PAOS     "urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
80 #define SAML2_SOAP     "urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
81 #define SAML2_REDIR    "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
82 #define SAML2_ART      "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
83 #define SAML2_POST     "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
84 #define SAML2_POST_SIMPLE_SIGN "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
85 #define SAML2_URI      "urn:oasis:names:tc:SAML:2.0:bindings:URI"
86 
87 /* OAUTH2.0 or OpenID-Connect 1.0 specifics */
88 
89 #define OAUTH2_REDIR   "urn:zxid:OAUTH:2.0:bindings:HTTP-Redirect"
90 
91 /* Attribute types describe how attributes are encoded. */
92 
93 #define SAML2_AP_BASIC "urn:oasis:names:tc:SAML:2.0:profiles:attribute:basic"
94 #define SAML2_AP_X500  "urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"
95 #define SAML2_AP_UUID  "urn:oasis:names:tc:SAML:2.0:profiles:attribute:UUID"
96 #define SAML2_AP_DCE   "urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE"
97 #define SAML2_AP_XACML "urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML"
98 
99 #define ATTRNAME_UNSPECIFIED "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
100 #define ATTRNAME_BASIC       "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
101 
102 /* Misc. */
103 
104 #define SOAP_ACTOR_NEXT   "http://schemas.xmlsoap.org/soap/actor/next"
105 #define SAML2_BEARER      "urn:oasis:names:tc:SAML:2.0:cm:bearer"
106 #define SAML2_SOAP_ACTION "http://www.oasis-open.org/committees/security"
107 
108 #define ACTION_RW      "urn:oasis:names:tc:SAML:1.0:action:rwedc"
109 #define ACTION_RWN     "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation"
110 #define ACTION_GHPP    "urn:oasis:names:tc:SAML:1.0:action:ghpp"
111 #define ACTION_UNIX    "urn:oasis:names:tc:SAML:1.0:action:unix"
112 
113 #define PAOS_CONTENT   "application/vnd.paos+xml"
114 
115 #endif
116