authentik.common.saml.constants
SAML Source processor constants
1"""SAML Source processor constants""" 2 3import xmlsec 4 5NS_SAML_PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol" 6NS_SAML_ASSERTION = "urn:oasis:names:tc:SAML:2.0:assertion" 7NS_SAML_METADATA = "urn:oasis:names:tc:SAML:2.0:metadata" 8NS_SIGNATURE = "http://www.w3.org/2000/09/xmldsig#" 9NS_ENC = "http://www.w3.org/2001/04/xmlenc#" 10 11NS_MAP = { 12 "samlp": NS_SAML_PROTOCOL, 13 "saml": NS_SAML_ASSERTION, 14 "ds": NS_SIGNATURE, 15 "md": NS_SAML_METADATA, 16 "xenc": NS_ENC, 17} 18 19SAML_NAME_ID_FORMAT_EMAIL = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" 20SAML_NAME_ID_FORMAT_PERSISTENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" 21SAML_NAME_ID_FORMAT_UNSPECIFIED = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" 22SAML_NAME_ID_FORMAT_X509 = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" 23SAML_NAME_ID_FORMAT_WINDOWS = "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName" 24SAML_NAME_ID_FORMAT_TRANSIENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" 25 26SAML_ATTRIBUTES_GROUP = "http://schemas.xmlsoap.org/claims/Group" 27 28SAML_BINDING_POST = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 29SAML_BINDING_REDIRECT = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 30 31SAML_STATUS_SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success" 32 33DSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#dsa-sha1" 34RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1" 35# https://datatracker.ietf.org/doc/html/rfc4051#section-2.3.2 36RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" 37RSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" 38RSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" 39# https://datatracker.ietf.org/doc/html/rfc4051#section-2.3.6 40ECDSA_SHA1 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" 41ECDSA_SHA224 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224" 42ECDSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" 43ECDSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" 44ECDSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" 45 46SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1" 47SHA256 = "http://www.w3.org/2001/04/xmlenc#sha256" 48SHA384 = "http://www.w3.org/2001/04/xmldsig-more#sha384" 49SHA512 = "http://www.w3.org/2001/04/xmlenc#sha512" 50 51SIGN_ALGORITHM_TRANSFORM_MAP = { 52 DSA_SHA1: xmlsec.constants.TransformDsaSha1, 53 RSA_SHA1: xmlsec.constants.TransformRsaSha1, 54 RSA_SHA256: xmlsec.constants.TransformRsaSha256, 55 RSA_SHA384: xmlsec.constants.TransformRsaSha384, 56 RSA_SHA512: xmlsec.constants.TransformRsaSha512, 57 ECDSA_SHA1: xmlsec.constants.TransformEcdsaSha1, 58 ECDSA_SHA224: xmlsec.constants.TransformEcdsaSha224, 59 ECDSA_SHA256: xmlsec.constants.TransformEcdsaSha256, 60 ECDSA_SHA384: xmlsec.constants.TransformEcdsaSha384, 61 ECDSA_SHA512: xmlsec.constants.TransformEcdsaSha512, 62} 63 64DIGEST_ALGORITHM_TRANSLATION_MAP = { 65 SHA1: xmlsec.constants.TransformSha1, 66 SHA256: xmlsec.constants.TransformSha256, 67 SHA384: xmlsec.constants.TransformSha384, 68 SHA512: xmlsec.constants.TransformSha512, 69}
NS_SAML_PROTOCOL =
'urn:oasis:names:tc:SAML:2.0:protocol'
NS_SAML_ASSERTION =
'urn:oasis:names:tc:SAML:2.0:assertion'
NS_SAML_METADATA =
'urn:oasis:names:tc:SAML:2.0:metadata'
NS_SIGNATURE =
'http://www.w3.org/2000/09/xmldsig#'
NS_ENC =
'http://www.w3.org/2001/04/xmlenc#'
NS_MAP =
{'samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', 'saml': 'urn:oasis:names:tc:SAML:2.0:assertion', 'ds': 'http://www.w3.org/2000/09/xmldsig#', 'md': 'urn:oasis:names:tc:SAML:2.0:metadata', 'xenc': 'http://www.w3.org/2001/04/xmlenc#'}
SAML_NAME_ID_FORMAT_EMAIL =
'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
SAML_NAME_ID_FORMAT_PERSISTENT =
'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
SAML_NAME_ID_FORMAT_UNSPECIFIED =
'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'
SAML_NAME_ID_FORMAT_X509 =
'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName'
SAML_NAME_ID_FORMAT_WINDOWS =
'urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName'
SAML_NAME_ID_FORMAT_TRANSIENT =
'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
SAML_ATTRIBUTES_GROUP =
'http://schemas.xmlsoap.org/claims/Group'
SAML_BINDING_POST =
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
SAML_BINDING_REDIRECT =
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
SAML_STATUS_SUCCESS =
'urn:oasis:names:tc:SAML:2.0:status:Success'
DSA_SHA1 =
'http://www.w3.org/2000/09/xmldsig#dsa-sha1'
RSA_SHA1 =
'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
RSA_SHA256 =
'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
RSA_SHA384 =
'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
RSA_SHA512 =
'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
ECDSA_SHA1 =
'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1'
ECDSA_SHA224 =
'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224'
ECDSA_SHA256 =
'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256'
ECDSA_SHA384 =
'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384'
ECDSA_SHA512 =
'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512'
SHA1 =
'http://www.w3.org/2000/09/xmldsig#sha1'
SHA256 =
'http://www.w3.org/2001/04/xmlenc#sha256'
SHA384 =
'http://www.w3.org/2001/04/xmldsig-more#sha384'
SHA512 =
'http://www.w3.org/2001/04/xmlenc#sha512'
SIGN_ALGORITHM_TRANSFORM_MAP =
{'http://www.w3.org/2000/09/xmldsig#dsa-sha1': __Transform('dsa-sha1', 'http://www.w3.org/2000/09/xmldsig#dsa-sha1', 8), 'http://www.w3.org/2000/09/xmldsig#rsa-sha1': __Transform('rsa-sha1', 'http://www.w3.org/2000/09/xmldsig#rsa-sha1', 8), 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': __Transform('rsa-sha256', 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', 8), 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384': __Transform('rsa-sha384', 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384', 8), 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': __Transform('rsa-sha512', 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512', 8), 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1': __Transform('ecdsa-sha1', 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1', 8), 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224': __Transform('ecdsa-sha224', 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224', 8), 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256': __Transform('ecdsa-sha256', 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256', 8), 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384': __Transform('ecdsa-sha384', 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384', 8), 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512': __Transform('ecdsa-sha512', 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512', 8)}
DIGEST_ALGORITHM_TRANSLATION_MAP =
{'http://www.w3.org/2000/09/xmldsig#sha1': __Transform('sha1', 'http://www.w3.org/2000/09/xmldsig#sha1', 4), 'http://www.w3.org/2001/04/xmlenc#sha256': __Transform('sha256', 'http://www.w3.org/2001/04/xmlenc#sha256', 4), 'http://www.w3.org/2001/04/xmldsig-more#sha384': __Transform('sha384', 'http://www.w3.org/2001/04/xmldsig-more#sha384', 4), 'http://www.w3.org/2001/04/xmlenc#sha512': __Transform('sha512', 'http://www.w3.org/2001/04/xmlenc#sha512', 4)}