1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
|
//-----------------------------------------------------------------------
// <copyright file="Saml2Constants.cs" company="Microsoft">
// Copyright (c) Microsoft Corporation. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace System.IdentityModel.Tokens
{
using System;
/// <summary>
/// Contains constants related to SAML2.
/// </summary>
internal static class Saml2Constants
{
#pragma warning disable 1591
public const string Prefix = "saml";
public const string Namespace = "urn:oasis:names:tc:SAML:2.0:assertion";
internal static class ActionNamespaces
{
/// <summary>
/// Read/Write/Execute/Delete/Control [Saml2Core, 8.1.1]
/// </summary>
public static readonly Uri Rwedc = new Uri(RwedcString);
/// <summary>
/// Read/Write/Execute/Delete/Control with Negation [Saml2Core, 8.1.2]
/// </summary>
public static readonly Uri RwedcNegation = new Uri(RwedcNegationString);
/// <summary>
/// Get/Head/Put/Post [Saml2Core, 8.1.3]
/// </summary>
public static readonly Uri Ghpp = new Uri(GhppString);
/// <summary>
/// UNIX file permissions [Saml2Core, 8.1.4]
/// </summary>
public static readonly Uri Unix = new Uri(UnixString);
public const string RwedcString = "urn:oasis:names:tc:SAML:1.0:action:rwedc";
public const string RwedcNegationString = "urn:oasis:names:tc:SAML:1.0:action:rwedc-negation";
public const string GhppString = "urn:oasis:names:tc:SAML:1.0:action:ghpp";
public const string UnixString = "urn:oasis:names:tc:SAML:1.0:action:unix";
}
internal static class Attributes
{
public const string Address = "Address";
public const string AuthnInstant = "AuthnInstant";
public const string Count = "Count";
public const string Decision = "Decision";
public const string DNSName = "DNSName";
public const string Format = "Format";
public const string FriendlyName = "FriendlyName";
public const string ID = "ID";
public const string InResponseTo = "InResponseTo";
public const string IssueInstant = "IssueInstant";
public const string Method = "Method";
public const string Name = "Name";
public const string NameFormat = "NameFormat";
public const string NameQualifier = "NameQualifier";
public const string Namespace = "Namespace";
public const string NotBefore = "NotBefore";
public const string NotOnOrAfter = "NotOnOrAfter";
public const string OriginalIssuer = "OriginalIssuer";
public const string Recipient = "Recipient";
public const string Resource = "Resource";
public const string SessionIndex = "SessionIndex";
public const string SessionNotOnOrAfter = "SessionNotOnOrAfter";
public const string SPNameQualifier = "SPNameQualifier";
public const string SPProvidedID = "SPProvidedID";
public const string Version = "Version";
}
internal static class AuthenticationContextClasses
{
// [Saml2AuthnContext, 3.4.1]
public static readonly Uri InternetProtocol = new Uri(InternetProtocolString);
// [Saml2AuthnContext, 3.4.2]
public static readonly Uri InternetProtocolPassword = new Uri(InternetProtocolPasswordString);
// [Saml2AuthnContext, 3.4.3]
public static readonly Uri Kerberos = new Uri(KerberosString);
// [Saml2AuthnContext, 3.4.4]
public static readonly Uri MobileOneFactorUnregistered = new Uri(MobileOneFactorUnregisteredString);
// [Saml2AuthnContext, 3.4.5]
public static readonly Uri MobileTwoFactorUnregistered = new Uri(MobileTwoFactorUnregisteredString);
// [Saml2AuthnContext, 3.4.6]
public static readonly Uri MobileOneFactorContract = new Uri(MobileOneFactorContractString);
// [Saml2AuthnContext, 3.4.7]
public static readonly Uri MobileTwoFactorContract = new Uri(MobileTwoFactorContractString);
// [Saml2AuthnContext, 3.4.8]
public static readonly Uri Password = new Uri(PasswordString);
// [Saml2AuthnContext, 3.4.9]
public static readonly Uri PasswordProtectedTransport = new Uri(PasswordProtectedTransportString);
// [Saml2AuthnContext, 3.4.10]
public static readonly Uri PreviousSession = new Uri(PreviousSessionString);
// [Saml2AuthnContext, 3.4.11]
public static readonly Uri X509 = new Uri(X509String);
// [Saml2AuthnContext, 3.4.12]
public static readonly Uri Pgp = new Uri(PgpString);
// [Saml2AuthnContext, 3.4.13]
public static readonly Uri Spki = new Uri(SpkiString);
// [Saml2AuthnContext, 3.4.14]
public static readonly Uri XmlDSig = new Uri(XmlDsigString);
// [Saml2AuthnContext, 3.4.15]
public static readonly Uri Smartcard = new Uri(SmartcardString);
// [Saml2AuthnContext, 3.4.16]
public static readonly Uri SmartcardPki = new Uri(SmartcardPkiString);
// [Saml2AuthnContext, 3.4.17]
public static readonly Uri SoftwarePki = new Uri(SoftwarePkiString);
// [Saml2AuthnContext, 3.4.18]
public static readonly Uri Telephony = new Uri(TelephonyString);
// [Saml2AuthnContext, 3.4.19]
public static readonly Uri NomadTelephony = new Uri(NomadTelephonyString);
// [Saml2AuthnContext, 3.4.20]
public static readonly Uri PersonalTelephony = new Uri(PersonalTelephonyString);
// [Saml2AuthnContext, 3.4.21]
public static readonly Uri AuthenticatedTelephony = new Uri(AuthenticatedTelephonyString);
// [Saml2AuthnContext, 3.4.22]
public static readonly Uri SecureRemotePassword = new Uri(SecureRemotePasswordString);
// [Saml2AuthnContext, 3.4.23]
public static readonly Uri TlsClient = new Uri(TlsClientString);
// [Saml2AuthnContext, 3.4.24]
public static readonly Uri TimeSyncToken = new Uri(TimeSyncTokenString);
// [Saml2AuthnContext, 3.4.25]
public static readonly Uri Unspecified = new Uri(UnspecifiedString);
public const string InternetProtocolString = "urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol";
public const string InternetProtocolPasswordString = "urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword";
public const string KerberosString = "urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos";
public const string MobileOneFactorUnregisteredString = "urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered";
public const string MobileTwoFactorUnregisteredString = "urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered";
public const string MobileOneFactorContractString = "urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract";
public const string MobileTwoFactorContractString = "urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract";
public const string PasswordString = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password";
public const string PasswordProtectedTransportString = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport";
public const string PreviousSessionString = "urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession";
public const string X509String = "urn:oasis:names:tc:SAML:2.0:ac:classes:X509";
public const string PgpString = "urn:oasis:names:tc:SAML:2.0:ac:classes:PGP";
public const string SpkiString = "urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI";
public const string XmlDsigString = "urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig";
public const string SecureRempotePasswordString = "urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword";
public const string SmartcardString = "urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard";
public const string SmartcardPkiString = "urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI";
public const string SoftwarePkiString = "urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI";
public const string TelephonyString = "urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony";
public const string NomadTelephonyString = "urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony";
public const string PersonalTelephonyString = "urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalTelephony";
public const string AuthenticatedTelephonyString = "urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony";
public const string SecureRemotePasswordString = "urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword";
public const string TlsClientString = "urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient";
public const string TimeSyncTokenString = "urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken";
public const string UnspecifiedString = "urn:oasis:names:tc:SAML:2.0:ac:classes:Unspecified";
public const string WindowsString = "urn:federation:authentication:windows";
}
internal static class ConfirmationMethods
{
public const string BearerString = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
public const string HolderOfKeyString = "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
public const string SenderVouchesString = "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches";
/// <summary>
/// The subject of the assertion is the bearer of the assertion. [Saml2Prof, 3.3]
/// </summary>
public static readonly Uri Bearer = new Uri(BearerString);
/// <summary>
/// The holder of a specified key is considered to be the subject of the assertion
/// by the asserting party. [Saml2Prof, 3.1]
/// </summary>
public static readonly Uri HolderOfKey = new Uri(HolderOfKeyString);
/// <summary>
/// Indicates that no other information is available about the context of use of the
/// assertion. [Saml2Prof, 3.2]
/// </summary>
public static readonly Uri SenderVouches = new Uri(SenderVouchesString);
}
internal static class Elements
{
public const string Action = "Action";
public const string Advice = "Advice";
public const string Assertion = "Assertion";
public const string AssertionIDRef = "AssertionIDRef";
public const string AssertionURIRef = "AssertionURIRef";
public const string Attribute = "Attribute";
public const string AttributeStatement = "AttributeStatement";
public const string AttributeValue = "AttributeValue";
public const string Audience = "Audience";
public const string AudienceRestriction = "AudienceRestriction";
public const string AuthenticatingAuthority = "AuthenticatingAuthority";
public const string AuthnContext = "AuthnContext";
public const string AuthnContextClassRef = "AuthnContextClassRef";
public const string AuthnContextDecl = "AuthnContextDecl";
public const string AuthnContextDeclRef = "AuthnContextDeclRef";
public const string AuthnStatement = "AuthnStatement";
public const string AuthzDecisionStatement = "AuthzDecisionStatement";
public const string BaseID = "BaseID";
public const string Condition = "Condition";
public const string Conditions = "Conditions";
public const string EncryptedAssertion = "EncryptedAssertion";
public const string EncryptedAttribute = "EncryptedAttribute";
public const string EncryptedID = "EncryptedID";
public const string Evidence = "Evidence";
public const string Issuer = "Issuer";
public const string NameID = "NameID";
public const string OneTimeUse = "OneTimeUse";
public const string ProxyRestricton = "ProxyRestriction";
public const string Statement = "Statement";
public const string Subject = "Subject";
public const string SubjectConfirmation = "SubjectConfirmation";
public const string SubjectConfirmationData = "SubjectConfirmationData";
public const string SubjectLocality = "SubjectLocality";
}
/// <summary>
/// These identifiers MAY be used in the Format attribute of the NameID,
/// NameIDPolicy, or Issuer elements to refer to common formats for the
/// content of the elements and the associated processing rules, if any.
/// [Saml2Core, 8.3]
/// </summary>
internal static class NameIdentifierFormats
{
/// <summary>
/// The interpretation of the content of the element is left to
/// individual implementations. [Saml2Core, 8.3.1]
/// </summary>
public static readonly Uri Unspecified = new Uri(UnspecifiedString);
/// <summary>
/// Indicates that the content of the element is in the form of an
/// email address, specifically "addr-spec" as defined in
/// [RFC 2822, 3.4.1]. [Saml2Core, 8.3.2]
/// </summary>
public static readonly Uri EmailAddress = new Uri(EmailAddressString);
/// <summary>
/// Indicates that the content of the element is in the form specified
/// for the contents of the X509SubjectName element from [XMLSig].
/// [Saml2Core, 8.3.3]
/// </summary>
public static readonly Uri X509SubjectName = new Uri(X509SubjectNameString);
/// <summary>
/// Indicates that the content of the element is a Windows domain
/// qualified name. [Saml2Core, 8.3.4]
/// </summary>
public static readonly Uri WindowsDomainQualifiedName = new Uri(WindowsDomainQualifiedNameString);
/// <summary>
/// Indicates that the content of the element is in the form of a
/// Kerberos principal name using the format name[/instance]@REALM.
/// [Saml2Core, 8.3.5]
/// </summary>
public static readonly Uri Kerberos = new Uri(KerberosString);
/// <summary>
/// Indicates that the content of the element is a URI identifying an
/// entity that provides SAML-based services (such as a SAML authority,
/// requester, or responder) or is a participant in SAML profiles (such
/// as a service provider supporting the browser SSO profile).
/// [Saml2Core, 8.3.6]
/// </summary>
public static readonly Uri Entity = new Uri(EntityString);
/// <summary>
/// Indicates that the content of the element is a persistent opaque
/// identifier for a principal that is specific to an identity provider
/// and a service provider or affiliation of service providers.
/// [Saml2Core, 8.3.7] (See also for many restrictions on the data.)
/// </summary>
public static readonly Uri Persistent = new Uri(PersistentString);
/// <summary>
/// Indicates that the content of the element is an identifier with
/// transient semantics and SHOULD be treated as an opaque and
/// temporary value by the relying party. [Saml2Core, 8.3.8]
/// </summary>
public static readonly Uri Transient = new Uri(TransientString);
/// <summary>
/// When included in the Format attribute of the NameIDPolicy attribute,
/// requests that the resulting identifier be encrypted. [Saml2Core, 3.4.1.1]
/// </summary>
public static readonly Uri Encrypted = new Uri(EncryptedString);
public const string UnspecifiedString = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
public const string EmailAddressString = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
public const string X509SubjectNameString = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName";
public const string WindowsDomainQualifiedNameString = "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName";
public const string KerberosString = "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos";
public const string EntityString = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity";
public const string PersistentString = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
public const string TransientString = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient";
public const string EncryptedString = "urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted";
}
internal static class Types
{
public const string ActionType = "ActionType";
public const string AdviceType = "AdviceType";
public const string AssertionType = "AssertionType";
public const string AttributeStatementType = "AttributeStatementType";
public const string AttributeType = "AttributeType";
public const string AudienceRestrictionType = "AudienceRestrictionType";
public const string AuthnContextType = "AuthnContextType";
public const string AuthnStatementType = "AuthnStatementType";
public const string AuthzDecisionStatementType = "AuthzDecisionStatementType";
public const string BaseIDAbstractType = "BaseIDAbstractType";
public const string ConditionAbstractType = "ConditionAbstractType";
public const string ConditionsType = "ConditionsType";
public const string EncryptedElementType = "EncryptedElementType";
public const string EvidenceType = "EvidenceType";
public const string KeyInfoConfirmationDataType = "KeyInfoConfirmationDataType";
public const string NameIDType = "NameIDType";
public const string OneTimeUseType = "OneTimeUseType";
public const string ProxyRestrictionType = "ProxyRestrictionType";
public const string SubjectType = "SubjectType";
public const string SubjectConfirmationDataType = "SubjectConfirmationDataType";
public const string SubjectConfirmationType = "SubjectConfirmationType";
public const string SubjectLocalityType = "SubjectLocalityType";
public const string StatementAbstractType = "StatementAbstractType";
}
#pragma warning restore 1591
}
}
|
