Common Library Functions and Constants


Modules

 Attribute Data Types
 Access Subject Categories
 Subject Attributes
 Resource Attributes
 Action Attributes
 Environment Attributes
 Obligations
 Request
 Responses

Typedefs

typedef struct
xacml_request_s * 
xacml_request_t
typedef struct
xacml_resource_attribute_s * 
xacml_resource_attribute_t
typedef struct
xacml_response_s * 
xacml_response_t
typedef struct
xacml_obligation_s * 
xacml_obligation_t

Enumerations

enum  saml_status_code_t {
  SAML_STATUS_Success, SAML_STATUS_Requester, SAML_STATUS_Responder, SAML_STATUS_VersionMismatch,
  SAML_STATUS_AuthnFailed, SAML_STATUS_InvalidAttrNameOrValue, SAML_STATUS_InvalidNameIDPolicy, SAML_STATUS_NoAuthnContext,
  SAML_STATUS_NoAvailableIDP, SAML_STATUS_NoPassive, SAML_STATUS_NoSupportedIDP, SAML_STATUS_PartialLogout,
  SAML_STATUS_ProxyCountExceeded, SAML_STATUS_RequestDenied, SAML_STATUS_RequestUnsupported, SAML_STATUS_RequestVersionDeprecated,
  SAML_STATUS_RequestVersionTooHigh, SAML_STATUS_RequestVersionTooLow, SAML_STATUS_ResourceNotRecognized, SAML_STATUS_TooManyResponses,
  SAML_STATUS_UnknownAttrProfile, SAML_STATUS_UnknownPrincipal, SAML_STATUS_UnsupportedBinding
}
enum  xacml_result_t {
  XACML_RESULT_SUCCESS, XACML_RESULT_INVALID_PARAMETER, XACML_RESULT_OBLIGATION_FAILED, XACML_RESULT_SOAP_ERROR,
  XACML_RESULT_INVALID_STATE
}
enum  xacml_status_code_t { XACML_STATUS_ok, XACML_STATUS_missing_attribute, XACML_STATUS_syntax_error, XACML_STATUS_processing_error }
enum  xacml_decision_t { XACML_DECISION_Permit, XACML_DECISION_Deny, XACML_DECISION_Indeterminate, XACML_DECISION_NotApplicable }
enum  xacml_effect_t { XACML_EFFECT_Permit, XACML_EFFECT_Deny }

Functions

xacml_result_t xacml_init (void)

Variables

const char * saml_status_code_strings []
const char * xacml_status_code_strings []

Typedef Documentation

typedef struct xacml_obligation_s* xacml_obligation_t

XACML Obligation Handle

typedef struct xacml_request_s* xacml_request_t

XACML Request Handle

See also:
xacml_request_init(), xacml_request_destroy()

typedef struct xacml_resource_attribute_s* xacml_resource_attribute_t

XACML Resource Attribute

See also:
xacml_resource_attribute_init(), xacml_resource_attribute_destroy()

typedef struct xacml_response_s* xacml_response_t

XACML Response Handle


Enumeration Type Documentation

enum saml_status_code_t

SAML Status Codes

These codes correspond to the values described in the section 3.2.2.2 of the SAML 2.0 Core specification

Enumerator:
SAML_STATUS_Success  The request succeeded.
SAML_STATUS_Requester  The request could not be performed due to an error on the part of the requester.
SAML_STATUS_Responder  The request could not be performed due to an error on the part of the SAML responder or SAML authority.
SAML_STATUS_VersionMismatch  The SAML responder could not process the request because the version of the request message was incorrect.
SAML_STATUS_AuthnFailed  The responding provider was unable to successfully authenticate the principal.
SAML_STATUS_InvalidAttrNameOrValue  Unexpected or invalid content was encountered within a saml:Attribute or saml:AttributeValue element.
SAML_STATUS_InvalidNameIDPolicy  The responding provider cannot or will not support the requested name identifier policy.
SAML_STATUS_NoAuthnContext  The specified authentication context requirements cannot be met by the responder.
SAML_STATUS_NoAvailableIDP  Used by an intermediary to indicate that none of the supported identity provider Loc elements in an IDPList can be resolved or that none of the supported identity providers are available.
SAML_STATUS_NoPassive  Indicates the responding provider cannot authenticate the principal passively, as has been requested.
SAML_STATUS_NoSupportedIDP  Used by an intermediary to indicate that none of the identity providers in an IDPList are supported by the intermediary.
SAML_STATUS_PartialLogout  Used by a session authority to indicate to a session participant that it was not able to propagate logout to all other session participants.
SAML_STATUS_ProxyCountExceeded  Indicates that a responding provider cannot authenticate the principal directly and is not permitted toproxy the request further.
SAML_STATUS_RequestDenied  The SAML responder or SAML authority is able to process the request but has chosen not to respond. This status code MAY be used when there is concern about the security context of the request message or the sequence of request messages received from a particular requester.
SAML_STATUS_RequestUnsupported  The SAML responder or SAML authority does not support the request.
SAML_STATUS_RequestVersionDeprecated  The SAML responder cannot process any requests with the protocol version specified in the request.
SAML_STATUS_RequestVersionTooHigh  The SAML responder cannot process the request because the protocol version specified in the request message is a major upgrade from the highest protocol version supported by the responder.
SAML_STATUS_RequestVersionTooLow  The SAML responder cannot process the request because the protocol version specified in the request message is too low.
SAML_STATUS_ResourceNotRecognized  The resource value provided in the request message is invalid or unrecognized.
SAML_STATUS_TooManyResponses  The response message would contain more elements than the SAML responder is able to return.
SAML_STATUS_UnknownAttrProfile  An entity that has no knowledge of a particular attribute profile has been presented with an attribute drawn from that profile.
SAML_STATUS_UnknownPrincipal  The responding provider does not recognize the principal specified or implied by the request.
SAML_STATUS_UnsupportedBinding  The SAML responder cannot properly fulfill the request using the protocol binding specified in the requerequest.

enum xacml_decision_t

XACML Decisions

These codes correspond to the values described in the section 6.11 of the XACML 2.0 specification

Enumerator:
XACML_DECISION_Permit  The requested access is permitted.
XACML_DECISION_Deny  The requested access is denied.
XACML_DECISION_Indeterminate  The PDP is unable to evaluate the requested access. Reasons for such inability include: missing attributes, network errors while retrieving policies, division by zero during policy evaluation, syntax errors in the decision request or in the policy, etc..
XACML_DECISION_NotApplicable  The PDP does not have any policy that applies to this decision request.

enum xacml_effect_t

XACML Effects

Enumerator:
XACML_EFFECT_Permit  The requested access is permitted.
XACML_EFFECT_Deny  The requested access is denied.

enum xacml_result_t

XCAML API Return Values

Enumerator:
XACML_RESULT_SUCCESS  Success
XACML_RESULT_INVALID_PARAMETER  Invalid parameter
XACML_RESULT_OBLIGATION_FAILED  Obligation could not be processed
XACML_RESULT_SOAP_ERROR  Error processing message
XACML_RESULT_INVALID_STATE  Invalid state

enum xacml_status_code_t

XACML Status Codes

These codes correspond to the values described in the appendix B.9 of the XACML 2.0 specification

Enumerator:
XACML_STATUS_ok  This identifier indicates success.
XACML_STATUS_missing_attribute  This identifier indicates that all the attributes necessary to make a policy decision were not available.
XACML_STATUS_syntax_error  This identifier indicates that some attribute value contained a syntax error, such as a letter in a numeric field.
XACML_STATUS_processing_error  This identifier indicates that an error occurred during policy evaluation. An example would be division by zero.


Function Documentation

xacml_result_t xacml_init ( void   ) 

Initialize the XACML / SAML Library

Applications must call this before calling any other functions in this library.

Return values:
XACML_RESULT_SUCCESS Library initialized successfully.


Variable Documentation

const char* saml_status_code_strings[]

SAML Status Code Strings

The enumeration values in saml_status_code_t can be used as indices into this string array.

const char* xacml_status_code_strings[]

XACML Status Code Strings

The enumeration values in xacml_status_code_t can be used as indices into this string array.