*/
/**
- * @file Protocols.h
+ * @file saml/saml2/core/Protocols.h
*
* XMLObjects representing the SAML 2.0 Protocols schema
*/
namespace opensaml {
/**
- * @namespace saml2p
+ * @namespace opensaml::saml2p
* SAML 2.0 protocol namespace
*/
namespace saml2p {
+ //TODO sync C++ and Java class/interface names, e.g. -Type or no -Type, etc
+
DECL_XMLOBJECT_SIMPLE(SAML_API,Artifact,Artifact,SAML 2.0 Artifact element);
DECL_XMLOBJECT_SIMPLE(SAML_API,GetComplete,GetComplete,SAML 2.0 GetComplete element);
DECL_XMLOBJECT_SIMPLE(SAML_API,NewID,NewID,SAML 2.0 NewID element);
DECL_XMLOBJECT_SIMPLE(SAML_API,SessionIndex,SessionIndex,SAML 2.0 SessionIndex element);
DECL_XMLOBJECT_SIMPLE(SAML_API,StatusMessage,Message,SAML 2.0 StatusMessage element);
+ DECL_XMLOBJECT_SIMPLE(SAML_API,RespondTo,Name,SAML 2.0 third-party request RespondTo extension element);
+
BEGIN_XMLOBJECT(SAML_API,Extensions,xmltooling::ElementProxy,SAML 2.0 protocol Extensions element);
/** ExtensionsType local name */
static const XMLCh TYPE_NAME[];
DECL_TYPED_CHILD(StatusCode);
/** StatusCodeType local name */
static const XMLCh TYPE_NAME[];
+
+ /**
+ * @name StatusCode Value Attribute URI Reference Constants
+ *
+ * SAML 2.0 Core, section 3.2.2.2, predefines several URI
+ * references for use in the Value attribue of the StatusCode
+ * element. Other values may be defined elsewhere.
+ */
+ /*@{*/
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Success' */
+ static const XMLCh SUCCESS[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Requester' */
+ static const XMLCh REQUESTER[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Responder' */
+ static const XMLCh RESPONDER[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch' */
+ static const XMLCh VERSION_MISMATCH[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:AuthnFailed' */
+ static const XMLCh AUTHN_FAILED[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue' */
+ static const XMLCh INVALID_ATTR_NAME_OR_VALUE[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy' */
+ static const XMLCh INVALID_NAMEID_POLICY[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext' */
+ static const XMLCh NO_AUTHN_CONTEXT[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP' */
+ static const XMLCh NO_AVAILABLE_IDP[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoPassive' */
+ static const XMLCh NO_PASSIVE[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP' */
+ static const XMLCh NO_SUPPORTED_IDP[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout' */
+ static const XMLCh PARTIAL_LOGOUT[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded' */
+ static const XMLCh PROXY_COUNT_EXCEEDED[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestDenied' */
+ static const XMLCh REQUEST_DENIED[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported' */
+ static const XMLCh REQUEST_UNSUPPORTED[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated' */
+ static const XMLCh REQUEST_VERSION_DEPRECATED[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh' */
+ static const XMLCh REQUEST_VERSION_TOO_HIGH[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow' */
+ static const XMLCh REQUEST_VERSION_TOO_LOW[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized' */
+ static const XMLCh RESOURCE_NOT_RECOGNIZED[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:TooManyResponses' */
+ static const XMLCh TOO_MANY_RESPONSES[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile' */
+ static const XMLCh UNKNOWN_ATTR_PROFILE[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal' */
+ static const XMLCh UNKNOWN_PRINCIPAL[];
+ /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding' */
+ static const XMLCh UNSUPPORTED_BINDING[];
+ /*@{*/
END_XMLOBJECT;
- BEGIN_XMLOBJECT(SAML_API,StatusDetail,xmltooling::ElementProxy,SAML 2.0 StatusDetail element);
+ BEGIN_XMLOBJECT(SAML_API,StatusDetail,xmltooling::XMLObject,SAML 2.0 StatusDetail element);
+ DECL_XMLOBJECT_CHILDREN(Detail);
/** StatusDetailType local name */
static const XMLCh TYPE_NAME[];
END_XMLOBJECT;
DECL_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
DECL_STRING_ATTRIB(Destination,DESTINATION);
DECL_STRING_ATTRIB(Consent,CONSENT);
+
DECL_TYPED_FOREIGN_CHILD(Issuer,saml2);
DECL_TYPED_FOREIGN_CHILD(Signature,xmlsignature);
DECL_TYPED_CHILD(Extensions);
DECL_TYPED_CHILD(Status);
+
/** StatusResponseType local name */
static const XMLCh TYPE_NAME[];
END_XMLOBJECT;
DECL_STRING_ATTRIB(Comparison,COMPARISON);
DECL_TYPED_FOREIGN_CHILDREN(AuthnContextClassRef,saml2);
DECL_TYPED_FOREIGN_CHILDREN(AuthnContextDeclRef,saml2);
- /** exact Comparison */
+
+ /** RequestedAuthnContextType local name */
+ static const XMLCh TYPE_NAME[];
+
+ /**
+ * @name RequestedAuthnContext Comparison Attribute Constants
+ *
+ * These are the allowed values for the Comparison attribute of
+ * the RequestedAuthnContext element, as defined by SAML 2.0 Core.
+ */
+ /*@{*/
+ /** 'exact' Comparison */
static const XMLCh COMPARISON_EXACT[];
- /** minimum Comparison */
+ /** 'minimum' Comparison */
static const XMLCh COMPARISON_MINIMUM[];
- /** maximum Comparison */
+ /** 'maximum' Comparison */
static const XMLCh COMPARISON_MAXIMUM[];
- /** better Comparison */
+ /** 'better' Comparison */
static const XMLCh COMPARISON_BETTER[];
- /** RequestedAuthnContextType local name */
- static const XMLCh TYPE_NAME[];
+ /*@}*/
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,AuthnQuery,SubjectQuery,SAML 2.0 AuthnQuery element);
BEGIN_XMLOBJECT(SAML_API,NameIDPolicy,xmltooling::XMLObject,SAML 2.0 NameIDPolicy element);
DECL_STRING_ATTRIB(Format,FORMAT);
DECL_STRING_ATTRIB(SPNameQualifier,SPNAMEQUALIFIER);
- DECL_BOOLEAN_ATTRIB(AllowCreate,ALLOWCREATE);
+ DECL_BOOLEAN_ATTRIB(AllowCreate,ALLOWCREATE,false);
/** NameIDPolicyType local name */
static const XMLCh TYPE_NAME[];
END_XMLOBJECT;
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,IDPList,xmltooling::XMLObject,SAML 2.0 IDPList element);
- DECL_TYPED_CHILD(IDPEntry);
+ DECL_TYPED_CHILDREN(IDPEntry);
DECL_TYPED_CHILD(GetComplete);
/** IDPListType local name */
static const XMLCh TYPE_NAME[];
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,AuthnRequest,Request,SAML 2.0 AuthnRequest element);
- DECL_BOOLEAN_ATTRIB(ForceAuthn,FORCEAUTHN);
- DECL_BOOLEAN_ATTRIB(IsPassive,ISPASSIVE);
+ DECL_BOOLEAN_ATTRIB(ForceAuthn,FORCEAUTHN,false);
+ DECL_BOOLEAN_ATTRIB(IsPassive,ISPASSIVE,false);
DECL_STRING_ATTRIB(ProtocolBinding,PROTOCOLBINDING);
DECL_INTEGER_ATTRIB(AssertionConsumerServiceIndex,ASSERTIONCONSUMERSERVICEINDEX);
DECL_STRING_ATTRIB(AssertionConsumerServiceURL,ASSERTIONCONSUMERSERVICEURL);
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,ArtifactResponse,StatusResponse,SAML 2.0 ArtifactResponse element);
+ DECL_XMLOBJECT_CHILD(Payload);
/** ArtifiactResponseType local name */
static const XMLCh TYPE_NAME[];
END_XMLOBJECT;
static const XMLCh TYPE_NAME[];
END_XMLOBJECT;
- BEGIN_XMLOBJECT(SAML_API,NewEncryptedID,saml2::EncryptedElementType,SAML 2.0 EncryptedNewID element);
+ BEGIN_XMLOBJECT(SAML_API,NewEncryptedID,saml2::EncryptedElementType,SAML 2.0 NewEncryptedID element);
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,ManageNameIDRequest,Request,SAML 2.0 ManageNameIDRequest element);
DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
DECL_TYPED_CHILDREN(SessionIndex);
+
/** LogoutRequestType local name */
static const XMLCh TYPE_NAME[];
+
+ /**
+ * @name LogoutRequest Reason URI Constants
+ *
+ * URI Constants for the Reason attribute of the LogoutRequest
+ * element as defined by SAML 2.0 Core, section 3.7.3.
+ */
+ /*@{*/
+ /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:user' */
+ static const XMLCh REASON_USER[];
+ /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:admin' */
+ static const XMLCh REASON_ADMIN[];
+ /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:global-timeout' */
+ static const XMLCh REASON_GLOBAL_TIMEOUT[];
+ /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:sp-timeout' */
+ static const XMLCh REASON_SP_TIMEOUT[];
+ /*@}*/
END_XMLOBJECT;
BEGIN_XMLOBJECT(SAML_API,LogoutResponse,StatusResponse,SAML 2.0 LogoutResponse element);
static const XMLCh TYPE_NAME[];
END_XMLOBJECT;
- //TODO custom builders, if any
// Builders
DECL_SAML2POBJECTBUILDER(Artifact);
DECL_SAML2POBJECTBUILDER(StatusDetail);
DECL_SAML2POBJECTBUILDER(StatusMessage);
DECL_SAML2POBJECTBUILDER(Terminate);
+
+ DECL_XMLOBJECTBUILDER(SAML_API,RespondTo,opensaml::SAMLConstants::SAML20P_THIRDPARTY_EXT_NS,opensaml::SAMLConstants::SAML20P_THIRDPARTY_EXT_PREFIX);
+
+ //
+ // Custom builders
+ //
+
+ /**
+ * Builder for StatusResponse objects.
+ *
+ * This is customized to force the element name to be specified.
+ */
+ class SAML_API StatusResponseBuilder : public xmltooling::XMLObjectBuilder {
+ public:
+ virtual ~StatusResponseBuilder() {}
+ /** Builder that allows element/type override. */
+ virtual StatusResponse* buildObject(
+ const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL
+ ) const;
+
+ /** Singleton builder. */
+ static StatusResponse* buildStatusResponse(const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL) {
+ const StatusResponseBuilder* b = dynamic_cast<const StatusResponseBuilder*>(
+ XMLObjectBuilder::getBuilder(xmltooling::QName(SAMLConstants::SAML20P_NS,StatusResponse::TYPE_NAME))
+ );
+ if (b) {
+ xmltooling::QName schemaType(SAMLConstants::SAML20P_NS,StatusResponse::TYPE_NAME,SAMLConstants::SAML20P_PREFIX);
+ return b->buildObject(nsURI, localName, prefix, &schemaType);
+ }
+ throw xmltooling::XMLObjectException("Unable to obtain typed builder for StatusResponse.");
+ }
+ };
/**
- * Registers builders and validators for Protocol classes into the runtime.
+ * Registers builders and validators for SAML 2.0 Protocol classes into the runtime.
*/
void SAML_API registerProtocolClasses();
+
+ /**
+ * Validator suite for SAML 2.0 Protocol schema validation.
+ */
+ extern SAML_API xmltooling::ValidatorSuite ProtocolSchemaValidators;
};
};