2 * Copyright 2001-2006 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file saml/saml2/core/Protocols.h
20 * XMLObjects representing the SAML 2.0 Protocols schema
23 #ifndef __saml2_protocols_h__
24 #define __saml2_protocols_h__
26 #include <saml/saml2/core/Assertions.h>
29 #define DECL_SAML2POBJECTBUILDER(cname) \
30 DECL_XMLOBJECTBUILDER(SAML_API,cname,opensaml::SAMLConstants::SAML20P_NS,opensaml::SAMLConstants::SAML20P_PREFIX)
35 * @namespace opensaml::saml2p
36 * SAML 2.0 protocol namespace
40 //TODO sync C++ and Java class/interface names, e.g. -Type or no -Type, etc
42 DECL_XMLOBJECT_SIMPLE(SAML_API,Artifact,Artifact,SAML 2.0 Artifact element);
43 DECL_XMLOBJECT_SIMPLE(SAML_API,GetComplete,GetComplete,SAML 2.0 GetComplete element);
44 DECL_XMLOBJECT_SIMPLE(SAML_API,NewID,NewID,SAML 2.0 NewID element);
45 DECL_XMLOBJECT_SIMPLE(SAML_API,RequesterID,RequesterID,SAML 2.0 RequesterID element);
46 DECL_XMLOBJECT_SIMPLE(SAML_API,SessionIndex,SessionIndex,SAML 2.0 SessionIndex element);
47 DECL_XMLOBJECT_SIMPLE(SAML_API,StatusMessage,Message,SAML 2.0 StatusMessage element);
49 BEGIN_XMLOBJECT(SAML_API,Extensions,xmltooling::ElementProxy,SAML 2.0 protocol Extensions element);
50 /** ExtensionsType local name */
51 static const XMLCh TYPE_NAME[];
54 BEGIN_XMLOBJECT(SAML_API,Request,SignableObject,SAML 2.0 Request element);
55 DECL_STRING_ATTRIB(ID,ID);
56 DECL_STRING_ATTRIB(Version,VER);
57 DECL_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
58 DECL_STRING_ATTRIB(Destination,DESTINATION);
59 DECL_STRING_ATTRIB(Consent,CONSENT);
60 DECL_TYPED_FOREIGN_CHILD(Issuer,saml2);
61 DECL_TYPED_FOREIGN_CHILD(Signature,xmlsignature);
62 DECL_TYPED_CHILD(Extensions);
63 /** RequestAbstractType local name */
64 static const XMLCh TYPE_NAME[];
67 BEGIN_XMLOBJECT(SAML_API,StatusCode,xmltooling::XMLObject,SAML 2.0 StatusCode element);
68 DECL_STRING_ATTRIB(Value,VALUE);
69 DECL_TYPED_CHILD(StatusCode);
70 /** StatusCodeType local name */
71 static const XMLCh TYPE_NAME[];
74 * @name StatusCode Value Attribute URI Reference Constants
76 * SAML 2.0 Core, section 3.2.2.2, predefines several URI
77 * references for use in the Value attribue of the StatusCode
78 * element. Other values may be defined elsewhere.
81 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Success' */
82 static const XMLCh SUCCESS[];
83 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Requester' */
84 static const XMLCh REQUESTER[];
85 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Responder' */
86 static const XMLCh RESPONDER[];
87 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch' */
88 static const XMLCh VERSION_MISMATCH[];
89 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:AuthnFailed' */
90 static const XMLCh AUTHN_FAILED[];
91 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue' */
92 static const XMLCh INVALID_ATTR_NAME_OR_VALUE[];
93 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy' */
94 static const XMLCh INVALID_NAMEID_POLICY[];
95 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext' */
96 static const XMLCh NO_AUTHN_CONTEXT[];
97 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP' */
98 static const XMLCh NO_AVAILABLE_IDP[];
99 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoPassive' */
100 static const XMLCh NO_PASSIVE[];
101 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP' */
102 static const XMLCh NO_SUPPORTED_IDP[];
103 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout' */
104 static const XMLCh PARTIAL_LOGOUT[];
105 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded' */
106 static const XMLCh PROXY_COUNT_EXCEEDED[];
107 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestDenied' */
108 static const XMLCh REQUEST_DENIED[];
109 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported' */
110 static const XMLCh REQUEST_UNSUPPORTED[];
111 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated' */
112 static const XMLCh REQUEST_VERSION_DEPRECATED[];
113 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh' */
114 static const XMLCh REQUEST_VERSION_TOO_HIGH[];
115 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow' */
116 static const XMLCh REQUEST_VERSION_TOO_LOW[];
117 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized' */
118 static const XMLCh RESOURCE_NOT_RECOGNIZED[];
119 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:TooManyResponses' */
120 static const XMLCh TOO_MANY_RESPONSES[];
121 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile' */
122 static const XMLCh UNKNOWN_ATTR_PROFILE[];
123 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal' */
124 static const XMLCh UNKNOWN_PRINCIPAL[];
125 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding' */
126 static const XMLCh UNSUPPORTED_BINDING[];
130 BEGIN_XMLOBJECT(SAML_API,StatusDetail,xmltooling::XMLObject,SAML 2.0 StatusDetail element);
131 DECL_XMLOBJECT_CHILDREN(Detail);
132 /** StatusDetailType local name */
133 static const XMLCh TYPE_NAME[];
136 BEGIN_XMLOBJECT(SAML_API,Status,xmltooling::XMLObject,SAML 2.0 Status element);
137 DECL_TYPED_CHILD(StatusCode);
138 DECL_TYPED_CHILD(StatusMessage);
139 DECL_TYPED_CHILD(StatusDetail);
140 /** StatusType local name */
141 static const XMLCh TYPE_NAME[];
144 BEGIN_XMLOBJECT(SAML_API,StatusResponse,SignableObject,SAML 2.0 StatusResponse element);
145 DECL_STRING_ATTRIB(ID,ID);
146 DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO);
147 DECL_STRING_ATTRIB(Version,VER);
148 DECL_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
149 DECL_STRING_ATTRIB(Destination,DESTINATION);
150 DECL_STRING_ATTRIB(Consent,CONSENT);
152 DECL_TYPED_FOREIGN_CHILD(Issuer,saml2);
153 DECL_TYPED_FOREIGN_CHILD(Signature,xmlsignature);
154 DECL_TYPED_CHILD(Extensions);
155 DECL_TYPED_CHILD(Status);
157 /** StatusResponseType local name */
158 static const XMLCh TYPE_NAME[];
161 BEGIN_XMLOBJECT(SAML_API,AssertionIDRequest,Request,SAML 2.0 AssertionIDRequest element);
162 DECL_TYPED_FOREIGN_CHILDREN(AssertionIDRef,saml2);
163 /** AssertionIDRequest local name */
164 static const XMLCh TYPE_NAME[];
167 BEGIN_XMLOBJECT(SAML_API,SubjectQuery,Request,SAML 2.0 SubjectQuery element);
168 DECL_TYPED_FOREIGN_CHILD(Subject,saml2);
169 /** SubjectQueryType local name */
170 static const XMLCh TYPE_NAME[];
173 BEGIN_XMLOBJECT(SAML_API,RequestedAuthnContext,xmltooling::XMLObject,SAML 2.0 RequestedAuthnContext element);
174 //TODO whether, and how, to enforce the controlled vocabulary (schema enumeration) for the Comparison attrib, as in the Java ?
175 DECL_STRING_ATTRIB(Comparison,COMPARISON);
176 DECL_TYPED_FOREIGN_CHILDREN(AuthnContextClassRef,saml2);
177 DECL_TYPED_FOREIGN_CHILDREN(AuthnContextDeclRef,saml2);
179 /** RequestedAuthnContextType local name */
180 static const XMLCh TYPE_NAME[];
183 * @name RequestedAuthnContext Comparison Attribute Constants
185 * These are the allowed values for the Comparison attribute of
186 * the RequestedAuthnContext element, as defined by SAML 2.0 Core.
189 /** 'exact' Comparison */
190 static const XMLCh COMPARISON_EXACT[];
191 /** 'minimum' Comparison */
192 static const XMLCh COMPARISON_MINIMUM[];
193 /** 'maximum' Comparison */
194 static const XMLCh COMPARISON_MAXIMUM[];
195 /** 'better' Comparison */
196 static const XMLCh COMPARISON_BETTER[];
200 BEGIN_XMLOBJECT(SAML_API,AuthnQuery,SubjectQuery,SAML 2.0 AuthnQuery element);
201 DECL_STRING_ATTRIB(SessionIndex,SESSIONINDEX);
202 DECL_TYPED_CHILD(RequestedAuthnContext);
203 /** AuthnQueryType local name */
204 static const XMLCh TYPE_NAME[];
207 BEGIN_XMLOBJECT(SAML_API,AttributeQuery,SubjectQuery,SAML 2.0 AttributeQuery element);
208 DECL_TYPED_FOREIGN_CHILDREN(Attribute,saml2);
209 /** AttributeQueryType local name */
210 static const XMLCh TYPE_NAME[];
213 BEGIN_XMLOBJECT(SAML_API,AuthzDecisionQuery,SubjectQuery,SAML 2.0 AuthzDecisionQuery element);
214 DECL_STRING_ATTRIB(Resource,RESOURCE);
215 DECL_TYPED_FOREIGN_CHILDREN(Action,saml2);
216 DECL_TYPED_FOREIGN_CHILD(Evidence,saml2);
217 /** AuthzDecisionQueryType local name */
218 static const XMLCh TYPE_NAME[];
221 BEGIN_XMLOBJECT(SAML_API,NameIDPolicy,xmltooling::XMLObject,SAML 2.0 NameIDPolicy element);
222 DECL_STRING_ATTRIB(Format,FORMAT);
223 DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
224 DECL_BOOLEAN_ATTRIB(AllowCreate,ALLOWCREATE);
225 /** NameIDPolicyType local name */
226 static const XMLCh TYPE_NAME[];
229 BEGIN_XMLOBJECT(SAML_API,IDPEntry,xmltooling::XMLObject,SAML2.0 IDPEntry element);
230 DECL_STRING_ATTRIB(ProviderID,PROVIDERID);
231 DECL_STRING_ATTRIB(Name,NAME);
232 DECL_STRING_ATTRIB(Loc,LOC);
233 /** IDPEntryType local name */
234 static const XMLCh TYPE_NAME[];
237 BEGIN_XMLOBJECT(SAML_API,IDPList,xmltooling::XMLObject,SAML 2.0 IDPList element);
238 DECL_TYPED_CHILDREN(IDPEntry);
239 DECL_TYPED_CHILD(GetComplete);
240 /** IDPListType local name */
241 static const XMLCh TYPE_NAME[];
244 BEGIN_XMLOBJECT(SAML_API,Scoping,xmltooling::XMLObject,SAML 2.0 Scoping element);
245 DECL_INTEGER_ATTRIB(ProxyCount,PROXYCOUNT);
246 DECL_TYPED_CHILD(IDPList);
247 DECL_TYPED_CHILDREN(RequesterID);
248 /** ScopingType local name */
249 static const XMLCh TYPE_NAME[];
252 BEGIN_XMLOBJECT(SAML_API,AuthnRequest,Request,SAML 2.0 AuthnRequest element);
253 DECL_BOOLEAN_ATTRIB(ForceAuthn,FORCEAUTHN);
254 DECL_BOOLEAN_ATTRIB(IsPassive,ISPASSIVE);
255 DECL_STRING_ATTRIB(ProtocolBinding,PROTOCOLBINDING);
256 DECL_INTEGER_ATTRIB(AssertionConsumerServiceIndex,ASSERTIONCONSUMERSERVICEINDEX);
257 DECL_STRING_ATTRIB(AssertionConsumerServiceURL,ASSERTIONCONSUMERSERVICEURL);
258 DECL_INTEGER_ATTRIB(AttributeConsumingServiceIndex,ATTRIBUTECONSUMINGSERVICEINDEX);
259 DECL_STRING_ATTRIB(ProviderName,PROVIDERNAME);
261 DECL_TYPED_FOREIGN_CHILD(Subject,saml2);
262 DECL_TYPED_CHILD(NameIDPolicy);
263 DECL_TYPED_FOREIGN_CHILD(Conditions,saml2);
264 DECL_TYPED_CHILD(RequestedAuthnContext);
265 DECL_TYPED_CHILD(Scoping);
266 /** AuthnRequestType local name */
267 static const XMLCh TYPE_NAME[];
270 BEGIN_XMLOBJECT(SAML_API,Response,StatusResponse,SAML 2.0 Response element);
271 DECL_TYPED_FOREIGN_CHILDREN(Assertion,saml2);
272 DECL_TYPED_FOREIGN_CHILDREN(EncryptedAssertion,saml2);
273 /** ResponseType local name */
274 static const XMLCh TYPE_NAME[];
277 BEGIN_XMLOBJECT(SAML_API,ArtifactResolve,Request,SAML 2.0 ArtifactResolve element);
278 DECL_TYPED_CHILD(Artifact);
279 /** ArtifiactResolveType local name */
280 static const XMLCh TYPE_NAME[];
283 BEGIN_XMLOBJECT(SAML_API,ArtifactResponse,StatusResponse,SAML 2.0 ArtifactResponse element);
284 DECL_XMLOBJECT_CHILD(Payload);
285 /** ArtifiactResponseType local name */
286 static const XMLCh TYPE_NAME[];
289 BEGIN_XMLOBJECT(SAML_API,Terminate,xmltooling::XMLObject,SAML 2.0 Terminate element);
290 /** TerminateType local name */
291 static const XMLCh TYPE_NAME[];
294 BEGIN_XMLOBJECT(SAML_API,NewEncryptedID,saml2::EncryptedElementType,SAML 2.0 NewEncryptedID element);
297 BEGIN_XMLOBJECT(SAML_API,ManageNameIDRequest,Request,SAML 2.0 ManageNameIDRequest element);
298 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
299 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
300 DECL_TYPED_CHILD(NewID);
301 DECL_TYPED_CHILD(NewEncryptedID);
302 DECL_TYPED_CHILD(Terminate);
303 /** ManageNameIDRequestType local name */
304 static const XMLCh TYPE_NAME[];
307 BEGIN_XMLOBJECT(SAML_API,ManageNameIDResponse,StatusResponse,SAML 2.0 ManageNameIDResponse element);
310 BEGIN_XMLOBJECT(SAML_API,LogoutRequest,Request,SAML 2.0 LogoutRequest element);
311 DECL_STRING_ATTRIB(Reason,REASON);
312 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
313 DECL_TYPED_FOREIGN_CHILD(BaseID,saml2);
314 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
315 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
316 DECL_TYPED_CHILDREN(SessionIndex);
318 /** LogoutRequestType local name */
319 static const XMLCh TYPE_NAME[];
322 * @name LogoutRequest Reason URI Constants
324 * URI Constants for the Reason attribute of the LogoutRequest
325 * element as defined by SAML 2.0 Core, section 3.7.3.
328 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:user' */
329 static const XMLCh REASON_USER[];
330 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:admin' */
331 static const XMLCh REASON_ADMIN[];
332 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:global-timeout' */
333 static const XMLCh REASON_GLOBAL_TIMEOUT[];
334 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:sp-timeout' */
335 static const XMLCh REASON_SP_TIMEOUT[];
339 BEGIN_XMLOBJECT(SAML_API,LogoutResponse,StatusResponse,SAML 2.0 LogoutResponse element);
342 BEGIN_XMLOBJECT(SAML_API,NameIDMappingRequest,Request,SAML 2.0 NameIDMappingRequest element);
343 DECL_TYPED_FOREIGN_CHILD(BaseID,saml2);
344 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
345 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
346 DECL_TYPED_CHILD(NameIDPolicy);
347 /** NameIDMappingRequestType local name */
348 static const XMLCh TYPE_NAME[];
351 BEGIN_XMLOBJECT(SAML_API,NameIDMappingResponse,StatusResponse,SAML 2.0 NameIDMappingResponse element);
352 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
353 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
354 /** NameIDMappingResponseType local name */
355 static const XMLCh TYPE_NAME[];
360 DECL_SAML2POBJECTBUILDER(Artifact);
361 DECL_SAML2POBJECTBUILDER(ArtifactResolve);
362 DECL_SAML2POBJECTBUILDER(ArtifactResponse);
363 DECL_SAML2POBJECTBUILDER(AssertionIDRequest);
364 DECL_SAML2POBJECTBUILDER(AttributeQuery);
365 DECL_SAML2POBJECTBUILDER(AuthnQuery);
366 DECL_SAML2POBJECTBUILDER(AuthnRequest);
367 DECL_SAML2POBJECTBUILDER(AuthzDecisionQuery);
368 DECL_SAML2POBJECTBUILDER(Extensions);
369 DECL_SAML2POBJECTBUILDER(GetComplete);
370 DECL_SAML2POBJECTBUILDER(IDPEntry);
371 DECL_SAML2POBJECTBUILDER(IDPList);
372 DECL_SAML2POBJECTBUILDER(LogoutRequest);
373 DECL_SAML2POBJECTBUILDER(LogoutResponse);
374 DECL_SAML2POBJECTBUILDER(ManageNameIDRequest);
375 DECL_SAML2POBJECTBUILDER(ManageNameIDResponse);
376 DECL_SAML2POBJECTBUILDER(NameIDMappingRequest);
377 DECL_SAML2POBJECTBUILDER(NameIDMappingResponse);
378 DECL_SAML2POBJECTBUILDER(NameIDPolicy);
379 DECL_SAML2POBJECTBUILDER(NewEncryptedID);
380 DECL_SAML2POBJECTBUILDER(NewID);
381 DECL_SAML2POBJECTBUILDER(RequestedAuthnContext);
382 DECL_SAML2POBJECTBUILDER(RequesterID);
383 DECL_SAML2POBJECTBUILDER(Response);
384 DECL_SAML2POBJECTBUILDER(Scoping);
385 DECL_SAML2POBJECTBUILDER(SessionIndex);
386 DECL_SAML2POBJECTBUILDER(Status);
387 DECL_SAML2POBJECTBUILDER(StatusCode);
388 DECL_SAML2POBJECTBUILDER(StatusDetail);
389 DECL_SAML2POBJECTBUILDER(StatusMessage);
390 DECL_SAML2POBJECTBUILDER(Terminate);
397 * Builder for StatusResponse objects.
399 * This is customized to force the element name to be specified.
401 class SAML_API StatusResponseBuilder : public xmltooling::XMLObjectBuilder {
403 virtual ~StatusResponseBuilder() {}
404 /** Builder that allows element/type override. */
405 virtual StatusResponse* buildObject(
406 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL
409 /** Singleton builder. */
410 static StatusResponse* buildStatusResponse(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL) {
411 const StatusResponseBuilder* b = dynamic_cast<const StatusResponseBuilder*>(
412 XMLObjectBuilder::getBuilder(xmltooling::QName(SAMLConstants::SAML20P_NS,StatusResponse::TYPE_NAME))
415 xmltooling::QName schemaType(SAMLConstants::SAML20P_NS,StatusResponse::TYPE_NAME,SAMLConstants::SAML20P_PREFIX);
416 return b->buildObject(nsURI, localName, prefix, &schemaType);
418 throw xmltooling::XMLObjectException("Unable to obtain typed builder for StatusResponse.");
424 * Registers builders and validators for SAML 2.0 Protocol classes into the runtime.
426 void SAML_API registerProtocolClasses();
429 * Validator suite for SAML 2.0 Protocol schema validation.
431 extern SAML_API xmltooling::ValidatorSuite ProtocolSchemaValidators;
435 #endif /* __saml2_protocols_h__ */