authentik.common.saml.constants
SAML Source processor constants
1"""SAML Source processor constants""" 2 3import xmlsec 4 5NS_SAML_PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol" 6NS_SAML_ASSERTION = "urn:oasis:names:tc:SAML:2.0:assertion" 7NS_SAML_METADATA = "urn:oasis:names:tc:SAML:2.0:metadata" 8NS_SIGNATURE = "http://www.w3.org/2000/09/xmldsig#" 9NS_ENC = "http://www.w3.org/2001/04/xmlenc#" 10 11NS_MAP = { 12 "samlp": NS_SAML_PROTOCOL, 13 "saml": NS_SAML_ASSERTION, 14 "ds": NS_SIGNATURE, 15 "md": NS_SAML_METADATA, 16 "xenc": NS_ENC, 17} 18 19SAML_NAME_ID_FORMAT_EMAIL = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" 20SAML_NAME_ID_FORMAT_PERSISTENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" 21SAML_NAME_ID_FORMAT_UNSPECIFIED = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" 22SAML_NAME_ID_FORMAT_X509 = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" 23SAML_NAME_ID_FORMAT_WINDOWS = "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName" 24SAML_NAME_ID_FORMAT_TRANSIENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" 25 26SAML_ATTRIBUTES_GROUP = "http://schemas.xmlsoap.org/claims/Group" 27 28SAML_BINDING_POST = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 29SAML_BINDING_REDIRECT = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 30 31SAML_STATUS_SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success" 32 33DEFAULT_ISSUER = "authentik" 34 35DSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#dsa-sha1" 36RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1" 37# https://datatracker.ietf.org/doc/html/rfc4051#section-2.3.2 38RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" 39RSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" 40RSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" 41# https://datatracker.ietf.org/doc/html/rfc4051#section-2.3.6 42ECDSA_SHA1 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" 43ECDSA_SHA224 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224" 44ECDSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" 45ECDSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" 46ECDSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" 47 48SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1" 49SHA256 = "http://www.w3.org/2001/04/xmlenc#sha256" 50SHA384 = "http://www.w3.org/2001/04/xmldsig-more#sha384" 51SHA512 = "http://www.w3.org/2001/04/xmlenc#sha512" 52 53SIGN_ALGORITHM_TRANSFORM_MAP = { 54 DSA_SHA1: xmlsec.constants.TransformDsaSha1, 55 RSA_SHA1: xmlsec.constants.TransformRsaSha1, 56 RSA_SHA256: xmlsec.constants.TransformRsaSha256, 57 RSA_SHA384: xmlsec.constants.TransformRsaSha384, 58 RSA_SHA512: xmlsec.constants.TransformRsaSha512, 59 ECDSA_SHA1: xmlsec.constants.TransformEcdsaSha1, 60 ECDSA_SHA224: xmlsec.constants.TransformEcdsaSha224, 61 ECDSA_SHA256: xmlsec.constants.TransformEcdsaSha256, 62 ECDSA_SHA384: xmlsec.constants.TransformEcdsaSha384, 63 ECDSA_SHA512: xmlsec.constants.TransformEcdsaSha512, 64} 65 66DIGEST_ALGORITHM_TRANSLATION_MAP = { 67 SHA1: xmlsec.constants.TransformSha1, 68 SHA256: xmlsec.constants.TransformSha256, 69 SHA384: xmlsec.constants.TransformSha384, 70 SHA512: xmlsec.constants.TransformSha512, 71}
NS_SAML_PROTOCOL =
'urn:oasis:names:tc:SAML:2.0:protocol'
NS_SAML_ASSERTION =
'urn:oasis:names:tc:SAML:2.0:assertion'
NS_SAML_METADATA =
'urn:oasis:names:tc:SAML:2.0:metadata'
NS_SIGNATURE =
'http://www.w3.org/2000/09/xmldsig#'
NS_ENC =
'http://www.w3.org/2001/04/xmlenc#'
NS_MAP =
{'samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', 'saml': 'urn:oasis:names:tc:SAML:2.0:assertion', 'ds': 'http://www.w3.org/2000/09/xmldsig#', 'md': 'urn:oasis:names:tc:SAML:2.0:metadata', 'xenc': 'http://www.w3.org/2001/04/xmlenc#'}
SAML_NAME_ID_FORMAT_EMAIL =
'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
SAML_NAME_ID_FORMAT_PERSISTENT =
'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
SAML_NAME_ID_FORMAT_UNSPECIFIED =
'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'
SAML_NAME_ID_FORMAT_X509 =
'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName'
SAML_NAME_ID_FORMAT_WINDOWS =
'urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName'
SAML_NAME_ID_FORMAT_TRANSIENT =
'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
SAML_ATTRIBUTES_GROUP =
'http://schemas.xmlsoap.org/claims/Group'
SAML_BINDING_POST =
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
SAML_BINDING_REDIRECT =
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
SAML_STATUS_SUCCESS =
'urn:oasis:names:tc:SAML:2.0:status:Success'
DEFAULT_ISSUER =
$POSTGRES_DB
DSA_SHA1 =
'http://www.w3.org/2000/09/xmldsig#dsa-sha1'
RSA_SHA1 =
'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
RSA_SHA256 =
'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
RSA_SHA384 =
'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
RSA_SHA512 =
'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
ECDSA_SHA1 =
'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1'
ECDSA_SHA224 =
'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224'
ECDSA_SHA256 =
'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256'
ECDSA_SHA384 =
'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384'
ECDSA_SHA512 =
'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512'
SHA1 =
'http://www.w3.org/2000/09/xmldsig#sha1'
SHA256 =
'http://www.w3.org/2001/04/xmlenc#sha256'
SHA384 =
'http://www.w3.org/2001/04/xmldsig-more#sha384'
SHA512 =
'http://www.w3.org/2001/04/xmlenc#sha512'
SIGN_ALGORITHM_TRANSFORM_MAP =
{'http://www.w3.org/2000/09/xmldsig#dsa-sha1': __Transform('dsa-sha1', 'http://www.w3.org/2000/09/xmldsig#dsa-sha1', 8), 'http://www.w3.org/2000/09/xmldsig#rsa-sha1': __Transform('rsa-sha1', 'http://www.w3.org/2000/09/xmldsig#rsa-sha1', 8), 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': __Transform('rsa-sha256', 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', 8), 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384': __Transform('rsa-sha384', 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384', 8), 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': __Transform('rsa-sha512', 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512', 8), 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1': __Transform('ecdsa-sha1', 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1', 8), 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224': __Transform('ecdsa-sha224', 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224', 8), 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256': __Transform('ecdsa-sha256', 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256', 8), 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384': __Transform('ecdsa-sha384', 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384', 8), 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512': __Transform('ecdsa-sha512', 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512', 8)}
DIGEST_ALGORITHM_TRANSLATION_MAP =
{'http://www.w3.org/2000/09/xmldsig#sha1': __Transform('sha1', 'http://www.w3.org/2000/09/xmldsig#sha1', 4), 'http://www.w3.org/2001/04/xmlenc#sha256': __Transform('sha256', 'http://www.w3.org/2001/04/xmlenc#sha256', 4), 'http://www.w3.org/2001/04/xmldsig-more#sha384': __Transform('sha384', 'http://www.w3.org/2001/04/xmldsig-more#sha384', 4), 'http://www.w3.org/2001/04/xmlenc#sha512': __Transform('sha512', 'http://www.w3.org/2001/04/xmlenc#sha512', 4)}