|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
namespace SimpleSAML\SAML2; |
|
6
|
|
|
|
|
7
|
|
|
/** |
|
8
|
|
|
* Various SAML 2 constants. |
|
9
|
|
|
* |
|
10
|
|
|
* @package simplesamlphp/saml2 |
|
11
|
|
|
*/ |
|
12
|
|
|
class Constants extends \SimpleSAML\XMLSecurity\Constants |
|
13
|
|
|
{ |
|
14
|
|
|
/** |
|
15
|
|
|
* Password authentication context. |
|
16
|
|
|
*/ |
|
17
|
|
|
public const string AC_PASSWORD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'; |
|
|
|
|
|
|
18
|
|
|
|
|
19
|
|
|
/** |
|
20
|
|
|
* PasswordProtectedTransport authentication context. |
|
21
|
|
|
*/ |
|
22
|
|
|
public const string AC_PASSWORD_PROTECTED_TRANSPORT = |
|
23
|
|
|
'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'; |
|
24
|
|
|
|
|
25
|
|
|
/** |
|
26
|
|
|
* Unspecified authentication context. |
|
27
|
|
|
*/ |
|
28
|
|
|
public const string AC_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified'; |
|
29
|
|
|
|
|
30
|
|
|
/** |
|
31
|
|
|
* Pairwise identifier attribute |
|
32
|
|
|
*/ |
|
33
|
|
|
public const string ATTR_PAIRWISE_ID = 'urn:oasis:names:tc:SAML:attribute:pairwise-id'; |
|
34
|
|
|
|
|
35
|
|
|
/** |
|
36
|
|
|
* Subject identifier attribute |
|
37
|
|
|
*/ |
|
38
|
|
|
public const string ATTR_SUBJECT_ID = 'urn:oasis:names:tc:SAML:attribute:subject-id'; |
|
39
|
|
|
|
|
40
|
|
|
/** |
|
41
|
|
|
* Subject signal attribute |
|
42
|
|
|
*/ |
|
43
|
|
|
public const string PROFILE_SUBJECT_ID_REQ = 'urn:oasis:names:tc:SAML:profiles:subject-id:req'; |
|
44
|
|
|
|
|
45
|
|
|
/** |
|
46
|
|
|
* The URN for the Holder-of-Key Web Browser SSO Profile binding |
|
47
|
|
|
*/ |
|
48
|
|
|
public const string BINDING_HOK_SSO = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser'; |
|
49
|
|
|
|
|
50
|
|
|
/** |
|
51
|
|
|
* The URN for the HTTP-ARTIFACT binding. |
|
52
|
|
|
*/ |
|
53
|
|
|
public const string BINDING_HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact'; |
|
54
|
|
|
|
|
55
|
|
|
/** |
|
56
|
|
|
* The URN for the HTTP-POST binding. |
|
57
|
|
|
*/ |
|
58
|
|
|
public const string BINDING_HTTP_POST = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'; |
|
59
|
|
|
|
|
60
|
|
|
/** |
|
61
|
|
|
* The URN for the HTTP-Redirect binding. |
|
62
|
|
|
*/ |
|
63
|
|
|
public const string BINDING_HTTP_REDIRECT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'; |
|
64
|
|
|
|
|
65
|
|
|
/** |
|
66
|
|
|
* The URN for the DEFLATE url encoding |
|
67
|
|
|
*/ |
|
68
|
|
|
public const string BINDING_HTTP_REDIRECT_DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE'; |
|
69
|
|
|
|
|
70
|
|
|
/* |
|
71
|
|
|
* The URN for the IdP Discovery Protocol binding |
|
72
|
|
|
*/ |
|
73
|
|
|
public const string BINDING_IDPDISC = 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol'; |
|
74
|
|
|
|
|
75
|
|
|
/** |
|
76
|
|
|
* The URN for the PAOS binding. |
|
77
|
|
|
*/ |
|
78
|
|
|
public const string BINDING_PAOS = 'urn:oasis:names:tc:SAML:2.0:bindings:PAOS'; |
|
79
|
|
|
|
|
80
|
|
|
/** |
|
81
|
|
|
* The URN for the SOAP binding. |
|
82
|
|
|
*/ |
|
83
|
|
|
public const string BINDING_SOAP = 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP'; |
|
84
|
|
|
|
|
85
|
|
|
/** |
|
86
|
|
|
* The URN for the URI binding. |
|
87
|
|
|
*/ |
|
88
|
|
|
public const string BINDING_URI = 'urn:oasis:names:tc:SAML:2.0:bindings:URI'; |
|
89
|
|
|
|
|
90
|
|
|
/** |
|
91
|
|
|
* Bearer subject confirmation method. |
|
92
|
|
|
*/ |
|
93
|
|
|
public const string CM_BEARER = 'urn:oasis:names:tc:SAML:2.0:cm:bearer'; |
|
94
|
|
|
|
|
95
|
|
|
/** |
|
96
|
|
|
* Holder-of-Key subject confirmation method. |
|
97
|
|
|
*/ |
|
98
|
|
|
public const string CM_HOK = 'urn:oasis:names:tc:SAML:2.0:cm:holder-of-key'; |
|
99
|
|
|
|
|
100
|
|
|
/** |
|
101
|
|
|
* Vouches subject confirmation method. |
|
102
|
|
|
*/ |
|
103
|
|
|
public const string CM_VOUCHES = 'urn:oasis:names:tc:SAML:2.0:cm:sender-vouches'; |
|
104
|
|
|
|
|
105
|
|
|
/** |
|
106
|
|
|
* Indicates that a principal’s consent has been explicitly obtained by the issuer of the message during the |
|
107
|
|
|
* action that initiated the message. |
|
108
|
|
|
*/ |
|
109
|
|
|
public const string CONSENT_EXPLICIT = 'urn:oasis:names:tc:SAML:2.0:consent:current-explicit'; |
|
110
|
|
|
|
|
111
|
|
|
/** |
|
112
|
|
|
* Indicates that a principal’s consent has been implicitly obtained by the issuer of the message during the |
|
113
|
|
|
* action that initiated the message, as part of a broader indication of consent. |
|
114
|
|
|
* Implicit consent is typically more proximal to the action in time and presentation than prior consent, |
|
115
|
|
|
* such as part of a session of activities. |
|
116
|
|
|
*/ |
|
117
|
|
|
public const string CONSENT_IMPLICIT = 'urn:oasis:names:tc:SAML:2.0:consent:current-implicit'; |
|
118
|
|
|
|
|
119
|
|
|
/** |
|
120
|
|
|
* Indicates that the issuer of the message does not believe that they need to obtain or report consent. |
|
121
|
|
|
*/ |
|
122
|
|
|
public const string CONSENT_INAPPLICABLE = 'urn:oasis:names:tc:SAML:2.0:consent:inapplicable'; |
|
123
|
|
|
|
|
124
|
|
|
/** |
|
125
|
|
|
* Indicates that a principal’s consent has been obtained by the issuer of the message. |
|
126
|
|
|
*/ |
|
127
|
|
|
public const string CONSENT_OBTAINED = 'urn:oasis:names:tc:SAML:2.0:consent:obtained'; |
|
128
|
|
|
|
|
129
|
|
|
/** |
|
130
|
|
|
* Indicates that a principal’s consent has been obtained by the issuer of the message at some point prior to |
|
131
|
|
|
* the action that initiated the message. |
|
132
|
|
|
*/ |
|
133
|
|
|
public const string CONSENT_PRIOR = 'urn:oasis:names:tc:SAML:2.0:consent:prior'; |
|
134
|
|
|
|
|
135
|
|
|
/** |
|
136
|
|
|
* Indicates that the issuer of the message did not obtain consent. |
|
137
|
|
|
*/ |
|
138
|
|
|
public const string CONSENT_UNAVAILABLE = 'urn:oasis:names:tc:SAML:2.0:consent:unavailable'; |
|
139
|
|
|
|
|
140
|
|
|
/** |
|
141
|
|
|
* No claim as to principal consent is being made. |
|
142
|
|
|
*/ |
|
143
|
|
|
public const string CONSENT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:consent:unspecified'; |
|
144
|
|
|
|
|
145
|
|
|
public const string EPTI_URN_MACE = 'urn:mace:dir:attribute-def:eduPersonTargetedID'; |
|
146
|
|
|
|
|
147
|
|
|
public const string EPTI_URN_OID = 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10'; |
|
148
|
|
|
|
|
149
|
|
|
/** |
|
150
|
|
|
* LogoutRequest Reason - admin wishes to terminate the session |
|
151
|
|
|
*/ |
|
152
|
|
|
public const string LOGOUT_REASON_ADMIN = 'urn:oasis:names:tc:SAML:2.0:logout:admin'; |
|
153
|
|
|
|
|
154
|
|
|
/** |
|
155
|
|
|
* LogoutRequest Reason - user wishes to terminate the session |
|
156
|
|
|
*/ |
|
157
|
|
|
public const string LOGOUT_REASON_USER = 'urn:oasis:names:tc:SAML:2.0:logout:user'; |
|
158
|
|
|
|
|
159
|
|
|
/** |
|
160
|
|
|
* The class of strings acceptable as the attribute name MUST be drawn from the set of values belonging to |
|
161
|
|
|
* the primitive type xs:Name as defined in [Schema2] Section 3.3.6. See [SAMLProf] for attribute profiles |
|
162
|
|
|
* that make use of this identifier. |
|
163
|
|
|
*/ |
|
164
|
|
|
public const string NAMEFORMAT_BASIC = 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'; |
|
165
|
|
|
|
|
166
|
|
|
/** |
|
167
|
|
|
* The interpretation of the attribute name is left to individual implementations. |
|
168
|
|
|
*/ |
|
169
|
|
|
public const string NAMEFORMAT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified'; |
|
170
|
|
|
|
|
171
|
|
|
/** |
|
172
|
|
|
* The attribute name follows the convention for URI references [RFC 2396], for example as used in XACML |
|
173
|
|
|
* [XACML] attribute identifiers. The interpretation of the URI content or naming scheme is application- |
|
174
|
|
|
* specific. See [SAMLProf] for attribute profiles that make use of this identifier. |
|
175
|
|
|
*/ |
|
176
|
|
|
public const string NAMEFORMAT_URI = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'; |
|
177
|
|
|
|
|
178
|
|
|
/** |
|
179
|
|
|
* Email address NameID format. |
|
180
|
|
|
*/ |
|
181
|
|
|
public const string NAMEID_EMAIL_ADDRESS = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'; |
|
182
|
|
|
|
|
183
|
|
|
/** |
|
184
|
|
|
* Encrypted NameID format. |
|
185
|
|
|
*/ |
|
186
|
|
|
public const string NAMEID_ENCRYPTED = 'urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted'; |
|
187
|
|
|
|
|
188
|
|
|
/** |
|
189
|
|
|
* Entity NameID format. |
|
190
|
|
|
*/ |
|
191
|
|
|
public const string NAMEID_ENTITY = 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'; |
|
192
|
|
|
|
|
193
|
|
|
/** |
|
194
|
|
|
* Kerberos Principal Name NameID format. |
|
195
|
|
|
*/ |
|
196
|
|
|
public const string NAMEID_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos'; |
|
197
|
|
|
|
|
198
|
|
|
/** |
|
199
|
|
|
* Persistent NameID format. |
|
200
|
|
|
*/ |
|
201
|
|
|
public const string NAMEID_PERSISTENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'; |
|
202
|
|
|
|
|
203
|
|
|
/** |
|
204
|
|
|
* Transient NameID format. |
|
205
|
|
|
*/ |
|
206
|
|
|
public const string NAMEID_TRANSIENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'; |
|
207
|
|
|
|
|
208
|
|
|
/** |
|
209
|
|
|
* Unspecified NameID format. |
|
210
|
|
|
*/ |
|
211
|
|
|
public const string NAMEID_UNSPECIFIED = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'; |
|
212
|
|
|
|
|
213
|
|
|
/** |
|
214
|
|
|
* Windows Domain Qualifier Name NameID format. |
|
215
|
|
|
*/ |
|
216
|
|
|
public const string NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME = |
|
217
|
|
|
'urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName'; |
|
218
|
|
|
|
|
219
|
|
|
/** |
|
220
|
|
|
* X509 Subject Name NameID format. |
|
221
|
|
|
*/ |
|
222
|
|
|
public const string NAMEID_X509_SUBJECT_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName'; |
|
223
|
|
|
|
|
224
|
|
|
/** |
|
225
|
|
|
* The namespace for the SAML 2 metadata Algorithm Support profile |
|
226
|
|
|
*/ |
|
227
|
|
|
public const string NS_ALG = 'urn:oasis:names:tc:SAML:metadata:algsupport'; |
|
228
|
|
|
|
|
229
|
|
|
/** |
|
230
|
|
|
* The namespace for the ECP protocol. |
|
231
|
|
|
*/ |
|
232
|
|
|
public const string NS_ECP = 'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp'; |
|
233
|
|
|
|
|
234
|
|
|
/** |
|
235
|
|
|
* The namespace for the EduID metadata protocol. |
|
236
|
|
|
*/ |
|
237
|
|
|
public const string NS_EMD = 'http://eduid.cz/schema/metadata/1.0'; |
|
238
|
|
|
|
|
239
|
|
|
/** |
|
240
|
|
|
* The namespace for the SAML 2 HoK Web Browser SSO Profile. |
|
241
|
|
|
*/ |
|
242
|
|
|
public const string NS_HOK = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser'; |
|
243
|
|
|
|
|
244
|
|
|
/** |
|
245
|
|
|
* The namespace for the SAML 2 metadata. |
|
246
|
|
|
*/ |
|
247
|
|
|
public const string NS_MD = 'urn:oasis:names:tc:SAML:2.0:metadata'; |
|
248
|
|
|
|
|
249
|
|
|
/** |
|
250
|
|
|
* The namespace for the SAML 2 Metadata Extensions for Registration and Publication Information. |
|
251
|
|
|
*/ |
|
252
|
|
|
public const string NS_MDRPI = 'urn:oasis:names:tc:SAML:metadata:rpi'; |
|
253
|
|
|
|
|
254
|
|
|
/** |
|
255
|
|
|
* The namespace for the SAML 2 Metadata Extensions for Login and Discovery User Interface Version. |
|
256
|
|
|
*/ |
|
257
|
|
|
public const string NS_MDUI = 'urn:oasis:names:tc:SAML:metadata:ui'; |
|
258
|
|
|
|
|
259
|
|
|
/** |
|
260
|
|
|
* The namespace for the SAML 2 metadata attributes. |
|
261
|
|
|
*/ |
|
262
|
|
|
public const string NS_MDATTR = 'urn:oasis:names:tc:SAML:metadata:attribute'; |
|
263
|
|
|
|
|
264
|
|
|
/** |
|
265
|
|
|
* The namespace for the Shibboleth Metadata profile. |
|
266
|
|
|
*/ |
|
267
|
|
|
public const string NS_SHIBMD = 'urn:mace:shibboleth:metadata:1.0'; |
|
268
|
|
|
|
|
269
|
|
|
/** |
|
270
|
|
|
* The namespace for the SAML 2 assertions. |
|
271
|
|
|
*/ |
|
272
|
|
|
public const string NS_SAML = 'urn:oasis:names:tc:SAML:2.0:assertion'; |
|
273
|
|
|
|
|
274
|
|
|
/** |
|
275
|
|
|
* The namespace for the SAML 2 protocol. |
|
276
|
|
|
*/ |
|
277
|
|
|
public const string NS_SAMLP = 'urn:oasis:names:tc:SAML:2.0:protocol'; |
|
278
|
|
|
|
|
279
|
|
|
/** |
|
280
|
|
|
* The namespace for the SOAP protocol. |
|
281
|
|
|
*/ |
|
282
|
|
|
public const string NS_SOAP = 'http://schemas.xmlsoap.org/soap/envelope/'; |
|
283
|
|
|
|
|
284
|
|
|
/** |
|
285
|
|
|
* The namespace for the IDP Discovery protocol |
|
286
|
|
|
*/ |
|
287
|
|
|
public const string NS_IDPDISC = 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol'; |
|
288
|
|
|
|
|
289
|
|
|
/** |
|
290
|
|
|
* The responding provider was unable to successfully authenticate the principal. |
|
291
|
|
|
* |
|
292
|
|
|
* Second-level status code. |
|
293
|
|
|
*/ |
|
294
|
|
|
public const string STATUS_AUTHN_FAILED = 'urn:oasis:names:tc:SAML:2.0:status:AuthnFailed'; |
|
295
|
|
|
|
|
296
|
|
|
/** |
|
297
|
|
|
* Unexpected or invalid content was encountered within a <saml:Attribute> or <saml:AttributeValue> element. |
|
298
|
|
|
* |
|
299
|
|
|
* Second-level status code. |
|
300
|
|
|
*/ |
|
301
|
|
|
public const string STATUS_INVALID_ATTR = 'urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue'; |
|
302
|
|
|
|
|
303
|
|
|
/** |
|
304
|
|
|
* The responding provider cannot or will not support the requested name identifier policy. |
|
305
|
|
|
* |
|
306
|
|
|
* Second-level status code. |
|
307
|
|
|
*/ |
|
308
|
|
|
public const string STATUS_INVALID_NAMEID_POLICY = 'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy'; |
|
309
|
|
|
|
|
310
|
|
|
/** |
|
311
|
|
|
* The specified authentication context requirements cannot be met by the responder. |
|
312
|
|
|
* |
|
313
|
|
|
* Second-level status code. |
|
314
|
|
|
*/ |
|
315
|
|
|
public const string STATUS_NO_AUTHN_CONTEXT = 'urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext'; |
|
316
|
|
|
|
|
317
|
|
|
/** |
|
318
|
|
|
* Used by an intermediary to indicate that none of the supported identity provider <Loc> elements in an |
|
319
|
|
|
* <IDPList> can be resolved or that none of the supported identity providers are available. |
|
320
|
|
|
* |
|
321
|
|
|
* Second-level status code. |
|
322
|
|
|
*/ |
|
323
|
|
|
public const string STATUS_NO_AVAILABLE_IDP = 'urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP'; |
|
324
|
|
|
|
|
325
|
|
|
/** |
|
326
|
|
|
* Indicates the responding provider cannot authenticate the principal passively, as has been requested. |
|
327
|
|
|
* |
|
328
|
|
|
* Second-level status code. |
|
329
|
|
|
*/ |
|
330
|
|
|
public const string STATUS_NO_PASSIVE = 'urn:oasis:names:tc:SAML:2.0:status:NoPassive'; |
|
331
|
|
|
|
|
332
|
|
|
/** |
|
333
|
|
|
* Used by an intermediary to indicate that none of the identity providers in an <IDPList> are |
|
334
|
|
|
* supported by the intermediary. |
|
335
|
|
|
* |
|
336
|
|
|
* Second-level status code. |
|
337
|
|
|
*/ |
|
338
|
|
|
public const string STATUS_NO_SUPPORTED_IDP = 'urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP'; |
|
339
|
|
|
|
|
340
|
|
|
/** |
|
341
|
|
|
* Used by a session authority to indicate to a session participant that it was not able to propagate logout |
|
342
|
|
|
* to all other session participants. |
|
343
|
|
|
* |
|
344
|
|
|
* Second-level status code. |
|
345
|
|
|
*/ |
|
346
|
|
|
public const string STATUS_PARTIAL_LOGOUT = 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout'; |
|
347
|
|
|
|
|
348
|
|
|
/** |
|
349
|
|
|
* The status namespace |
|
350
|
|
|
*/ |
|
351
|
|
|
public const string STATUS_PREFIX = 'urn:oasis:names:tc:SAML:2.0:status:'; |
|
352
|
|
|
|
|
353
|
|
|
/** |
|
354
|
|
|
* Indicates that a responding provider cannot authenticate the principal directly and is not permitted |
|
355
|
|
|
* to proxy the request further. |
|
356
|
|
|
* |
|
357
|
|
|
* Second-level status code. |
|
358
|
|
|
*/ |
|
359
|
|
|
public const string STATUS_PROXY_COUNT_EXCEEDED = 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded'; |
|
360
|
|
|
|
|
361
|
|
|
/** |
|
362
|
|
|
* The SAML responder or SAML authority is able to process the request but has chosen not to respond. |
|
363
|
|
|
* This status code MAY be used when there is concern about the security context of the request message or |
|
364
|
|
|
* the sequence of request messages received from a particular requester. |
|
365
|
|
|
* |
|
366
|
|
|
* Second-level status code. |
|
367
|
|
|
*/ |
|
368
|
|
|
public const string STATUS_REQUEST_DENIED = 'urn:oasis:names:tc:SAML:2.0:status:RequestDenied'; |
|
369
|
|
|
|
|
370
|
|
|
/** |
|
371
|
|
|
* The SAML responder or SAML authority does not support the request. |
|
372
|
|
|
* |
|
373
|
|
|
* Second-level status code. |
|
374
|
|
|
*/ |
|
375
|
|
|
public const string STATUS_REQUEST_UNSUPPORTED = 'urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported'; |
|
376
|
|
|
|
|
377
|
|
|
/** |
|
378
|
|
|
* The SAML responder cannot process any requests with the protocol version specified in the request. |
|
379
|
|
|
* |
|
380
|
|
|
* Second-level status code. |
|
381
|
|
|
*/ |
|
382
|
|
|
public const string STATUS_REQUEST_VERSION_DEPRECATED = |
|
383
|
|
|
'urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated'; |
|
384
|
|
|
|
|
385
|
|
|
/** |
|
386
|
|
|
* The SAML responder cannot process the request because the protocol version specified in the request message |
|
387
|
|
|
* is a major upgrade from the highest protocol version supported by the responder. |
|
388
|
|
|
* |
|
389
|
|
|
* Second-level status code. |
|
390
|
|
|
*/ |
|
391
|
|
|
public const string STATUS_REQUEST_VERSION_TOO_HIGH = 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh'; |
|
392
|
|
|
|
|
393
|
|
|
/** |
|
394
|
|
|
* The SAML responder cannot process the request because the protocol version specified in the request message |
|
395
|
|
|
* is too low. |
|
396
|
|
|
* |
|
397
|
|
|
* Second-level status code. |
|
398
|
|
|
*/ |
|
399
|
|
|
public const string STATUS_REQUEST_VERSION_TOO_LOW = 'urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow'; |
|
400
|
|
|
|
|
401
|
|
|
/** |
|
402
|
|
|
* The request could not be performed due to an error on the part of the requester. |
|
403
|
|
|
* |
|
404
|
|
|
* Top-level status code. |
|
405
|
|
|
*/ |
|
406
|
|
|
public const string STATUS_REQUESTER = 'urn:oasis:names:tc:SAML:2.0:status:Requester'; |
|
407
|
|
|
|
|
408
|
|
|
/** |
|
409
|
|
|
* The resource value provided in the request message is invalid or unrecognized. |
|
410
|
|
|
* |
|
411
|
|
|
* Second-level status code. |
|
412
|
|
|
*/ |
|
413
|
|
|
public const string STATUS_RESOURCE_NOT_RECOGNIZED = 'urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized'; |
|
414
|
|
|
|
|
415
|
|
|
/** |
|
416
|
|
|
* The request could not be performed due to an error on the part of the SAML responder or SAML authority. |
|
417
|
|
|
* |
|
418
|
|
|
* Top-level status code. |
|
419
|
|
|
*/ |
|
420
|
|
|
public const string STATUS_RESPONDER = 'urn:oasis:names:tc:SAML:2.0:status:Responder'; |
|
421
|
|
|
|
|
422
|
|
|
/** |
|
423
|
|
|
* Top-level status code indicating successful processing of the request. |
|
424
|
|
|
* The request succeeded. Additional information MAY be returned in the <StatusMessage> |
|
425
|
|
|
* and/or <StatusDetail> elements. |
|
426
|
|
|
* |
|
427
|
|
|
* Top-level status code. |
|
428
|
|
|
*/ |
|
429
|
|
|
public const string STATUS_SUCCESS = 'urn:oasis:names:tc:SAML:2.0:status:Success'; |
|
430
|
|
|
|
|
431
|
|
|
/** |
|
432
|
|
|
* The response message would contain more elements than the SAML responder is able to return. |
|
433
|
|
|
* |
|
434
|
|
|
* Second-level status code. |
|
435
|
|
|
*/ |
|
436
|
|
|
public const string STATUS_TOO_MANY_RESPONSES = 'urn:oasis:names:tc:SAML:2.0:status:TooManyResponses'; |
|
437
|
|
|
|
|
438
|
|
|
/** |
|
439
|
|
|
* An entity that has no knowledge of a particular attribute profile has been presented with an attribute |
|
440
|
|
|
* drawn from that profile. |
|
441
|
|
|
* |
|
442
|
|
|
* Second-level status code. |
|
443
|
|
|
*/ |
|
444
|
|
|
public const string STATUS_UNKNOWN_ATTR_PROFILE = 'urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile'; |
|
445
|
|
|
|
|
446
|
|
|
/** |
|
447
|
|
|
* The responding provider does not recognize the principal specified or implied by the request. |
|
448
|
|
|
* |
|
449
|
|
|
* Second-level status code. |
|
450
|
|
|
*/ |
|
451
|
|
|
public const string STATUS_UNKNOWN_PRINCIPAL = 'urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal'; |
|
452
|
|
|
|
|
453
|
|
|
/** |
|
454
|
|
|
* The SAML responder cannot properly fulfill the request using the protocol binding specified in the request. |
|
455
|
|
|
* |
|
456
|
|
|
* Second-level status code. |
|
457
|
|
|
*/ |
|
458
|
|
|
public const string STATUS_UNSUPPORTED_BINDING = 'urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding'; |
|
459
|
|
|
|
|
460
|
|
|
/** |
|
461
|
|
|
* The SAML responder could not process the request because the version of the request message was incorrect. |
|
462
|
|
|
* |
|
463
|
|
|
* Top-level status code. |
|
464
|
|
|
*/ |
|
465
|
|
|
public const string STATUS_VERSION_MISMATCH = 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch'; |
|
466
|
|
|
|
|
467
|
|
|
/** |
|
468
|
|
|
* The maximum size for any entityid as per specification |
|
469
|
|
|
*/ |
|
470
|
|
|
public const int ENTITYID_MAX_LENGTH = 1024; |
|
471
|
|
|
|
|
472
|
|
|
/** |
|
473
|
|
|
* The maximum size in bytes for any RelayState as per specification |
|
474
|
|
|
*/ |
|
475
|
|
|
public const int MAX_RELAY_STATE_LENGTH = 80; |
|
476
|
|
|
|
|
477
|
|
|
/** |
|
478
|
|
|
* The maximum size for any entityid as per SAML2INT-specification |
|
479
|
|
|
*/ |
|
480
|
|
|
public const int SAML2INT_ENTITYID_MAX_LENGTH = 256; |
|
481
|
|
|
|
|
482
|
|
|
/** |
|
483
|
|
|
* The format to express a timestamp in SAML2 |
|
484
|
|
|
*/ |
|
485
|
|
|
public const string DATETIME_FORMAT = 'Y-m-d\\TH:i:sp'; |
|
486
|
|
|
} |
|
487
|
|
|
|
simplesamlphp /
saml2
Tim van Dijen
Loading history...