2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * @file saml/saml2/core/Protocols.h
24 * XMLObjects representing the SAML 2.0 Protocols schema
27 #ifndef __saml2_protocols_h__
28 #define __saml2_protocols_h__
30 #include <saml/saml2/core/Assertions.h>
32 #include <xercesc/util/XMLUniDefs.hpp>
34 #define DECL_SAML2POBJECTBUILDER(cname) \
35 DECL_XMLOBJECTBUILDER(SAML_API,cname,samlconstants::SAML20P_NS,samlconstants::SAML20P_PREFIX)
40 * @namespace opensaml::saml2p
41 * SAML 2.0 protocol namespace
45 DECL_XMLOBJECT_SIMPLE(SAML_API,Artifact,Artifact,SAML 2.0 Artifact element);
46 DECL_XMLOBJECT_SIMPLE(SAML_API,GetComplete,GetComplete,SAML 2.0 GetComplete element);
47 DECL_XMLOBJECT_SIMPLE(SAML_API,RequesterID,RequesterID,SAML 2.0 RequesterID element);
48 DECL_XMLOBJECT_SIMPLE(SAML_API,SessionIndex,SessionIndex,SAML 2.0 SessionIndex element);
49 DECL_XMLOBJECT_SIMPLE(SAML_API,StatusMessage,Message,SAML 2.0 StatusMessage element);
51 DECL_XMLOBJECT_SIMPLE(SAML_API,RespondTo,Name,SAML 2.0 third-party request RespondTo extension element);
53 BEGIN_XMLOBJECT(SAML_API,Extensions,xmltooling::ElementExtensibleXMLObject,SAML 2.0 protocol Extensions element);
54 /** ExtensionsType local name */
55 static const XMLCh TYPE_NAME[];
58 BEGIN_XMLOBJECT(SAML_API,RequestAbstractType,saml2::RootObject,SAML 2.0 RequestAbstractType base type);
59 DECL_INHERITED_STRING_ATTRIB(ID,ID);
60 DECL_INHERITED_STRING_ATTRIB(Version,VER);
61 DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
62 DECL_STRING_ATTRIB(Destination,DESTINATION);
63 DECL_STRING_ATTRIB(Consent,CONSENT);
64 DECL_INHERITED_TYPED_FOREIGN_CHILD(Issuer,saml2);
65 DECL_TYPED_CHILD(Extensions);
66 /** RequestAbstractType local name */
67 static const XMLCh TYPE_NAME[];
70 BEGIN_XMLOBJECT(SAML_API,StatusCode,xmltooling::XMLObject,SAML 2.0 StatusCode element);
71 DECL_STRING_ATTRIB(Value,VALUE);
72 DECL_TYPED_CHILD(StatusCode);
73 /** StatusCodeType local name */
74 static const XMLCh TYPE_NAME[];
77 * @name StatusCode Value Attribute URI Reference Constants
79 * SAML 2.0 Core, section 3.2.2.2, predefines several URI
80 * references for use in the Value attribue of the StatusCode
81 * element. Other values may be defined elsewhere.
84 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Success' */
85 static const XMLCh SUCCESS[];
86 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Requester' */
87 static const XMLCh REQUESTER[];
88 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Responder' */
89 static const XMLCh RESPONDER[];
90 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch' */
91 static const XMLCh VERSION_MISMATCH[];
92 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:AuthnFailed' */
93 static const XMLCh AUTHN_FAILED[];
94 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue' */
95 static const XMLCh INVALID_ATTR_NAME_OR_VALUE[];
96 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy' */
97 static const XMLCh INVALID_NAMEID_POLICY[];
98 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext' */
99 static const XMLCh NO_AUTHN_CONTEXT[];
100 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP' */
101 static const XMLCh NO_AVAILABLE_IDP[];
102 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoPassive' */
103 static const XMLCh NO_PASSIVE[];
104 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP' */
105 static const XMLCh NO_SUPPORTED_IDP[];
106 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout' */
107 static const XMLCh PARTIAL_LOGOUT[];
108 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded' */
109 static const XMLCh PROXY_COUNT_EXCEEDED[];
110 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestDenied' */
111 static const XMLCh REQUEST_DENIED[];
112 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported' */
113 static const XMLCh REQUEST_UNSUPPORTED[];
114 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated' */
115 static const XMLCh REQUEST_VERSION_DEPRECATED[];
116 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh' */
117 static const XMLCh REQUEST_VERSION_TOO_HIGH[];
118 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow' */
119 static const XMLCh REQUEST_VERSION_TOO_LOW[];
120 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized' */
121 static const XMLCh RESOURCE_NOT_RECOGNIZED[];
122 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:TooManyResponses' */
123 static const XMLCh TOO_MANY_RESPONSES[];
124 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile' */
125 static const XMLCh UNKNOWN_ATTR_PROFILE[];
126 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal' */
127 static const XMLCh UNKNOWN_PRINCIPAL[];
128 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding' */
129 static const XMLCh UNSUPPORTED_BINDING[];
133 BEGIN_XMLOBJECT(SAML_API,StatusDetail,xmltooling::ElementExtensibleXMLObject,SAML 2.0 StatusDetail element);
134 /** StatusDetailType local name */
135 static const XMLCh TYPE_NAME[];
138 BEGIN_XMLOBJECT(SAML_API,Status,xmltooling::XMLObject,SAML 2.0 Status element);
139 DECL_TYPED_CHILD(StatusCode);
140 DECL_TYPED_CHILD(StatusMessage);
141 DECL_TYPED_CHILD(StatusDetail);
142 /** StatusType local name */
143 static const XMLCh TYPE_NAME[];
146 BEGIN_XMLOBJECT(SAML_API,StatusResponseType,saml2::RootObject,SAML 2.0 StatusResponseType base type);
147 DECL_INHERITED_STRING_ATTRIB(ID,ID);
148 DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO);
149 DECL_INHERITED_STRING_ATTRIB(Version,VER);
150 DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
151 DECL_STRING_ATTRIB(Destination,DESTINATION);
152 DECL_STRING_ATTRIB(Consent,CONSENT);
153 DECL_INHERITED_TYPED_FOREIGN_CHILD(Issuer,saml2);
154 DECL_TYPED_CHILD(Extensions);
155 DECL_TYPED_CHILD(Status);
156 /** StatusResponseType local name */
157 static const XMLCh TYPE_NAME[];
160 BEGIN_XMLOBJECT(SAML_API,AssertionIDRequest,RequestAbstractType,SAML 2.0 AssertionIDRequest element);
161 DECL_TYPED_FOREIGN_CHILDREN(AssertionIDRef,saml2);
162 /** AssertionIDRequest local name */
163 static const XMLCh TYPE_NAME[];
166 BEGIN_XMLOBJECT(SAML_API,SubjectQuery,RequestAbstractType,SAML 2.0 SubjectQuery abstract element);
167 DECL_TYPED_FOREIGN_CHILD(Subject,saml2);
168 /** SubjectQueryAbstractType local name */
169 static const XMLCh TYPE_NAME[];
172 BEGIN_XMLOBJECT(SAML_API,RequestedAuthnContext,xmltooling::XMLObject,SAML 2.0 RequestedAuthnContext element);
173 //TODO whether, and how, to enforce the controlled vocabulary (schema enumeration) for the Comparison attrib, as in the Java ?
174 DECL_STRING_ATTRIB(Comparison,COMPARISON);
175 DECL_TYPED_FOREIGN_CHILDREN(AuthnContextClassRef,saml2);
176 DECL_TYPED_FOREIGN_CHILDREN(AuthnContextDeclRef,saml2);
177 /** RequestedAuthnContextType local name */
178 static const XMLCh TYPE_NAME[];
181 * @name RequestedAuthnContext Comparison Attribute Constants
183 * These are the allowed values for the Comparison attribute of
184 * the RequestedAuthnContext element, as defined by SAML 2.0 Core.
187 /** 'exact' Comparison */
188 static const XMLCh COMPARISON_EXACT[];
189 /** 'minimum' Comparison */
190 static const XMLCh COMPARISON_MINIMUM[];
191 /** 'maximum' Comparison */
192 static const XMLCh COMPARISON_MAXIMUM[];
193 /** 'better' Comparison */
194 static const XMLCh COMPARISON_BETTER[];
198 BEGIN_XMLOBJECT(SAML_API,AuthnQuery,SubjectQuery,SAML 2.0 AuthnQuery element);
199 DECL_STRING_ATTRIB(SessionIndex,SESSIONINDEX);
200 DECL_TYPED_CHILD(RequestedAuthnContext);
201 /** AuthnQueryType local name */
202 static const XMLCh TYPE_NAME[];
205 BEGIN_XMLOBJECT(SAML_API,AttributeQuery,SubjectQuery,SAML 2.0 AttributeQuery element);
206 DECL_TYPED_FOREIGN_CHILDREN(Attribute,saml2);
207 /** AttributeQueryType local name */
208 static const XMLCh TYPE_NAME[];
211 BEGIN_XMLOBJECT(SAML_API,AuthzDecisionQuery,SubjectQuery,SAML 2.0 AuthzDecisionQuery element);
212 DECL_STRING_ATTRIB(Resource,RESOURCE);
213 DECL_TYPED_FOREIGN_CHILDREN(Action,saml2);
214 DECL_TYPED_FOREIGN_CHILD(Evidence,saml2);
215 /** AuthzDecisionQueryType local name */
216 static const XMLCh TYPE_NAME[];
219 BEGIN_XMLOBJECT(SAML_API,NameIDPolicy,xmltooling::XMLObject,SAML 2.0 NameIDPolicy element);
220 DECL_STRING_ATTRIB(Format,FORMAT);
221 DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
222 DECL_BOOLEAN_ATTRIB(AllowCreate,ALLOWCREATE,false);
223 /** NameIDPolicyType local name */
224 static const XMLCh TYPE_NAME[];
227 BEGIN_XMLOBJECT(SAML_API,IDPEntry,xmltooling::XMLObject,SAML2.0 IDPEntry element);
228 DECL_STRING_ATTRIB(ProviderID,PROVIDERID);
229 DECL_STRING_ATTRIB(Name,NAME);
230 DECL_STRING_ATTRIB(Loc,LOC);
231 /** IDPEntryType local name */
232 static const XMLCh TYPE_NAME[];
235 BEGIN_XMLOBJECT(SAML_API,IDPList,xmltooling::XMLObject,SAML 2.0 IDPList element);
236 DECL_TYPED_CHILDREN(IDPEntry);
237 DECL_TYPED_CHILD(GetComplete);
238 /** IDPListType local name */
239 static const XMLCh TYPE_NAME[];
242 BEGIN_XMLOBJECT(SAML_API,Scoping,xmltooling::XMLObject,SAML 2.0 Scoping element);
243 DECL_INTEGER_ATTRIB(ProxyCount,PROXYCOUNT);
244 DECL_TYPED_CHILD(IDPList);
245 DECL_TYPED_CHILDREN(RequesterID);
246 /** ScopingType local name */
247 static const XMLCh TYPE_NAME[];
250 BEGIN_XMLOBJECT(SAML_API,AuthnRequest,RequestAbstractType,SAML 2.0 AuthnRequest element);
251 DECL_BOOLEAN_ATTRIB(ForceAuthn,FORCEAUTHN,false);
252 DECL_BOOLEAN_ATTRIB(IsPassive,ISPASSIVE,false);
253 DECL_STRING_ATTRIB(ProtocolBinding,PROTOCOLBINDING);
254 DECL_INTEGER_ATTRIB(AssertionConsumerServiceIndex,ASSERTIONCONSUMERSERVICEINDEX);
255 DECL_STRING_ATTRIB(AssertionConsumerServiceURL,ASSERTIONCONSUMERSERVICEURL);
256 DECL_INTEGER_ATTRIB(AttributeConsumingServiceIndex,ATTRIBUTECONSUMINGSERVICEINDEX);
257 DECL_STRING_ATTRIB(ProviderName,PROVIDERNAME);
259 DECL_TYPED_FOREIGN_CHILD(Subject,saml2);
260 DECL_TYPED_CHILD(NameIDPolicy);
261 DECL_TYPED_FOREIGN_CHILD(Conditions,saml2);
262 DECL_TYPED_CHILD(RequestedAuthnContext);
263 DECL_TYPED_CHILD(Scoping);
264 /** AuthnRequestType local name */
265 static const XMLCh TYPE_NAME[];
268 BEGIN_XMLOBJECT(SAML_API,Response,StatusResponseType,SAML 2.0 Response element);
269 DECL_TYPED_FOREIGN_CHILDREN(Assertion,saml2);
270 DECL_TYPED_FOREIGN_CHILDREN(EncryptedAssertion,saml2);
271 /** ResponseType local name */
272 static const XMLCh TYPE_NAME[];
275 BEGIN_XMLOBJECT(SAML_API,ArtifactResolve,RequestAbstractType,SAML 2.0 ArtifactResolve element);
276 DECL_TYPED_CHILD(Artifact);
277 /** ArtifiactResolveType local name */
278 static const XMLCh TYPE_NAME[];
281 BEGIN_XMLOBJECT(SAML_API,ArtifactResponse,StatusResponseType,SAML 2.0 ArtifactResponse element);
282 DECL_XMLOBJECT_CHILD(Payload);
283 /** ArtifiactResponseType local name */
284 static const XMLCh TYPE_NAME[];
287 BEGIN_XMLOBJECT(SAML_API,Terminate,xmltooling::XMLObject,SAML 2.0 Terminate element);
288 /** TerminateType local name */
289 static const XMLCh TYPE_NAME[];
292 BEGIN_XMLOBJECT(SAML_API,NewID,saml2::EncryptableObject,SAML 2.0 NewID element);
293 DECL_SIMPLE_CONTENT(NewID);
296 BEGIN_XMLOBJECT(SAML_API,NewEncryptedID,saml2::EncryptedElementType,SAML 2.0 NewEncryptedID element);
299 BEGIN_XMLOBJECT(SAML_API,ManageNameIDRequest,RequestAbstractType,SAML 2.0 ManageNameIDRequest element);
300 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
301 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
302 DECL_TYPED_CHILD(NewID);
303 DECL_TYPED_CHILD(NewEncryptedID);
304 DECL_TYPED_CHILD(Terminate);
305 /** ManageNameIDRequestType local name */
306 static const XMLCh TYPE_NAME[];
309 BEGIN_XMLOBJECT(SAML_API,ManageNameIDResponse,StatusResponseType,SAML 2.0 ManageNameIDResponse element);
312 BEGIN_XMLOBJECT(SAML_API,LogoutRequest,RequestAbstractType,SAML 2.0 LogoutRequest element);
313 DECL_STRING_ATTRIB(Reason,REASON);
314 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
315 DECL_TYPED_FOREIGN_CHILD(BaseID,saml2);
316 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
317 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
318 DECL_TYPED_CHILDREN(SessionIndex);
320 /** LogoutRequestType local name */
321 static const XMLCh TYPE_NAME[];
324 * @name LogoutRequest Reason URI Constants
326 * URI Constants for the Reason attribute of the LogoutRequest
327 * element as defined by SAML 2.0 Core, section 3.7.3.
330 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:user' */
331 static const XMLCh REASON_USER[];
332 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:admin' */
333 static const XMLCh REASON_ADMIN[];
334 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:global-timeout' */
335 static const XMLCh REASON_GLOBAL_TIMEOUT[];
336 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:sp-timeout' */
337 static const XMLCh REASON_SP_TIMEOUT[];
341 BEGIN_XMLOBJECT(SAML_API,LogoutResponse,StatusResponseType,SAML 2.0 LogoutResponse element);
344 BEGIN_XMLOBJECT(SAML_API,NameIDMappingRequest,RequestAbstractType,SAML 2.0 NameIDMappingRequest element);
345 DECL_TYPED_FOREIGN_CHILD(BaseID,saml2);
346 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
347 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
348 DECL_TYPED_CHILD(NameIDPolicy);
349 /** NameIDMappingRequestType local name */
350 static const XMLCh TYPE_NAME[];
353 BEGIN_XMLOBJECT(SAML_API,NameIDMappingResponse,StatusResponseType,SAML 2.0 NameIDMappingResponse element);
354 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
355 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
356 /** NameIDMappingResponseType local name */
357 static const XMLCh TYPE_NAME[];
362 DECL_SAML2POBJECTBUILDER(Artifact);
363 DECL_SAML2POBJECTBUILDER(ArtifactResolve);
364 DECL_SAML2POBJECTBUILDER(ArtifactResponse);
365 DECL_SAML2POBJECTBUILDER(AssertionIDRequest);
366 DECL_SAML2POBJECTBUILDER(AttributeQuery);
367 DECL_SAML2POBJECTBUILDER(AuthnQuery);
368 DECL_SAML2POBJECTBUILDER(AuthnRequest);
369 DECL_SAML2POBJECTBUILDER(AuthzDecisionQuery);
370 DECL_SAML2POBJECTBUILDER(Extensions);
371 DECL_SAML2POBJECTBUILDER(GetComplete);
372 DECL_SAML2POBJECTBUILDER(IDPEntry);
373 DECL_SAML2POBJECTBUILDER(IDPList);
374 DECL_SAML2POBJECTBUILDER(LogoutRequest);
375 DECL_SAML2POBJECTBUILDER(LogoutResponse);
376 DECL_SAML2POBJECTBUILDER(ManageNameIDRequest);
377 DECL_SAML2POBJECTBUILDER(ManageNameIDResponse);
378 DECL_SAML2POBJECTBUILDER(NameIDMappingRequest);
379 DECL_SAML2POBJECTBUILDER(NameIDMappingResponse);
380 DECL_SAML2POBJECTBUILDER(NameIDPolicy);
381 DECL_SAML2POBJECTBUILDER(NewEncryptedID);
382 DECL_SAML2POBJECTBUILDER(NewID);
383 DECL_SAML2POBJECTBUILDER(RequestedAuthnContext);
384 DECL_SAML2POBJECTBUILDER(RequesterID);
385 DECL_SAML2POBJECTBUILDER(Response);
386 DECL_SAML2POBJECTBUILDER(Scoping);
387 DECL_SAML2POBJECTBUILDER(SessionIndex);
388 DECL_SAML2POBJECTBUILDER(Status);
389 DECL_SAML2POBJECTBUILDER(StatusCode);
390 DECL_SAML2POBJECTBUILDER(StatusDetail);
391 DECL_SAML2POBJECTBUILDER(StatusMessage);
392 DECL_SAML2POBJECTBUILDER(Terminate);
394 DECL_XMLOBJECTBUILDER(SAML_API,RespondTo,samlconstants::SAML20P_THIRDPARTY_EXT_NS,samlconstants::SAML20P_THIRDPARTY_EXT_PREFIX);
397 * Registers builders and validators for SAML 2.0 Protocol classes into the runtime.
399 void SAML_API registerProtocolClasses();
403 #endif /* __saml2_protocols_h__ */