Federation Guides › Partnership Federation Guide › Assertion Configuration at the Asserting Party › Customize Assertion Content

Customize Assertion Content

Implement the AssertionGeneratorPlugin Interface

The first step in creating a custom assertion generator plug-in is to implement the AssertionGeneratorPlugin interface. The following requirements apply to the implementation class:

• The implementation must provide a public default constructor method that contains no parameters.
• The implementation must be stateless, so that many threads can use a single plug-in class.
• The implementation must include a call to the customizeAssertion methods. You can overwrite the existing implementations of these methods as your requirements dictate. See the sample programs.
• The syntax requirements and use of the parameter string that is passed into the customizeAssertion method is the responsibility of the custom object.

Note: The folder federation_sdk_home\sample\com\ca\federation\sdk\plugin\sample includes two sample implementation classes.

Deploy an Assertion Generator Plug-in

After you have coded your implementation class for the AssertionGeneratoPlugin interface, compile it and verify that CA SiteMinder® Federation can find your executable file.

To deploy the assertion generator plug-in

1. Compile the assertion plug-in code in one of the following ways:
   • If you are using a sample plug-in, use the build script for your platform to compile the plug-in. The build scripts are installed in the directory federation_sdk_home\sample. The build scripts are:

     Windows: build_plugin.bat

     UNIX: build_plugin.sh

     A compiled sample plug-in, fedpluginsample.jar, is in the directory federation_sdk_home\jar.

   • If you write your own plug-in, include the smapi.jar when you compile your plug-in.
2. In the JVMOptions.txt file, modify the -Djava.class.path value so it includes the classpath for the plug-in. Locate the JVMOptions.txt file in the directory federation_install_dir\siteminder\config.

   You can place the plug-in jar in any directory and have the JVMOptions.txt file point to it. To use the sample plug-in, modify the classpath to point to fedpluginsample.jar; however, do not modify the classpath for smapi.jar.

   Note: To use Apache Xerces or Xalan in your plug-in, use the Xerces or Xalan binary files installed with CA SiteMinder® Federation. The binaries are not installed with the CA SiteMinder® Federation SDK. Using these files is necessary for compatibility reasons.

3. Restart the CA SiteMinder® Federation services.

   Restarting the services helps ensure that CA SiteMinder® Federation uses the latest version of the assertion generator plug-in.

Enable the Assertion Generator Plug-in

After writing an assertion generator plug-in and compiling it, you enable the plug-in by configuring settings in the CA SiteMinder® Federation UI. The UI parameters let CA SiteMinder® Federation know where to find the plug-in.

Do not configure the plug-in settings until you deploy the plug-in.

To enable the Assertion Generator plug-in

1. Log on to the Administrative UI.
2. Navigate to the Assertion Configuration step of the Partnership wizard for the partnership you want to modify.
3. Enter values for the Assertion Generator Plug-in settings that follow:

   Plug-in Class

   Specifies the Java class name of the plug-in. Enter a name. This plug-in is invoked at run time.

   Example: com.mycompany.assertiongenerator.AssertionSample

   The plug-in class can parse and modify the assertion, and then return the result to CA SiteMinder® Federation for final processing. Specify an Assertion Generator plug-in for each relying party. A compiled sample plug-in is included in the SDK. You can view complied sample assertion plug-ins in the directory federation_sdk_home/jar.

   Note: You can also view the source code for the CA SiteMinder® Federation sample plug-ins in the directory federation_sdk_home\sample\com\ca\federation\sdk\plugin\sample.

   Plug-in Parameter

   (Optional). Specifies the string that CA SiteMinder® Federation passes to the plug-in as a parameter at run time. The string can contain any value; there is no specific syntax to follow.

   The plug-in interprets the parameters that it receives. For example, the parameter could be the name of an attribute or the string can contain an integer that instructs the plug-in to do something.

Reference information (method signatures, parameters, return values, data types), and the constructor for UserContext class and the APIContext class, are in the Javadoc Reference. Refer to the AssertionGeneratorPlugin interface in the Javadoc.