2 * Copyright 2001-2006 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file saml/saml2/core/Protocols.h
20 * XMLObjects representing the SAML 2.0 Protocols schema
23 #ifndef __saml2_protocols_h__
24 #define __saml2_protocols_h__
26 #include <saml/saml2/core/Assertions.h>
29 #define DECL_SAML2POBJECTBUILDER(cname) \
30 DECL_XMLOBJECTBUILDER(SAML_API,cname,opensaml::SAMLConstants::SAML20P_NS,opensaml::SAMLConstants::SAML20P_PREFIX)
35 * @namespace opensaml::saml2p
36 * SAML 2.0 protocol namespace
40 //TODO sync C++ and Java class/interface names, e.g. -Type or no -Type, etc
42 DECL_XMLOBJECT_SIMPLE(SAML_API,Artifact,Artifact,SAML 2.0 Artifact element);
43 DECL_XMLOBJECT_SIMPLE(SAML_API,GetComplete,GetComplete,SAML 2.0 GetComplete element);
44 DECL_XMLOBJECT_SIMPLE(SAML_API,NewID,NewID,SAML 2.0 NewID element);
45 DECL_XMLOBJECT_SIMPLE(SAML_API,RequesterID,RequesterID,SAML 2.0 RequesterID element);
46 DECL_XMLOBJECT_SIMPLE(SAML_API,SessionIndex,SessionIndex,SAML 2.0 SessionIndex element);
47 DECL_XMLOBJECT_SIMPLE(SAML_API,StatusMessage,Message,SAML 2.0 StatusMessage element);
49 DECL_XMLOBJECT_SIMPLE(SAML_API,RespondTo,Name,SAML 2.0 third-party request RespondTo extension element);
51 BEGIN_XMLOBJECT(SAML_API,Extensions,xmltooling::ElementProxy,SAML 2.0 protocol Extensions element);
52 /** ExtensionsType local name */
53 static const XMLCh TYPE_NAME[];
56 BEGIN_XMLOBJECT(SAML_API,Request,SignableObject,SAML 2.0 Request element);
57 DECL_STRING_ATTRIB(ID,ID);
58 DECL_STRING_ATTRIB(Version,VER);
59 DECL_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
60 DECL_STRING_ATTRIB(Destination,DESTINATION);
61 DECL_STRING_ATTRIB(Consent,CONSENT);
62 DECL_TYPED_FOREIGN_CHILD(Issuer,saml2);
63 DECL_TYPED_FOREIGN_CHILD(Signature,xmlsignature);
64 DECL_TYPED_CHILD(Extensions);
65 /** RequestAbstractType local name */
66 static const XMLCh TYPE_NAME[];
69 BEGIN_XMLOBJECT(SAML_API,StatusCode,xmltooling::XMLObject,SAML 2.0 StatusCode element);
70 DECL_STRING_ATTRIB(Value,VALUE);
71 DECL_TYPED_CHILD(StatusCode);
72 /** StatusCodeType local name */
73 static const XMLCh TYPE_NAME[];
76 * @name StatusCode Value Attribute URI Reference Constants
78 * SAML 2.0 Core, section 3.2.2.2, predefines several URI
79 * references for use in the Value attribue of the StatusCode
80 * element. Other values may be defined elsewhere.
83 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Success' */
84 static const XMLCh SUCCESS[];
85 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Requester' */
86 static const XMLCh REQUESTER[];
87 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Responder' */
88 static const XMLCh RESPONDER[];
89 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch' */
90 static const XMLCh VERSION_MISMATCH[];
91 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:AuthnFailed' */
92 static const XMLCh AUTHN_FAILED[];
93 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue' */
94 static const XMLCh INVALID_ATTR_NAME_OR_VALUE[];
95 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy' */
96 static const XMLCh INVALID_NAMEID_POLICY[];
97 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext' */
98 static const XMLCh NO_AUTHN_CONTEXT[];
99 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP' */
100 static const XMLCh NO_AVAILABLE_IDP[];
101 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoPassive' */
102 static const XMLCh NO_PASSIVE[];
103 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP' */
104 static const XMLCh NO_SUPPORTED_IDP[];
105 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout' */
106 static const XMLCh PARTIAL_LOGOUT[];
107 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded' */
108 static const XMLCh PROXY_COUNT_EXCEEDED[];
109 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestDenied' */
110 static const XMLCh REQUEST_DENIED[];
111 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported' */
112 static const XMLCh REQUEST_UNSUPPORTED[];
113 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated' */
114 static const XMLCh REQUEST_VERSION_DEPRECATED[];
115 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh' */
116 static const XMLCh REQUEST_VERSION_TOO_HIGH[];
117 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow' */
118 static const XMLCh REQUEST_VERSION_TOO_LOW[];
119 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized' */
120 static const XMLCh RESOURCE_NOT_RECOGNIZED[];
121 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:TooManyResponses' */
122 static const XMLCh TOO_MANY_RESPONSES[];
123 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile' */
124 static const XMLCh UNKNOWN_ATTR_PROFILE[];
125 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal' */
126 static const XMLCh UNKNOWN_PRINCIPAL[];
127 /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding' */
128 static const XMLCh UNSUPPORTED_BINDING[];
132 BEGIN_XMLOBJECT(SAML_API,StatusDetail,xmltooling::XMLObject,SAML 2.0 StatusDetail element);
133 DECL_XMLOBJECT_CHILDREN(Detail);
134 /** StatusDetailType local name */
135 static const XMLCh TYPE_NAME[];
138 BEGIN_XMLOBJECT(SAML_API,Status,xmltooling::XMLObject,SAML 2.0 Status element);
139 DECL_TYPED_CHILD(StatusCode);
140 DECL_TYPED_CHILD(StatusMessage);
141 DECL_TYPED_CHILD(StatusDetail);
142 /** StatusType local name */
143 static const XMLCh TYPE_NAME[];
146 BEGIN_XMLOBJECT(SAML_API,StatusResponse,SignableObject,SAML 2.0 StatusResponse element);
147 DECL_STRING_ATTRIB(ID,ID);
148 DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO);
149 DECL_STRING_ATTRIB(Version,VER);
150 DECL_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
151 DECL_STRING_ATTRIB(Destination,DESTINATION);
152 DECL_STRING_ATTRIB(Consent,CONSENT);
154 DECL_TYPED_FOREIGN_CHILD(Issuer,saml2);
155 DECL_TYPED_FOREIGN_CHILD(Signature,xmlsignature);
156 DECL_TYPED_CHILD(Extensions);
157 DECL_TYPED_CHILD(Status);
159 /** StatusResponseType local name */
160 static const XMLCh TYPE_NAME[];
163 BEGIN_XMLOBJECT(SAML_API,AssertionIDRequest,Request,SAML 2.0 AssertionIDRequest element);
164 DECL_TYPED_FOREIGN_CHILDREN(AssertionIDRef,saml2);
165 /** AssertionIDRequest local name */
166 static const XMLCh TYPE_NAME[];
169 BEGIN_XMLOBJECT(SAML_API,SubjectQuery,Request,SAML 2.0 SubjectQuery element);
170 DECL_TYPED_FOREIGN_CHILD(Subject,saml2);
171 /** SubjectQueryType local name */
172 static const XMLCh TYPE_NAME[];
175 BEGIN_XMLOBJECT(SAML_API,RequestedAuthnContext,xmltooling::XMLObject,SAML 2.0 RequestedAuthnContext element);
176 //TODO whether, and how, to enforce the controlled vocabulary (schema enumeration) for the Comparison attrib, as in the Java ?
177 DECL_STRING_ATTRIB(Comparison,COMPARISON);
178 DECL_TYPED_FOREIGN_CHILDREN(AuthnContextClassRef,saml2);
179 DECL_TYPED_FOREIGN_CHILDREN(AuthnContextDeclRef,saml2);
181 /** RequestedAuthnContextType local name */
182 static const XMLCh TYPE_NAME[];
185 * @name RequestedAuthnContext Comparison Attribute Constants
187 * These are the allowed values for the Comparison attribute of
188 * the RequestedAuthnContext element, as defined by SAML 2.0 Core.
191 /** 'exact' Comparison */
192 static const XMLCh COMPARISON_EXACT[];
193 /** 'minimum' Comparison */
194 static const XMLCh COMPARISON_MINIMUM[];
195 /** 'maximum' Comparison */
196 static const XMLCh COMPARISON_MAXIMUM[];
197 /** 'better' Comparison */
198 static const XMLCh COMPARISON_BETTER[];
202 BEGIN_XMLOBJECT(SAML_API,AuthnQuery,SubjectQuery,SAML 2.0 AuthnQuery element);
203 DECL_STRING_ATTRIB(SessionIndex,SESSIONINDEX);
204 DECL_TYPED_CHILD(RequestedAuthnContext);
205 /** AuthnQueryType local name */
206 static const XMLCh TYPE_NAME[];
209 BEGIN_XMLOBJECT(SAML_API,AttributeQuery,SubjectQuery,SAML 2.0 AttributeQuery element);
210 DECL_TYPED_FOREIGN_CHILDREN(Attribute,saml2);
211 /** AttributeQueryType local name */
212 static const XMLCh TYPE_NAME[];
215 BEGIN_XMLOBJECT(SAML_API,AuthzDecisionQuery,SubjectQuery,SAML 2.0 AuthzDecisionQuery element);
216 DECL_STRING_ATTRIB(Resource,RESOURCE);
217 DECL_TYPED_FOREIGN_CHILDREN(Action,saml2);
218 DECL_TYPED_FOREIGN_CHILD(Evidence,saml2);
219 /** AuthzDecisionQueryType local name */
220 static const XMLCh TYPE_NAME[];
223 BEGIN_XMLOBJECT(SAML_API,NameIDPolicy,xmltooling::XMLObject,SAML 2.0 NameIDPolicy element);
224 DECL_STRING_ATTRIB(Format,FORMAT);
225 DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
226 DECL_BOOLEAN_ATTRIB(AllowCreate,ALLOWCREATE);
227 /** NameIDPolicyType local name */
228 static const XMLCh TYPE_NAME[];
231 BEGIN_XMLOBJECT(SAML_API,IDPEntry,xmltooling::XMLObject,SAML2.0 IDPEntry element);
232 DECL_STRING_ATTRIB(ProviderID,PROVIDERID);
233 DECL_STRING_ATTRIB(Name,NAME);
234 DECL_STRING_ATTRIB(Loc,LOC);
235 /** IDPEntryType local name */
236 static const XMLCh TYPE_NAME[];
239 BEGIN_XMLOBJECT(SAML_API,IDPList,xmltooling::XMLObject,SAML 2.0 IDPList element);
240 DECL_TYPED_CHILDREN(IDPEntry);
241 DECL_TYPED_CHILD(GetComplete);
242 /** IDPListType local name */
243 static const XMLCh TYPE_NAME[];
246 BEGIN_XMLOBJECT(SAML_API,Scoping,xmltooling::XMLObject,SAML 2.0 Scoping element);
247 DECL_INTEGER_ATTRIB(ProxyCount,PROXYCOUNT);
248 DECL_TYPED_CHILD(IDPList);
249 DECL_TYPED_CHILDREN(RequesterID);
250 /** ScopingType local name */
251 static const XMLCh TYPE_NAME[];
254 BEGIN_XMLOBJECT(SAML_API,AuthnRequest,Request,SAML 2.0 AuthnRequest element);
255 DECL_BOOLEAN_ATTRIB(ForceAuthn,FORCEAUTHN);
256 DECL_BOOLEAN_ATTRIB(IsPassive,ISPASSIVE);
257 DECL_STRING_ATTRIB(ProtocolBinding,PROTOCOLBINDING);
258 DECL_INTEGER_ATTRIB(AssertionConsumerServiceIndex,ASSERTIONCONSUMERSERVICEINDEX);
259 DECL_STRING_ATTRIB(AssertionConsumerServiceURL,ASSERTIONCONSUMERSERVICEURL);
260 DECL_INTEGER_ATTRIB(AttributeConsumingServiceIndex,ATTRIBUTECONSUMINGSERVICEINDEX);
261 DECL_STRING_ATTRIB(ProviderName,PROVIDERNAME);
263 DECL_TYPED_FOREIGN_CHILD(Subject,saml2);
264 DECL_TYPED_CHILD(NameIDPolicy);
265 DECL_TYPED_FOREIGN_CHILD(Conditions,saml2);
266 DECL_TYPED_CHILD(RequestedAuthnContext);
267 DECL_TYPED_CHILD(Scoping);
268 /** AuthnRequestType local name */
269 static const XMLCh TYPE_NAME[];
272 BEGIN_XMLOBJECT(SAML_API,Response,StatusResponse,SAML 2.0 Response element);
273 DECL_TYPED_FOREIGN_CHILDREN(Assertion,saml2);
274 DECL_TYPED_FOREIGN_CHILDREN(EncryptedAssertion,saml2);
275 /** ResponseType local name */
276 static const XMLCh TYPE_NAME[];
279 BEGIN_XMLOBJECT(SAML_API,ArtifactResolve,Request,SAML 2.0 ArtifactResolve element);
280 DECL_TYPED_CHILD(Artifact);
281 /** ArtifiactResolveType local name */
282 static const XMLCh TYPE_NAME[];
285 BEGIN_XMLOBJECT(SAML_API,ArtifactResponse,StatusResponse,SAML 2.0 ArtifactResponse element);
286 DECL_XMLOBJECT_CHILD(Payload);
287 /** ArtifiactResponseType local name */
288 static const XMLCh TYPE_NAME[];
291 BEGIN_XMLOBJECT(SAML_API,Terminate,xmltooling::XMLObject,SAML 2.0 Terminate element);
292 /** TerminateType local name */
293 static const XMLCh TYPE_NAME[];
296 BEGIN_XMLOBJECT(SAML_API,NewEncryptedID,saml2::EncryptedElementType,SAML 2.0 NewEncryptedID element);
299 BEGIN_XMLOBJECT(SAML_API,ManageNameIDRequest,Request,SAML 2.0 ManageNameIDRequest element);
300 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
301 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
302 DECL_TYPED_CHILD(NewID);
303 DECL_TYPED_CHILD(NewEncryptedID);
304 DECL_TYPED_CHILD(Terminate);
305 /** ManageNameIDRequestType local name */
306 static const XMLCh TYPE_NAME[];
309 BEGIN_XMLOBJECT(SAML_API,ManageNameIDResponse,StatusResponse,SAML 2.0 ManageNameIDResponse element);
312 BEGIN_XMLOBJECT(SAML_API,LogoutRequest,Request,SAML 2.0 LogoutRequest element);
313 DECL_STRING_ATTRIB(Reason,REASON);
314 DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
315 DECL_TYPED_FOREIGN_CHILD(BaseID,saml2);
316 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
317 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
318 DECL_TYPED_CHILDREN(SessionIndex);
320 /** LogoutRequestType local name */
321 static const XMLCh TYPE_NAME[];
324 * @name LogoutRequest Reason URI Constants
326 * URI Constants for the Reason attribute of the LogoutRequest
327 * element as defined by SAML 2.0 Core, section 3.7.3.
330 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:user' */
331 static const XMLCh REASON_USER[];
332 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:admin' */
333 static const XMLCh REASON_ADMIN[];
334 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:global-timeout' */
335 static const XMLCh REASON_GLOBAL_TIMEOUT[];
336 /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:sp-timeout' */
337 static const XMLCh REASON_SP_TIMEOUT[];
341 BEGIN_XMLOBJECT(SAML_API,LogoutResponse,StatusResponse,SAML 2.0 LogoutResponse element);
344 BEGIN_XMLOBJECT(SAML_API,NameIDMappingRequest,Request,SAML 2.0 NameIDMappingRequest element);
345 DECL_TYPED_FOREIGN_CHILD(BaseID,saml2);
346 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
347 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
348 DECL_TYPED_CHILD(NameIDPolicy);
349 /** NameIDMappingRequestType local name */
350 static const XMLCh TYPE_NAME[];
353 BEGIN_XMLOBJECT(SAML_API,NameIDMappingResponse,StatusResponse,SAML 2.0 NameIDMappingResponse element);
354 DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
355 DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
356 /** NameIDMappingResponseType local name */
357 static const XMLCh TYPE_NAME[];
362 DECL_SAML2POBJECTBUILDER(Artifact);
363 DECL_SAML2POBJECTBUILDER(ArtifactResolve);
364 DECL_SAML2POBJECTBUILDER(ArtifactResponse);
365 DECL_SAML2POBJECTBUILDER(AssertionIDRequest);
366 DECL_SAML2POBJECTBUILDER(AttributeQuery);
367 DECL_SAML2POBJECTBUILDER(AuthnQuery);
368 DECL_SAML2POBJECTBUILDER(AuthnRequest);
369 DECL_SAML2POBJECTBUILDER(AuthzDecisionQuery);
370 DECL_SAML2POBJECTBUILDER(Extensions);
371 DECL_SAML2POBJECTBUILDER(GetComplete);
372 DECL_SAML2POBJECTBUILDER(IDPEntry);
373 DECL_SAML2POBJECTBUILDER(IDPList);
374 DECL_SAML2POBJECTBUILDER(LogoutRequest);
375 DECL_SAML2POBJECTBUILDER(LogoutResponse);
376 DECL_SAML2POBJECTBUILDER(ManageNameIDRequest);
377 DECL_SAML2POBJECTBUILDER(ManageNameIDResponse);
378 DECL_SAML2POBJECTBUILDER(NameIDMappingRequest);
379 DECL_SAML2POBJECTBUILDER(NameIDMappingResponse);
380 DECL_SAML2POBJECTBUILDER(NameIDPolicy);
381 DECL_SAML2POBJECTBUILDER(NewEncryptedID);
382 DECL_SAML2POBJECTBUILDER(NewID);
383 DECL_SAML2POBJECTBUILDER(RequestedAuthnContext);
384 DECL_SAML2POBJECTBUILDER(RequesterID);
385 DECL_SAML2POBJECTBUILDER(Response);
386 DECL_SAML2POBJECTBUILDER(Scoping);
387 DECL_SAML2POBJECTBUILDER(SessionIndex);
388 DECL_SAML2POBJECTBUILDER(Status);
389 DECL_SAML2POBJECTBUILDER(StatusCode);
390 DECL_SAML2POBJECTBUILDER(StatusDetail);
391 DECL_SAML2POBJECTBUILDER(StatusMessage);
392 DECL_SAML2POBJECTBUILDER(Terminate);
394 DECL_XMLOBJECTBUILDER(SAML_API,RespondTo,opensaml::SAMLConstants::SAML20P_THIRDPARTY_EXT_NS,opensaml::SAMLConstants::SAML20P_THIRDPARTY_EXT_PREFIX);
401 * Builder for StatusResponse objects.
403 * This is customized to force the element name to be specified.
405 class SAML_API StatusResponseBuilder : public xmltooling::XMLObjectBuilder {
407 virtual ~StatusResponseBuilder() {}
408 /** Builder that allows element/type override. */
409 virtual StatusResponse* buildObject(
410 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL
413 /** Singleton builder. */
414 static StatusResponse* buildStatusResponse(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL) {
415 const StatusResponseBuilder* b = dynamic_cast<const StatusResponseBuilder*>(
416 XMLObjectBuilder::getBuilder(xmltooling::QName(SAMLConstants::SAML20P_NS,StatusResponse::TYPE_NAME))
419 xmltooling::QName schemaType(SAMLConstants::SAML20P_NS,StatusResponse::TYPE_NAME,SAMLConstants::SAML20P_PREFIX);
420 return b->buildObject(nsURI, localName, prefix, &schemaType);
422 throw xmltooling::XMLObjectException("Unable to obtain typed builder for StatusResponse.");
428 * Registers builders and validators for SAML 2.0 Protocol classes into the runtime.
430 void SAML_API registerProtocolClasses();
433 * Validator suite for SAML 2.0 Protocol schema validation.
435 extern SAML_API xmltooling::ValidatorSuite ProtocolSchemaValidators;
439 #endif /* __saml2_protocols_h__ */