import { type UserClaim } from '@logto/core-kit';
import { z } from 'zod';
export type SamlAttributeMapping = Partial<Record<UserClaim | 'sub', string>>;
export declare const samlAttributeMappingKeys: readonly ("name" | "username" | "email" | "sub" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "created_at" | "custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles")[];
export declare const samlAttributeMappingGuard: z.ZodObject<{
    [x: string]: z.ZodOptional<z.ZodString>;
}, "strip", z.ZodTypeAny, {
    [x: string]: string | undefined;
}, {
    [x: string]: string | undefined;
}>;
export declare enum BindingType {
    Post = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
    Redirect = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
}
export type SamlAcsUrl = {
    binding: BindingType;
    url: string;
};
export declare const samlAcsUrlGuard: z.ZodObject<{
    binding: z.ZodNativeEnum<typeof BindingType>;
    url: z.ZodString;
}, "strip", z.ZodTypeAny, {
    url: string;
    binding: BindingType;
}, {
    url: string;
    binding: BindingType;
}>;
export declare const samlEncryptionGuard: z.ZodEffects<z.ZodObject<{
    encryptAssertion: z.ZodOptional<z.ZodBoolean>;
    encryptThenSign: z.ZodOptional<z.ZodBoolean>;
    certificate: z.ZodOptional<z.ZodString>;
}, "strip", z.ZodTypeAny, {
    encryptAssertion?: boolean | undefined;
    encryptThenSign?: boolean | undefined;
    certificate?: string | undefined;
}, {
    encryptAssertion?: boolean | undefined;
    encryptThenSign?: boolean | undefined;
    certificate?: string | undefined;
}>, {
    encryptAssertion?: boolean | undefined;
    encryptThenSign?: boolean | undefined;
    certificate?: string | undefined;
}, {
    encryptAssertion?: boolean | undefined;
    encryptThenSign?: boolean | undefined;
    certificate?: string | undefined;
}>;
export type SamlEncryption = z.input<typeof samlEncryptionGuard>;
export declare enum NameIdFormat {
    /** Uses unique and persistent identifiers for the user. */
    Persistent = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
    /** Returns the email address of the user. */
    EmailAddress = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
    /** Uses unique and transient identifiers for the user, which can be different for each session. */
    Transient = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
    /** The Identity Provider can determine the format. */
    Unspecified = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
}
export declare const nameIdFormatGuard: z.ZodNativeEnum<typeof NameIdFormat>;