2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * @file saml/saml2/core/Protocols.h
24 * XMLObjects representing the SAML 2.0 Protocols schema
27 #ifndef __saml2_protocols_h__
28 #define __saml2_protocols_h__
30 #include <saml/saml2/core/Assertions.h>
32 #include <xercesc/util/XMLUniDefs.hpp>
34 #define DECL_SAML2POBJECTBUILDER(cname) \
35 DECL_XMLOBJECTBUILDER(SAML_API,cname,samlconstants::SAML20P_NS,samlconstants::SAML20P_PREFIX)
40 * @namespace opensaml::saml2p
41 * SAML 2.0 protocol namespace
45 DECL_XMLOBJECT_SIMPLE(SAML_API,Artifact,Artifact,SAML 2.0 Artifact element);
46 DECL_XMLOBJECT_SIMPLE(SAML_API,GetComplete,GetComplete,SAML 2.0 GetComplete element);
47 DECL_XMLOBJECT_SIMPLE(SAML_API,RequesterID,RequesterID,SAML 2.0 RequesterID element);
48 DECL_XMLOBJECT_SIMPLE(SAML_API,SessionIndex,SessionIndex,SAML 2.0 SessionIndex element);
49 DECL_XMLOBJECT_SIMPLE(SAML_API,StatusMessage,Message,SAML 2.0 StatusMessage element);
51 DECL_XMLOBJECT_SIMPLE(SAML_API,RespondTo,Name,SAML 2.0 third-party request RespondTo extension element);
53 BEGIN_XMLOBJECT(SAML_API,Asynchronous,xmltooling::XMLObject,SAML 2.0 Asynchronous logout extension element);
54 /** AsynchronousType local name */
55 static const XMLCh TYPE_NAME[];
58 BEGIN_XMLOBJECT(SAML_API,Extensions,xmltooling::ElementExtensibleXMLObject,SAML 2.0 protocol Extensions element);
59 /** ExtensionsType local name */
60 static const XMLCh TYPE_NAME[];
63 BEGIN_XMLOBJECT(SAML_API,RequestAbstractType,saml2::RootObject,SAML 2.0 RequestAbstractType base type);
64 DECL_INHERITED_STRING_ATTRIB(ID,ID);
65 DECL_INHERITED_STRING_ATTRIB(Version,VER);
66 DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
67 DECL_STRING_ATTRIB(Destination,DESTINATION);
68 DECL_STRING_ATTRIB(Consent,CONSENT);
69 DECL_INHERITED_TYPED_FOREIGN_CHILD(Issuer,saml2);
70 DECL_TYPED_CHILD(Extensions);
71 /** RequestAbstractType local name */
72 static const XMLCh TYPE_NAME[];
75 BEGIN_XMLOBJECT(SAML_API,StatusCode,xmltooling::XMLObject,SAML 2.0 StatusCode element);
76 DECL_STRING_ATTRIB(Value,VALUE);
77 DECL_TYPED_CHILD(StatusCode);
78 /** StatusCodeType local name */
79 static const XMLCh TYPE_NAME[];
82 * @name StatusCode Value Attribute URI Reference Constants
84 * SAML 2.0 Core, section 3.2.2.2, predefines several URI
85 * references for use in the Value attribue of the StatusCode
86 * element. Other values may be defined elsewhere.
89 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Success' */
90 static const XMLCh SUCCESS[];
91 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Requester' */
92 static const XMLCh REQUESTER[];
93 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Responder' */
94 static const XMLCh RESPONDER[];
95 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch' */
96 static const XMLCh VERSION_MISMATCH[];
97 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:AuthnFailed' */
98 static const XMLCh AUTHN_FAILED[];
99 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue' */
100 static const XMLCh INVALID_ATTR_NAME_OR_VALUE[];
101 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy' */
102 static const XMLCh INVALID_NAMEID_POLICY[];
103 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext' */
104 static const XMLCh NO_AUTHN_CONTEXT[];
105 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP' */
106 static const XMLCh NO_AVAILABLE_IDP[];
107 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoPassive' */
108 static const XMLCh NO_PASSIVE[];
109 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP' */
110 static const XMLCh NO_SUPPORTED_IDP[];
111 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout' */
112 static const XMLCh PARTIAL_LOGOUT[];
113 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded' */
114 static const XMLCh PROXY_COUNT_EXCEEDED[];
115 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestDenied' */
116 static const XMLCh REQUEST_DENIED[];
117 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported' */
118 static const XMLCh REQUEST_UNSUPPORTED[];
119 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated' */
120 static const XMLCh REQUEST_VERSION_DEPRECATED[];
121 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh' */
122 static const XMLCh REQUEST_VERSION_TOO_HIGH[];
123 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow' */
124 static const XMLCh REQUEST_VERSION_TOO_LOW[];
125 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized' */
126 static const XMLCh RESOURCE_NOT_RECOGNIZED[];
127 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:TooManyResponses' */
128 static const XMLCh TOO_MANY_RESPONSES[];
129 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile' */
130 static const XMLCh UNKNOWN_ATTR_PROFILE[];
131 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal' */
132 static const XMLCh UNKNOWN_PRINCIPAL[];
133 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding' */
134 static const XMLCh UNSUPPORTED_BINDING[];
138 BEGIN_XMLOBJECT(SAML_API,StatusDetail,xmltooling::ElementExtensibleXMLObject,SAML 2.0 StatusDetail element);
139 /** StatusDetailType local name */
140 static const XMLCh TYPE_NAME[];
143 BEGIN_XMLOBJECT(SAML_API,Status,opensaml::Status,SAML 2.0 Status element);
144 DECL_TYPED_CHILD(StatusCode);
145 DECL_TYPED_CHILD(StatusMessage);
146 DECL_TYPED_CHILD(StatusDetail);
147 /** StatusType local name */
148 static const XMLCh TYPE_NAME[];
151 BEGIN_XMLOBJECT(SAML_API,StatusResponseType,saml2::RootObject,SAML 2.0 StatusResponseType base type);
152 DECL_INHERITED_STRING_ATTRIB(ID,ID);
153 DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO);
154 DECL_INHERITED_STRING_ATTRIB(Version,VER);
155 DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
156 DECL_STRING_ATTRIB(Destination,DESTINATION);
157 DECL_STRING_ATTRIB(Consent,CONSENT);
158 DECL_INHERITED_TYPED_FOREIGN_CHILD(Issuer,saml2);
159 DECL_TYPED_CHILD(Extensions);
160 DECL_TYPED_CHILD(Status);
161 /** StatusResponseType local name */
162 static const XMLCh TYPE_NAME[];
165 BEGIN_XMLOBJECT(SAML_API,AssertionIDRequest,RequestAbstractType,SAML 2.0 AssertionIDRequest element);
166 DECL_TYPED_FOREIGN_CHILDREN(AssertionIDRef,saml2);
167 /** AssertionIDRequest local name */
168 static const XMLCh TYPE_NAME[];
171 BEGIN_XMLOBJECT(SAML_API,SubjectQuery,RequestAbstractType,SAML 2.0 SubjectQuery abstract element);
172 DECL_TYPED_FOREIGN_CHILD(Subject,saml2);
173 /** SubjectQueryAbstractType local name */
174 static const XMLCh TYPE_NAME[];
177 BEGIN_XMLOBJECT(SAML_API,RequestedAuthnContext,xmltooling::XMLObject,SAML 2.0 RequestedAuthnContext element);
178 //TODO whether, and how, to enforce the controlled vocabulary (schema enumeration) for the Comparison attrib, as in the Java ?
179 DECL_STRING_ATTRIB(Comparison,COMPARISON);
180 DECL_TYPED_FOREIGN_CHILDREN(AuthnContextClassRef,saml2);
181 DECL_TYPED_FOREIGN_CHILDREN(AuthnContextDeclRef,saml2);
182 /** RequestedAuthnContextType local name */
183 static const XMLCh TYPE_NAME[];
186 * @name RequestedAuthnContext Comparison Attribute Constants
188 * These are the allowed values for the Comparison attribute of
189 * the RequestedAuthnContext element, as defined by SAML 2.0 Core.
192 /** 'exact' Comparison */
193 static const XMLCh COMPARISON_EXACT[];
194 /** 'minimum' Comparison */
195 static const XMLCh COMPARISON_MINIMUM[];
196 /** 'maximum' Comparison */
197 static const XMLCh COMPARISON_MAXIMUM[];
198 /** 'better' Comparison */
199 static const XMLCh COMPARISON_BETTER[];
203 BEGIN_XMLOBJECT(SAML_API,AuthnQuery,SubjectQuery,SAML 2.0 AuthnQuery element);
204 DECL_STRING_ATTRIB(SessionIndex,SESSIONINDEX);
205 DECL_TYPED_CHILD(RequestedAuthnContext);
206 /** AuthnQueryType local name */
207 static const XMLCh TYPE_NAME[];
210 BEGIN_XMLOBJECT(SAML_API,AttributeQuery,SubjectQuery,SAML 2.0 AttributeQuery element);
211 DECL_TYPED_FOREIGN_CHILDREN(Attribute,saml2);
212 /** AttributeQueryType local name */
213 static const XMLCh TYPE_NAME[];
216 BEGIN_XMLOBJECT(SAML_API,AuthzDecisionQuery,SubjectQuery,SAML 2.0 AuthzDecisionQuery element);
217 DECL_STRING_ATTRIB(Resource,RESOURCE);
218 DECL_TYPED_FOREIGN_CHILDREN(Action,saml2);
219 DECL_TYPED_FOREIGN_CHILD(Evidence,saml2);
220 /** AuthzDecisionQueryType local name */
221 static const XMLCh TYPE_NAME[];
224 BEGIN_XMLOBJECT(SAML_API,NameIDPolicy,xmltooling::XMLObject,SAML 2.0 NameIDPolicy element);
225 DECL_STRING_ATTRIB(Format,FORMAT);
226 DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
227 DECL_BOOLEAN_ATTRIB(AllowCreate,ALLOWCREATE,false);
228 /** NameIDPolicyType local name */
229 static const XMLCh TYPE_NAME[];
232 BEGIN_XMLOBJECT(SAML_API,IDPEntry,xmltooling::XMLObject,SAML2.0 IDPEntry element);
233 DECL_STRING_ATTRIB(ProviderID,PROVIDERID);
234 DECL_STRING_ATTRIB(Name,NAME);
235 DECL_STRING_ATTRIB(Loc,LOC);
236 /** IDPEntryType local name */
237 static const XMLCh TYPE_NAME[];
240 BEGIN_XMLOBJECT(SAML_API,IDPList,xmltooling::XMLObject,SAML 2.0 IDPList element);
241 DECL_TYPED_CHILDREN(IDPEntry);
242 DECL_TYPED_CHILD(GetComplete);
243 /** IDPListType local name */
244 static const XMLCh TYPE_NAME[];
247 BEGIN_XMLOBJECT(SAML_API,Scoping,xmltooling::XMLObject,SAML 2.0 Scoping element);
248 DECL_INTEGER_ATTRIB(ProxyCount,PROXYCOUNT);
249 DECL_TYPED_CHILD(IDPList);
250 DECL_TYPED_CHILDREN(RequesterID);
251 /** ScopingType local name */
252 static const XMLCh TYPE_NAME[];
255 BEGIN_XMLOBJECT(SAML_API,AuthnRequest,RequestAbstractType,SAML 2.0 AuthnRequest element);
256 DECL_BOOLEAN_ATTRIB(ForceAuthn,FORCEAUTHN,false);
257 DECL_BOOLEAN_ATTRIB(IsPassive,ISPASSIVE,false);
258 DECL_STRING_ATTRIB(ProtocolBinding,PROTOCOLBINDING);
259 DECL_INTEGER_ATTRIB(AssertionConsumerServiceIndex,ASSERTIONCONSUMERSERVICEINDEX);
260 DECL_STRING_ATTRIB(AssertionConsumerServiceURL,ASSERTIONCONSUMERSERVICEURL);
261 DECL_INTEGER_ATTRIB(AttributeConsumingServiceIndex,ATTRIBUTECONSUMINGSERVICEINDEX);
262 DECL_STRING_ATTRIB(ProviderName,PROVIDERNAME);
264 DECL_TYPED_FOREIGN_CHILD(Subject,saml2);
265 DECL_TYPED_CHILD(NameIDPolicy);
266 DECL_TYPED_FOREIGN_CHILD(Conditions,saml2);
267 DECL_TYPED_CHILD(RequestedAuthnContext);
268 DECL_TYPED_CHILD(Scoping);
269 /** AuthnRequestType local name */
270 static const XMLCh TYPE_NAME[];
273 BEGIN_XMLOBJECT(SAML_API,Response,StatusResponseType,SAML 2.0 Response element);
274 DECL_TYPED_FOREIGN_CHILDREN(Assertion,saml2);
275 DECL_TYPED_FOREIGN_CHILDREN(EncryptedAssertion,saml2);
276 /** ResponseType local name */
277 static const XMLCh TYPE_NAME[];
280 BEGIN_XMLOBJECT(SAML_API,ArtifactResolve,RequestAbstractType,SAML 2.0 ArtifactResolve element);
281 DECL_TYPED_CHILD(Artifact);
282 /** ArtifiactResolveType local name */
283 static const XMLCh TYPE_NAME[];
286 BEGIN_XMLOBJECT(SAML_API,ArtifactResponse,StatusResponseType,SAML 2.0 ArtifactResponse element);
287 DECL_XMLOBJECT_CHILD(Payload);
288 /** ArtifiactResponseType local name */
289 static const XMLCh TYPE_NAME[];
292 BEGIN_XMLOBJECT(SAML_API,Terminate,xmltooling::XMLObject,SAML 2.0 Terminate element);
293 /** TerminateType local name */
294 static const XMLCh TYPE_NAME[];
297 BEGIN_XMLOBJECT(SAML_API,NewID,saml2::EncryptableObject,SAML 2.0 NewID element);
298 DECL_SIMPLE_CONTENT(NewID);
301 BEGIN_XMLOBJECT(SAML_API,NewEncryptedID,saml2::EncryptedElementType,SAML 2.0 NewEncryptedID element);
304 BEGIN_XMLOBJECT(SAML_API,ManageNameIDRequest,RequestAbstractType,SAML 2.0 ManageNameIDRequest element);
305 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
306 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
307 DECL_TYPED_CHILD(NewID);
308 DECL_TYPED_CHILD(NewEncryptedID);
309 DECL_TYPED_CHILD(Terminate);
310 /** ManageNameIDRequestType local name */
311 static const XMLCh TYPE_NAME[];
314 BEGIN_XMLOBJECT(SAML_API,ManageNameIDResponse,StatusResponseType,SAML 2.0 ManageNameIDResponse element);
317 BEGIN_XMLOBJECT(SAML_API,LogoutRequest,RequestAbstractType,SAML 2.0 LogoutRequest element);
318 DECL_STRING_ATTRIB(Reason,REASON);
319 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
320 DECL_TYPED_FOREIGN_CHILD(BaseID,saml2);
321 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
322 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
323 DECL_TYPED_CHILDREN(SessionIndex);
325 /** LogoutRequestType local name */
326 static const XMLCh TYPE_NAME[];
329 * @name LogoutRequest Reason URI Constants
331 * URI Constants for the Reason attribute of the LogoutRequest
332 * element as defined by SAML 2.0 Core, section 3.7.3.
335 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:user' */
336 static const XMLCh REASON_USER[];
337 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:admin' */
338 static const XMLCh REASON_ADMIN[];
339 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:global-timeout' */
340 static const XMLCh REASON_GLOBAL_TIMEOUT[];
341 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:sp-timeout' */
342 static const XMLCh REASON_SP_TIMEOUT[];
346 BEGIN_XMLOBJECT(SAML_API,LogoutResponse,StatusResponseType,SAML 2.0 LogoutResponse element);
349 BEGIN_XMLOBJECT(SAML_API,NameIDMappingRequest,RequestAbstractType,SAML 2.0 NameIDMappingRequest element);
350 DECL_TYPED_FOREIGN_CHILD(BaseID,saml2);
351 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
352 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
353 DECL_TYPED_CHILD(NameIDPolicy);
354 /** NameIDMappingRequestType local name */
355 static const XMLCh TYPE_NAME[];
358 BEGIN_XMLOBJECT(SAML_API,NameIDMappingResponse,StatusResponseType,SAML 2.0 NameIDMappingResponse element);
359 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
360 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
361 /** NameIDMappingResponseType local name */
362 static const XMLCh TYPE_NAME[];
367 DECL_SAML2POBJECTBUILDER(Artifact);
368 DECL_SAML2POBJECTBUILDER(ArtifactResolve);
369 DECL_SAML2POBJECTBUILDER(ArtifactResponse);
370 DECL_SAML2POBJECTBUILDER(AssertionIDRequest);
371 DECL_SAML2POBJECTBUILDER(AttributeQuery);
372 DECL_SAML2POBJECTBUILDER(AuthnQuery);
373 DECL_SAML2POBJECTBUILDER(AuthnRequest);
374 DECL_SAML2POBJECTBUILDER(AuthzDecisionQuery);
375 DECL_SAML2POBJECTBUILDER(Extensions);
376 DECL_SAML2POBJECTBUILDER(GetComplete);
377 DECL_SAML2POBJECTBUILDER(IDPEntry);
378 DECL_SAML2POBJECTBUILDER(IDPList);
379 DECL_SAML2POBJECTBUILDER(LogoutRequest);
380 DECL_SAML2POBJECTBUILDER(LogoutResponse);
381 DECL_SAML2POBJECTBUILDER(ManageNameIDRequest);
382 DECL_SAML2POBJECTBUILDER(ManageNameIDResponse);
383 DECL_SAML2POBJECTBUILDER(NameIDMappingRequest);
384 DECL_SAML2POBJECTBUILDER(NameIDMappingResponse);
385 DECL_SAML2POBJECTBUILDER(NameIDPolicy);
386 DECL_SAML2POBJECTBUILDER(NewEncryptedID);
387 DECL_SAML2POBJECTBUILDER(NewID);
388 DECL_SAML2POBJECTBUILDER(RequestedAuthnContext);
389 DECL_SAML2POBJECTBUILDER(RequesterID);
390 DECL_SAML2POBJECTBUILDER(Response);
391 DECL_SAML2POBJECTBUILDER(Scoping);
392 DECL_SAML2POBJECTBUILDER(SessionIndex);
393 DECL_SAML2POBJECTBUILDER(Status);
394 DECL_SAML2POBJECTBUILDER(StatusCode);
395 DECL_SAML2POBJECTBUILDER(StatusDetail);
396 DECL_SAML2POBJECTBUILDER(StatusMessage);
397 DECL_SAML2POBJECTBUILDER(Terminate);
399 DECL_XMLOBJECTBUILDER(SAML_API,RespondTo,samlconstants::SAML20P_THIRDPARTY_EXT_NS,samlconstants::SAML20P_THIRDPARTY_EXT_PREFIX);
401 DECL_XMLOBJECTBUILDER(SAML_API,Asynchronous,samlconstants::SAML20P_ASYNCSLO_EXT_NS,samlconstants::SAML20P_ASYNCSLO_EXT_PREFIX);
404 * Registers builders and validators for SAML 2.0 Protocol classes into the runtime.
406 void SAML_API registerProtocolClasses();
410 #endif /* __saml2_protocols_h__ */