Package org.springframework.security.saml2.core

Class Saml2ErrorCodes

java.lang.Object
org.springframework.security.saml2.core.Saml2ErrorCodes
public final class Saml2ErrorCodes extends Object
A list of SAML known 2 error codes used during SAML authentication.
Since:
5.2

  • Field Details

    • UNKNOWN_RESPONSE_CLASS

      public static final String UNKNOWN_RESPONSE_CLASS
      SAML Data does not represent a SAML 2 Response object. A valid XML object was received, but that object was not a SAML 2 Response object of type ResponseType per specification https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=46
      See Also:

    • MALFORMED_REQUEST_DATA

      public static final String MALFORMED_REQUEST_DATA
      The serialized AuthNRequest could not be deserialized correctly.
      Since:
      5.7
      See Also:

    • MALFORMED_RESPONSE_DATA

      public static final String MALFORMED_RESPONSE_DATA
      The response data is malformed or incomplete. An invalid XML object was received, and XML unmarshalling failed.
      See Also:

    • INVALID_REQUEST

      public static final String INVALID_REQUEST
      Request is invalid in a general way.
      Since:
      5.6
      See Also:

    • INVALID_RESPONSE

      public static final String INVALID_RESPONSE
      Response is invalid in a general way.
      Since:
      5.5
      See Also:

    • INVALID_DESTINATION

      public static final String INVALID_DESTINATION
      Response destination does not match the request URL. A SAML 2 response object was received at a URL that did not match the URL stored in the {code Destination} attribute in the Response object. https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=38
      See Also:

    • INVALID_ASSERTION

      public static final String INVALID_ASSERTION
      The assertion was not valid. The assertion used for authentication failed validation. Details around the failure will be present in the error description.
      See Also:

    • INVALID_SIGNATURE

      public static final String INVALID_SIGNATURE
      The signature of response or assertion was invalid. Either the response or the assertion was missing a signature or the signature could not be verified using the system's configured credentials. Most commonly the IDP's X509 certificate.
      See Also:

    • SUBJECT_NOT_FOUND

      public static final String SUBJECT_NOT_FOUND
      The assertion did not contain a subject element. The subject element, type SubjectType, contains a NameID or an EncryptedID that is used to assign the authenticated principal an identifier, typically a username. https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18
      See Also:

    • USERNAME_NOT_FOUND

      public static final String USERNAME_NOT_FOUND
      The subject did not contain a user identifier The assertion contained a subject element, but the subject element did not have a NameID or EncryptedID element https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18
      See Also:

    • DECRYPTION_ERROR

      public static final String DECRYPTION_ERROR
      The system failed to decrypt an assertion or a name identifier. This error code will be thrown if the decryption of either a EncryptedAssertion or EncryptedID fails. https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=17
      See Also:

    • INVALID_ISSUER

      public static final String INVALID_ISSUER
      An Issuer element contained a value that didn't https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=15
      See Also:

    • INTERNAL_VALIDATION_ERROR

      public static final String INTERNAL_VALIDATION_ERROR
      An error happened during validation. Used when internal, non classified, errors are caught during the authentication process.
      See Also:

    • RELYING_PARTY_REGISTRATION_NOT_FOUND

      public static final String RELYING_PARTY_REGISTRATION_NOT_FOUND
      The relying party registration was not found. The registration ID did not correspond to any relying party registration.
      See Also:

    • INVALID_IN_RESPONSE_TO

      public static final String INVALID_IN_RESPONSE_TO
      The InResponseTo content of the response does not match the ID of the AuthNRequest.
      Since:
      5.7
      See Also: