You can modify the assertion content using an assertion generator plug-in. The plug-in enables you to customize the content of an assertion using the business agreements between you and your partners and vendors. One plug-in is allowed for each partner.
The steps to configure an assertion generator plug-in are:
Additional information about the Assertion Generator plug-in can be found as follows:
The first step in creating a custom assertion generator plug-in is to implement the AssertionGeneratorPlugin interface.
Follow these steps:
The implementation must include a call to the customizeAssertion methods. You can overwrite the existing implementations. See the following sample classes for examples:
SAML 1.x/WS-Federation
AssertionSample.java
SAML 2.0
SAML2AssertionSample.java
The sample classes are located in the directory /sdk/samples/assertiongeneratorplugin.
The contents of the parameter string that your implementation passes into the customizeAssertion method is the responsibility of the custom object.
After you have coded your implementation class for the AssertionGeneratorPlugin interface, compile it and verify that CA SiteMinder® can find your executable file.
To deploy the assertion generator plug-in
Compilation requires the following .jar files, which are installed with the Policy Server:
Note: Do not modify the classpath for xercesImpl.jar, xalan.jar, or SMJavaApi.jar.
After writing an assertion generator plug-in and compiling it, enable the plug-in by configuring settings in the Administrative UI. The UI parameters let CA SiteMinder® know where to find the plug-in.
Do not configure the plug-in settings until you deploy the plug-in.
Follow these steps:
Specifies a Java class name for an existing plug-in.
The plug-in class can parse and modify the assertion, and then return the result to the Assertion Generator for final processing.
Only one plug-in is allowed for each Affiliate. For example, com.mycompany.assertiongenerator.AssertionSample
(Optional) Specifies a string of parameters that is passed to the plug-in specified in the Java Class Name field.
Note: Instead of enabling the assertion plug-in in the Administrative UI, you can use the Policy Management API (C or Perl) to integrate the plug-in. For more information, see the CA SiteMinder® Programming Guide for C or the CA SiteMinder® Programming Guide for Java.
Restarting the Policy Server picks up the latest version of the assertion plug-in after being recompiled.
Copyright © 2014 CA.
All rights reserved.
|
|