1# -*- coding: utf-8 -*- 2 3""" OneLogin_Saml2_Constants class 4 5Copyright (c) 2010-2021 OneLogin, Inc. 6MIT License 7 8Constants class of OneLogin's Python Toolkit. 9 10""" 11 12 13class OneLogin_Saml2_Constants(object): 14 """ 15 16 This class defines all the constants that will be used 17 in the OneLogin's Python Toolkit. 18 19 """ 20 21 # Value added to the current time in time condition validations 22 ALLOWED_CLOCK_DRIFT = 300 23 24 # NameID Formats 25 NAMEID_EMAIL_ADDRESS = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' 26 NAMEID_X509_SUBJECT_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName' 27 NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName' 28 NAMEID_UNSPECIFIED = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' 29 NAMEID_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos' 30 NAMEID_ENTITY = 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity' 31 NAMEID_TRANSIENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' 32 NAMEID_PERSISTENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' 33 NAMEID_ENCRYPTED = 'urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted' 34 35 # Attribute Name Formats 36 ATTRNAME_FORMAT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified' 37 ATTRNAME_FORMAT_URI = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri' 38 ATTRNAME_FORMAT_BASIC = 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic' 39 40 # Namespaces 41 NS_SAML = 'urn:oasis:names:tc:SAML:2.0:assertion' 42 NS_SAMLP = 'urn:oasis:names:tc:SAML:2.0:protocol' 43 NS_SOAP = 'http://schemas.xmlsoap.org/soap/envelope/' 44 NS_MD = 'urn:oasis:names:tc:SAML:2.0:metadata' 45 NS_XS = 'http://www.w3.org/2001/XMLSchema' 46 NS_XSI = 'http://www.w3.org/2001/XMLSchema-instance' 47 NS_XENC = 'http://www.w3.org/2001/04/xmlenc#' 48 NS_DS = 'http://www.w3.org/2000/09/xmldsig#' 49 50 # Namespace Prefixes 51 NS_PREFIX_SAML = 'saml' 52 NS_PREFIX_SAMLP = 'samlp' 53 NS_PREFIX_MD = 'md' 54 NS_PREFIX_XS = 'xs' 55 NS_PREFIX_XSI = 'xsi' 56 NS_PREFIX_XSD = 'xsd' 57 NS_PREFIX_XENC = 'xenc' 58 NS_PREFIX_DS = 'ds' 59 60 # Prefix:Namespace Mappings 61 NSMAP = { 62 NS_PREFIX_SAMLP: NS_SAMLP, 63 NS_PREFIX_SAML: NS_SAML, 64 NS_PREFIX_DS: NS_DS, 65 NS_PREFIX_XENC: NS_XENC, 66 NS_PREFIX_MD: NS_MD 67 } 68 69 # Bindings 70 BINDING_HTTP_POST = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' 71 BINDING_HTTP_REDIRECT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' 72 BINDING_HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' 73 BINDING_SOAP = 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP' 74 BINDING_DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE' 75 76 # Auth Context Class 77 AC_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified' 78 AC_PASSWORD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password' 79 AC_PASSWORD_PROTECTED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' 80 AC_X509 = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509' 81 AC_SMARTCARD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard' 82 AC_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos' 83 84 # Subject Confirmation 85 CM_BEARER = 'urn:oasis:names:tc:SAML:2.0:cm:bearer' 86 CM_HOLDER_KEY = 'urn:oasis:names:tc:SAML:2.0:cm:holder-of-key' 87 CM_SENDER_VOUCHES = 'urn:oasis:names:tc:SAML:2.0:cm:sender-vouches' 88 89 # Status Codes 90 STATUS_SUCCESS = 'urn:oasis:names:tc:SAML:2.0:status:Success' 91 STATUS_REQUESTER = 'urn:oasis:names:tc:SAML:2.0:status:Requester' 92 STATUS_RESPONDER = 'urn:oasis:names:tc:SAML:2.0:status:Responder' 93 STATUS_VERSION_MISMATCH = 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch' 94 STATUS_NO_PASSIVE = 'urn:oasis:names:tc:SAML:2.0:status:NoPassive' 95 STATUS_PARTIAL_LOGOUT = 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout' 96 STATUS_PROXY_COUNT_EXCEEDED = 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded' 97 98 # Sign & Crypto 99 SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1' 100 SHA256 = 'http://www.w3.org/2001/04/xmlenc#sha256' 101 SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#sha384' 102 SHA512 = 'http://www.w3.org/2001/04/xmlenc#sha512' 103 104 DSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1' 105 RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' 106 RSA_SHA256 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' 107 RSA_SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384' 108 RSA_SHA512 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512' 109 110 # Enc 111 TRIPLEDES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc' 112 AES128_CBC = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' 113 AES192_CBC = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc' 114 AES256_CBC = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' 115 RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' 116 RSA_OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' 117