Multi-line svn commit, see body.

Implement proper inheritance of validators for request/response types.
Implement rules from SAML 2.0 Core spec document in validators.
Supply Unicode literal constants for StatusCode and LogoutRequest types.
Group member Unicode literal constants in docs using Doxygen member groups.

diff --git a/saml/saml2/core/Protocols.h b/saml/saml2/core/Protocols.h
index fbd7485..b520903 100644 (file)
--- a/saml/saml2/core/Protocols.h
+++ b/saml/saml2/core/Protocols.h
@@ -69,6 +69,62 @@ namespace opensaml {
             DECL_TYPED_CHILD(StatusCode);
             /** StatusCodeType local name */
             static const XMLCh TYPE_NAME[];
+
+            /**
+              * @name StatusCode Value Attribute URI Reference Constants
+              *
+              * SAML 2.0 Core, section 3.2.2.2, predefines several URI
+              * references for use in the Value attribue of the StatusCode
+              * element.  Other values may be defined elsewhere.
+              */
+            /*@{*/
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Success' */
+            static const XMLCh SUCCESS[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Requester' */
+            static const XMLCh REQUESTER[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:Responder' */
+            static const XMLCh RESPONDER[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch' */
+            static const XMLCh VERSION_MISMATCH[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:AuthnFailed' */
+            static const XMLCh AUTHN_FAILED[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue' */
+            static const XMLCh INVALID_ATTR_NAME_OR_VALUE[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy' */
+            static const XMLCh INVALID_NAMEID_POLICY[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext' */
+            static const XMLCh NO_AUTHN_CONTEXT[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP' */
+            static const XMLCh NO_AVAILABLE_IDP[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoPassive' */
+            static const XMLCh NO_PASSIVE[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP' */
+            static const XMLCh NO_SUPPORTED_IDP[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout' */
+            static const XMLCh PARTIAL_LOGOUT[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded' */
+            static const XMLCh PROXY_COUNT_EXCEEDED[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestDenied' */
+            static const XMLCh REQUEST_DENIED[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported' */
+            static const XMLCh REQUEST_UNSUPPORTED[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated' */
+            static const XMLCh REQUEST_VERSION_DEPRECATED[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh' */
+            static const XMLCh REQUEST_VERSION_TOO_HIGH[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow' */
+            static const XMLCh REQUEST_VERSION_TOO_LOW[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized' */
+            static const XMLCh RESOURCE_NOT_RECOGNIZED[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:TooManyResponses' */
+            static const XMLCh TOO_MANY_RESPONSES[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile' */
+            static const XMLCh UNKNOWN_ATTR_PROFILE[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal' */
+            static const XMLCh UNKNOWN_PRINCIPAL[];
+            /** StatusCode Value 'urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding' */
+            static const XMLCh UNSUPPORTED_BINDING[];
+            /*@{*/
         END_XMLOBJECT;
 
         BEGIN_XMLOBJECT(SAML_API,StatusDetail,xmltooling::XMLObject,SAML 2.0 StatusDetail element);
@@ -119,16 +175,26 @@ namespace opensaml {
             DECL_STRING_ATTRIB(Comparison,COMPARISON);
             DECL_TYPED_FOREIGN_CHILDREN(AuthnContextClassRef,saml2);
             DECL_TYPED_FOREIGN_CHILDREN(AuthnContextDeclRef,saml2);
-            /** exact Comparison */
+
+            /** RequestedAuthnContextType local name */
+            static const XMLCh TYPE_NAME[];
+
+            /**
+             * @name RequestedAuthnContext Comparison Attribute Constants
+             *
+             * These are the allowed values for the Comparison attribute of
+             * the RequestedAuthnContext element, as defined by SAML 2.0 Core.
+             */
+            /*@{*/
+            /** 'exact' Comparison */
             static const XMLCh COMPARISON_EXACT[];
-            /** minimum Comparison */
+            /** 'minimum' Comparison */
             static const XMLCh COMPARISON_MINIMUM[];
-            /** maximum Comparison */
+            /** 'maximum' Comparison */
             static const XMLCh COMPARISON_MAXIMUM[];
-            /** better Comparison */
+            /** 'better' Comparison */
             static const XMLCh COMPARISON_BETTER[];
-            /** RequestedAuthnContextType local name */
-            static const XMLCh TYPE_NAME[];
+            /*@}*/
         END_XMLOBJECT;
 
         BEGIN_XMLOBJECT(SAML_API,AuthnQuery,SubjectQuery,SAML 2.0 AuthnQuery element);
@@ -181,8 +247,6 @@ namespace opensaml {
             DECL_TYPED_CHILDREN(RequesterID);
             /** ScopingType local name */
             static const XMLCh TYPE_NAME[];
-            /** ProxyCount value to express no restriction*/
-            static const int NO_PROXY_COUNT;
         END_XMLOBJECT;
 
         BEGIN_XMLOBJECT(SAML_API,AuthnRequest,Request,SAML 2.0 AuthnRequest element);
@@ -250,8 +314,26 @@ namespace opensaml {
             DECL_TYPED_FOREIGN_CHILD(NameID,saml2);
             DECL_TYPED_FOREIGN_CHILD(EncryptedID,saml2);
             DECL_TYPED_CHILDREN(SessionIndex);
+
             /** LogoutRequestType local name */
             static const XMLCh TYPE_NAME[];
+
+            /**
+              * @name LogoutRequest Reason URI Constants
+              * 
+              * URI Constants for the Reason attribute of the LogoutRequest
+              * element as defined by SAML 2.0 Core, section 3.7.3.
+              */
+            /*@{*/
+            /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:user' */
+            static const XMLCh REASON_USER[];
+            /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:admin' */
+            static const XMLCh REASON_ADMIN[];
+            /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:global-timeout' */
+            static const XMLCh REASON_GLOBAL_TIMEOUT[];
+            /** Reason value 'urn:oasis:names:tc:SAML:2.0:logout:sp-timeout' */
+            static const XMLCh REASON_SP_TIMEOUT[];
+            /*@}*/
         END_XMLOBJECT;
 
         BEGIN_XMLOBJECT(SAML_API,LogoutResponse,StatusResponse,SAML 2.0 LogoutResponse element);

diff --git a/saml/saml2/core/impl/Protocols20Impl.cpp b/saml/saml2/core/impl/Protocols20Impl.cpp
index 720de3e..1054ec6 100644 (file)
--- a/saml/saml2/core/impl/Protocols20Impl.cpp
+++ b/saml/saml2/core/impl/Protocols20Impl.cpp
@@ -1735,3 +1735,252 @@ const XMLCh SubjectQuery::LOCAL_NAME[] = {chNull};
 const XMLCh SubjectQuery::TYPE_NAME[] = UNICODE_LITERAL_16(S,u,b,j,e,c,t,Q,u,e,r,y,T,y,p,e);
 const XMLCh Terminate::LOCAL_NAME[] = UNICODE_LITERAL_9(T,e,r,m,i,n,a,t,e);
 const XMLCh Terminate::TYPE_NAME[] = UNICODE_LITERAL_13(T,e,r,m,i,n,a,t,e,T,y,p,e);
+
+// Unicode literals: LogoutRequest element, Reason attribute
+const XMLCh LogoutRequest::REASON_USER[] = // urn:oasis:names:tc:SAML:2.0:logout:user
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_l, chLatin_o, chLatin_g, chLatin_o, chLatin_u, chLatin_t, chColon,
+  chLatin_u, chLatin_s, chLatin_e, chLatin_r, chNull
+};
+
+const XMLCh LogoutRequest::REASON_ADMIN[] = // urn:oasis:names:tc:SAML:2.0:logout:admin
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_l, chLatin_o, chLatin_g, chLatin_o, chLatin_u, chLatin_t, chColon,
+  chLatin_a, chLatin_d, chLatin_m, chLatin_i, chLatin_n, chNull
+};
+
+
+const XMLCh LogoutRequest::REASON_GLOBAL_TIMEOUT[] = // urn:oasis:names:tc:SAML:2.0:logout:global-timeout
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_l, chLatin_o, chLatin_g, chLatin_o, chLatin_u, chLatin_t, chColon,
+  chLatin_g, chLatin_l, chLatin_o, chLatin_b, chLatin_a, chLatin_l, 
+    chDash, chLatin_t, chLatin_i, chLatin_m, chLatin_e, chLatin_o, chLatin_u, chLatin_t, chNull
+};
+
+
+const XMLCh LogoutRequest::REASON_SP_TIMEOUT[] = // urn:oasis:names:tc:SAML:2.0:logout:sp-timeout
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_l, chLatin_o, chLatin_g, chLatin_o, chLatin_u, chLatin_t, chColon,
+  chLatin_s, chLatin_p, chDash, chLatin_t, chLatin_i, chLatin_m, chLatin_e, chLatin_o, chLatin_u, chLatin_t, chNull
+};
+
+
+// Unicode literals, StatusCode Value
+const XMLCh StatusCode::SUCCESS[] = //  urn:oasis:names:tc:SAML:2.0:status:Success 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_S, chLatin_u, chLatin_c, chLatin_c, chLatin_e, chLatin_s, chLatin_s, chNull
+};
+
+const XMLCh StatusCode::REQUESTER[] = //  urn:oasis:names:tc:SAML:2.0:status:Requester 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_R, chLatin_e, chLatin_q, chLatin_u, chLatin_e, chLatin_s, chLatin_t, chLatin_e, chLatin_r, chNull
+};
+
+const XMLCh StatusCode::RESPONDER[] = //  urn:oasis:names:tc:SAML:2.0:status:Responder 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_R, chLatin_e, chLatin_s, chLatin_p, chLatin_o, chLatin_n, chLatin_d, chLatin_e, chLatin_r, chNull
+};
+
+const XMLCh StatusCode::VERSION_MISMATCH[] = //  urn:oasis:names:tc:SAML:2.0:status:VersionMismatch 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_V, chLatin_e, chLatin_r, chLatin_s, chLatin_i, chLatin_o, chLatin_n,
+    chLatin_M, chLatin_i, chLatin_s, chLatin_m, chLatin_a, chLatin_t, chLatin_c, chLatin_h, chNull
+};
+
+const XMLCh StatusCode::AUTHN_FAILED[] = //  urn:oasis:names:tc:SAML:2.0:status:AuthnFailed 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_A, chLatin_u, chLatin_t, chLatin_h, chLatin_n,
+    chLatin_F, chLatin_a, chLatin_i, chLatin_l, chLatin_e, chLatin_d, chNull
+};
+
+const XMLCh StatusCode::INVALID_ATTR_NAME_OR_VALUE[] = //  urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_I, chLatin_n, chLatin_v, chLatin_a, chLatin_l, chLatin_i, chLatin_d, 
+    chLatin_A, chLatin_t, chLatin_t, chLatin_r, chLatin_N, chLatin_a, chLatin_m, chLatin_e, 
+    chLatin_O, chLatin_r, chLatin_V, chLatin_a, chLatin_l, chLatin_u, chLatin_e, chNull
+};
+
+const XMLCh StatusCode::INVALID_NAMEID_POLICY[] = //  urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_I, chLatin_n, chLatin_v, chLatin_a, chLatin_l, chLatin_i, chLatin_d, 
+   chLatin_N, chLatin_a, chLatin_m, chLatin_e, chLatin_I, chLatin_D, 
+   chLatin_P, chLatin_o, chLatin_l, chLatin_i, chLatin_c, chLatin_y, chNull
+};
+
+const XMLCh StatusCode::NO_AUTHN_CONTEXT[] = //  urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_N, chLatin_o, chLatin_A, chLatin_u, chLatin_t, chLatin_h, chLatin_n, 
+  chLatin_C, chLatin_o, chLatin_n, chLatin_t, chLatin_e, chLatin_x, chLatin_t, chNull
+};
+
+const XMLCh StatusCode::NO_AVAILABLE_IDP[] = //  urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_N, chLatin_o, chLatin_A, chLatin_v, chLatin_a, chLatin_i, chLatin_l, chLatin_a, chLatin_b, chLatin_l, chLatin_e, 
+   chLatin_I, chLatin_D, chLatin_P, chNull
+};
+
+const XMLCh StatusCode::NO_PASSIVE[] = //  urn:oasis:names:tc:SAML:2.0:status:NoPassive 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_N, chLatin_o, chLatin_P, chLatin_a, chLatin_s, chLatin_s, chLatin_i, chLatin_v, chLatin_e, chNull
+};
+
+const XMLCh StatusCode::NO_SUPPORTED_IDP[] = //  urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_N, chLatin_o, chLatin_S, chLatin_u, chLatin_p, chLatin_p, chLatin_o, chLatin_r, chLatin_t, chLatin_e, chLatin_d,
+      chLatin_I, chLatin_D, chLatin_P, chNull
+};
+
+const XMLCh StatusCode::PARTIAL_LOGOUT[] = //  urn:oasis:names:tc:SAML:2.0:status:PartialLogout 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_P, chLatin_a, chLatin_r, chLatin_t, chLatin_i, chLatin_a, chLatin_l, 
+    chLatin_L, chLatin_o, chLatin_g, chLatin_o, chLatin_u, chLatin_t, chNull
+};
+
+const XMLCh StatusCode::PROXY_COUNT_EXCEEDED[] = //  urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_P, chLatin_r, chLatin_o, chLatin_x, chLatin_y, chLatin_C, chLatin_o, chLatin_u, chLatin_n, chLatin_t, 
+    chLatin_E, chLatin_x, chLatin_c, chLatin_e, chLatin_e, chLatin_d, chLatin_e, chLatin_d, chNull
+};
+
+const XMLCh StatusCode::REQUEST_DENIED[] = //  urn:oasis:names:tc:SAML:2.0:status:RequestDenied 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_R, chLatin_e, chLatin_q, chLatin_u, chLatin_e, chLatin_s, chLatin_t, 
+    chLatin_D, chLatin_e, chLatin_n, chLatin_i, chLatin_e, chLatin_d, chNull
+};
+
+const XMLCh StatusCode::REQUEST_UNSUPPORTED[] = //  urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_R, chLatin_e, chLatin_q, chLatin_u, chLatin_e, chLatin_s, chLatin_t, 
+    chLatin_U, chLatin_n, chLatin_s, chLatin_u, chLatin_p, chLatin_p, chLatin_o, chLatin_r, chLatin_t, chLatin_e, chLatin_d, chNull
+};
+
+const XMLCh StatusCode::REQUEST_VERSION_DEPRECATED[] = //  urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_R, chLatin_e, chLatin_q, chLatin_u, chLatin_e, chLatin_s, chLatin_t, 
+    chLatin_V, chLatin_e, chLatin_r, chLatin_s, chLatin_i, chLatin_o, chLatin_n, 
+    chLatin_D, chLatin_e, chLatin_p, chLatin_r, chLatin_e, chLatin_c, chLatin_a, chLatin_t, chLatin_e, chLatin_d, chNull
+};
+
+const XMLCh StatusCode::REQUEST_VERSION_TOO_HIGH[] = //  urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_R, chLatin_e, chLatin_q, chLatin_u, chLatin_e, chLatin_s, chLatin_t, 
+  chLatin_V, chLatin_e, chLatin_r, chLatin_s, chLatin_i, chLatin_o, chLatin_n, 
+  chLatin_T, chLatin_o, chLatin_o, chLatin_H, chLatin_i, chLatin_g, chLatin_h, chNull
+};
+
+const XMLCh StatusCode::REQUEST_VERSION_TOO_LOW[] = //  urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_R, chLatin_e, chLatin_q, chLatin_u, chLatin_e, chLatin_s, chLatin_t, 
+    chLatin_V, chLatin_e, chLatin_r, chLatin_s, chLatin_i, chLatin_o, chLatin_n, 
+    chLatin_T, chLatin_o, chLatin_o, chLatin_L, chLatin_o, chLatin_w, chNull
+};
+
+const XMLCh StatusCode::RESOURCE_NOT_RECOGNIZED[] = //  urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_R, chLatin_e, chLatin_s, chLatin_o, chLatin_u, chLatin_r, chLatin_c, chLatin_e, 
+    chLatin_N, chLatin_o, chLatin_t, 
+    chLatin_R, chLatin_e, chLatin_c, chLatin_o, chLatin_g, chLatin_n, chLatin_i, chLatin_z, chLatin_e, chLatin_d, chNull
+};
+
+const XMLCh StatusCode::TOO_MANY_RESPONSES[] = //  urn:oasis:names:tc:SAML:2.0:status:TooManyResponses 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_T, chLatin_o, chLatin_o, chLatin_M, chLatin_a, chLatin_n, chLatin_y, 
+    chLatin_R, chLatin_e, chLatin_s, chLatin_p, chLatin_o, chLatin_n, chLatin_s, chLatin_e, chLatin_s, chNull
+};
+
+const XMLCh StatusCode::UNKNOWN_ATTR_PROFILE[] = //  urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_U, chLatin_n, chLatin_k, chLatin_n, chLatin_o, chLatin_w, chLatin_n, 
+    chLatin_A, chLatin_t, chLatin_t, chLatin_r, 
+    chLatin_P, chLatin_r, chLatin_o, chLatin_f, chLatin_i, chLatin_l, chLatin_e, chNull
+};
+
+const XMLCh StatusCode::UNKNOWN_PRINCIPAL[] = //  urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_U, chLatin_n, chLatin_k, chLatin_n, chLatin_o, chLatin_w, chLatin_n, 
+    chLatin_P, chLatin_r, chLatin_i, chLatin_n, chLatin_c, chLatin_i, chLatin_p, chLatin_a, chLatin_l, chNull
+};
+
+const XMLCh StatusCode::UNSUPPORTED_BINDING[] = //  urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding 
+{ chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,
+  chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,
+  chLatin_S, chLatin_A, chLatin_M, chLatin_L, chColon, chDigit_2, chPeriod, chDigit_0, chColon,
+  chLatin_s, chLatin_t, chLatin_a, chLatin_t, chLatin_u, chLatin_s, chColon,
+  chLatin_U, chLatin_n, chLatin_s, chLatin_u, chLatin_p, chLatin_p, chLatin_o, chLatin_r, chLatin_t, chLatin_e, chLatin_d, 
+    chLatin_B, chLatin_i, chLatin_n, chLatin_d, chLatin_i, chLatin_n, chLatin_g, chNull
+};
+

diff --git a/saml/saml2/core/impl/Protocols20SchemaValidators.cpp b/saml/saml2/core/impl/Protocols20SchemaValidators.cpp
index 22838de..916035e 100644 (file)
--- a/saml/saml2/core/impl/Protocols20SchemaValidators.cpp
+++ b/saml/saml2/core/impl/Protocols20SchemaValidators.cpp
@@ -30,8 +30,6 @@ using namespace opensaml;
 using namespace xmltooling;
 using namespace std;
 
-//TODO add in rules from normative spec document
-
 namespace opensaml {
     namespace saml2p {
         
@@ -42,6 +40,8 @@ namespace opensaml {
         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,SessionIndex);
         XMLOBJECTVALIDATOR_SIMPLE(SAML_DLLLOCAL,StatusMessage);
 
+        //TODO wildcard NS ##other - spec says must be a "non-SAML defined" namespace,
+        // not just other than the target namespace
         class SAML_DLLLOCAL checkWildcardNS {
         public:
             void operator()(const XMLObject* xmlObject) const {
@@ -55,6 +55,28 @@ namespace opensaml {
             }
         };
 
+        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Request);
+            XMLOBJECTVALIDATOR_REQUIRE(Request,ID);
+            XMLOBJECTVALIDATOR_REQUIRE(Request,Version);
+            XMLOBJECTVALIDATOR_REQUIRE(Request,IssueInstant);
+            if (!XMLString::equals(SAMLConstants::SAML20_VERSION, ptr->getVersion()))
+                throw ValidationException("Request has wrong SAML Version.");
+        END_XMLOBJECTVALIDATOR;
+
+        BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,SubjectQuery,Request);
+            RequestSchemaValidator::validate(xmlObject);
+            XMLOBJECTVALIDATOR_REQUIRE(SubjectQuery,Subject);
+        END_XMLOBJECTVALIDATOR;
+
+        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,StatusResponse);
+            XMLOBJECTVALIDATOR_REQUIRE(StatusResponse,ID);
+            XMLOBJECTVALIDATOR_REQUIRE(StatusResponse,Version);
+            XMLOBJECTVALIDATOR_REQUIRE(StatusResponse,IssueInstant);
+            XMLOBJECTVALIDATOR_REQUIRE(StatusResponse,Status);
+            if (!XMLString::equals(SAMLConstants::SAML20_VERSION, ptr->getVersion()))
+                throw ValidationException("StatusResponse has wrong SAML Version.");
+        END_XMLOBJECTVALIDATOR;
+
         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Extensions);
             if (!ptr->hasChildren())
                 throw ValidationException("Extensions must have at least one child element.");
@@ -64,16 +86,36 @@ namespace opensaml {
 
         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,StatusCode);
             XMLOBJECTVALIDATOR_REQUIRE(StatusCode,Value);
+
+            //TODO test this !!!
+            // If this is a top-level StatusCode (ie. parent is a Status),
+            // then there are only 4 valid values per SAML Core.
+            if (ptr->getParent()!=NULL && ptr->getParent()->getElementQName().hasLocalPart())
+            {
+                QName pq = ptr->getParent()->getElementQName();
+
+                if ( XMLString::equals(pq.getNamespaceURI(), SAMLConstants::SAML20P_NS) &&
+                        XMLString::equals(pq.getLocalPart(), Status::LOCAL_NAME))
+                {
+                    const XMLCh* code = ptr->getValue();
+
+                    if (!XMLString::equals(code, StatusCode::SUCCESS) &&
+                        !XMLString::equals(code, StatusCode::REQUESTER) &&
+                        !XMLString::equals(code, StatusCode::RESPONDER) &&
+                        !XMLString::equals(code, StatusCode::VERSION_MISMATCH) )
+                    {
+                        throw ValidationException("Invalid value for top-level StatusCode");
+                    }
+                }
+            }
         END_XMLOBJECTVALIDATOR;
 
         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Status);
             XMLOBJECTVALIDATOR_REQUIRE(Status,StatusCode);
         END_XMLOBJECTVALIDATOR;
 
-        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AssertionIDRequest);
-            XMLOBJECTVALIDATOR_REQUIRE(AssertionIDRequest,ID);
-            XMLOBJECTVALIDATOR_REQUIRE(AssertionIDRequest,Version);
-            XMLOBJECTVALIDATOR_REQUIRE(AssertionIDRequest,IssueInstant);
+        BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,AssertionIDRequest,Request);
+            RequestSchemaValidator::validate(xmlObject);
             XMLOBJECTVALIDATOR_NONEMPTY(AssertionIDRequest,AssertionIDRef);
         END_XMLOBJECTVALIDATOR;
 
@@ -86,20 +128,22 @@ namespace opensaml {
                 !XMLString::equals(ptr->getComparison(),RequestedAuthnContext::COMPARISON_MINIMUM) &&
                 !XMLString::equals(ptr->getComparison(),RequestedAuthnContext::COMPARISON_MAXIMUM) &&
                 !XMLString::equals(ptr->getComparison(),RequestedAuthnContext::COMPARISON_BETTER))
-                throw ValidationException("Comparison must be one of: 'exact', 'minimum', 'maximum', or 'better'.");
+                throw ValidationException("RequestedAuthnContext Comparison attribute must be one of: 'exact', 'minimum', 'maximum', or 'better'.");
         END_XMLOBJECTVALIDATOR;
 
-        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AuthnQuery);
-            XMLOBJECTVALIDATOR_REQUIRE(AuthnQuery,Subject);
+        BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,AuthnQuery,SubjectQuery);
+            SubjectQuerySchemaValidator::validate(xmlObject);
         END_XMLOBJECTVALIDATOR;
 
-        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AttributeQuery);
-            XMLOBJECTVALIDATOR_REQUIRE(AttributeQuery,Subject);
+        BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,AttributeQuery,SubjectQuery);
+            SubjectQuerySchemaValidator::validate(xmlObject);
+            //TODO Name/NameFormat pairs of child Attributes must be unique 
+            //   - whether and how to implement efficiently?
         END_XMLOBJECTVALIDATOR;
 
-        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AuthzDecisionQuery);
+        BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,AuthzDecisionQuery,SubjectQuery);
+            SubjectQuerySchemaValidator::validate(xmlObject);
             XMLOBJECTVALIDATOR_REQUIRE(AuthzDecisionQuery,Resource);
-            XMLOBJECTVALIDATOR_REQUIRE(AuthzDecisionQuery,Subject);
             XMLOBJECTVALIDATOR_NONEMPTY(AuthzDecisionQuery,Action);
         END_XMLOBJECTVALIDATOR;
 
@@ -117,55 +161,57 @@ namespace opensaml {
                 throw xmltooling::ValidationException("ProxyCount attribute on Scoping element must be non-negative"); 
         END_XMLOBJECTVALIDATOR;
 
-        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,AuthnRequest);
-            //TODO no schema, but need spec constraints
-        END_XMLOBJECTVALIDATOR;
-
-        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,StatusResponse);
-            XMLOBJECTVALIDATOR_REQUIRE(StatusResponse,Status);
+        BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,AuthnRequest,Request);
+            RequestSchemaValidator::validate(xmlObject);
+            if (ptr->getAssertionConsumerServiceIndex().first 
+                    && (ptr->getAssertionConsumerServiceURL()!=NULL || ptr->getProtocolBinding()!=NULL))
+                throw xmltooling::ValidationException("On AuthnRequest AssertionConsumerServiceIndex is mutually exclusive with both AssertionConsumerServiceURL and ProtocolBinding");
         END_XMLOBJECTVALIDATOR;
 
-        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,Response);
-            XMLOBJECTVALIDATOR_REQUIRE(Response,Status);
+        BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,Response,StatusResponse);
+            StatusResponseSchemaValidator::validate(xmlObject);
         END_XMLOBJECTVALIDATOR;
 
-        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,ArtifactResolve);
+        BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,ArtifactResolve,Request);
+            RequestSchemaValidator::validate(xmlObject);
             XMLOBJECTVALIDATOR_REQUIRE(ArtifactResolve,Artifact);
         END_XMLOBJECTVALIDATOR;
 
-        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,ArtifactResponse);
-            XMLOBJECTVALIDATOR_REQUIRE(ArtifactResponse,Status);
+        BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,ArtifactResponse,StatusResponse);
+            StatusResponseSchemaValidator::validate(xmlObject);
         END_XMLOBJECTVALIDATOR;
 
         BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,NewEncryptedID);
             XMLOBJECTVALIDATOR_REQUIRE(NewEncryptedID,EncryptedData);
         END_XMLOBJECTVALIDATOR;
 
-        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,ManageNameIDRequest);
+        BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,ManageNameIDRequest,Request);
+            RequestSchemaValidator::validate(xmlObject);
             XMLOBJECTVALIDATOR_ONLYONEOF(ManageNameIDRequest,NameID,EncryptedID);
             XMLOBJECTVALIDATOR_ONLYONEOF3(ManageNameIDRequest,NewID,NewEncryptedID,Terminate);
         END_XMLOBJECTVALIDATOR;
 
-
-        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,ManageNameIDResponse);
-            XMLOBJECTVALIDATOR_REQUIRE(ManageNameIDResponse,Status);
+        BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,ManageNameIDResponse,StatusResponse);
+            StatusResponseSchemaValidator::validate(xmlObject);
         END_XMLOBJECTVALIDATOR;
 
-        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,LogoutRequest);
+        BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,LogoutRequest,Request);
+            RequestSchemaValidator::validate(xmlObject);
             XMLOBJECTVALIDATOR_ONLYONEOF3(LogoutRequest,BaseID,NameID,EncryptedID);
         END_XMLOBJECTVALIDATOR;
 
-        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,LogoutResponse);
-            XMLOBJECTVALIDATOR_REQUIRE(LogoutResponse,Status);
+        BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,LogoutResponse,StatusResponse);
+            StatusResponseSchemaValidator::validate(xmlObject);
         END_XMLOBJECTVALIDATOR;
 
-        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,NameIDMappingRequest);
+        BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,NameIDMappingRequest,Request);
+            RequestSchemaValidator::validate(xmlObject);
             XMLOBJECTVALIDATOR_ONLYONEOF3(NameIDMappingRequest,BaseID,NameID,EncryptedID);
             XMLOBJECTVALIDATOR_REQUIRE(NameIDMappingRequest,NameIDPolicy);
         END_XMLOBJECTVALIDATOR;
 
-        BEGIN_XMLOBJECTVALIDATOR(SAML_DLLLOCAL,NameIDMappingResponse);
-            XMLOBJECTVALIDATOR_REQUIRE(NameIDMappingResponse,Status);
+        BEGIN_XMLOBJECTVALIDATOR_SUB(SAML_DLLLOCAL,NameIDMappingResponse,StatusResponse);
+            StatusResponseSchemaValidator::validate(xmlObject);
             XMLOBJECTVALIDATOR_ONLYONEOF(NameIDMappingResponse,NameID,EncryptedID);
         END_XMLOBJECTVALIDATOR;
 

diff --git a/saml/util/SAMLConstants.cpp b/saml/util/SAMLConstants.cpp
index b0b0d88..d8c5270 100644 (file)
--- a/saml/util/SAMLConstants.cpp
+++ b/saml/util/SAMLConstants.cpp
@@ -81,6 +81,10 @@ const XMLCh SAMLConstants::SAML1_METADATA_PROFILE[] = // urn:oasis:names:tc:SAML
   chLatin_v, chDigit_1, chLatin_m, chLatin_e, chLatin_t, chLatin_a, chLatin_d, chLatin_a, chLatin_t, chLatin_a, chNull\r
 };\r
 \r
+const XMLCh SAMLConstants::SAML20_VERSION[] = // 2.0\r
+{ chDigit_2, chPeriod, chDigit_0, chNull\r
+};\r
+\r
 const XMLCh SAMLConstants::SAML20_NS[] = // urn:oasis:names:tc:SAML:2.0:assertion\r
 { chLatin_u, chLatin_r, chLatin_n, chColon, chLatin_o, chLatin_a, chLatin_s, chLatin_i, chLatin_s, chColon,\r
   chLatin_n, chLatin_a, chLatin_m, chLatin_e, chLatin_s, chColon, chLatin_t, chLatin_c, chColon,\r

diff --git a/saml/util/SAMLConstants.h b/saml/util/SAMLConstants.h
index 8ba169f..f40f1ce 100644 (file)
--- a/saml/util/SAMLConstants.h
+++ b/saml/util/SAMLConstants.h
@@ -61,6 +61,9 @@ namespace opensaml {
         \r
         /** SAML 1.x Metadata Profile ID ("urn:oasis:names:tc:SAML:profiles:v1metadata") */\r
         static const XMLCh SAML1_METADATA_PROFILE[];\r
+\r
+        /**  SAML 2.0 Version ("2.0") */\r
+        static const XMLCh SAML20_VERSION[];\r
         \r
         /**  SAML 2.0 Assertion XML namespace ("urn:oasis:names:tc:SAML:2.0:assertion") */\r
         static const XMLCh SAML20_NS[];\r