You can modify the assertion content using an assertion generator plug-in. The plug-in enables you to customize the content of an assertion using the business agreements between you and your partners and vendors. One plug-in is allowed for each partner.
The steps to configure an assertion generator plug-in are:
Additional information about the Assertion Generator plug-in can be found as follows:
The first step in creating a custom assertion generator plug-in is to implement the AssertionGeneratorPlugin interface.
Follow these steps:
The implementation must include a call to the customizeAssertion methods. You can overwrite the existing implementations. See the following sample classes for examples:
AssertionSample.java
SAML2AssertionSample.java
The sample classes are located in the directory /sdk/samples/assertiongeneratorplugin.
Note: The contents of the parameter string that your implementation passes into the customizeAssertion method is the responsibility of the custom object.
After you have coded your implementation class for the AssertionGeneratorPlugin interface, compile it and verify that CA SiteMinder® can find your executable file.
To deploy the assertion generator plug-in
Compilation requires the following .jar files, which are installed with the Policy Server:
Note: Do not modify the classpath for xercesImpl.jar, xalan.jar, or SMJavaApi.jar.
After writing an assertion generator plug-in and compiling it, enable the plug-in by configuring settings in the Administrative UI. The UI parameters let CA SiteMinder® know where to find the plug-in.
Do not configure the plug-in settings until you deploy the plug-in.
Follow these steps:
Specify a Java class name for an existing plug-in
The plug-in class can parse and modify the assertion, and then return the result to the Assertion Generator for final processing.
Only one plug-in is allowed for each Service Provider. For example, com.mycompany.assertiongenerator.AssertionSample
(Optional) Specify a string of parameters that is passed to the plug-in specified in the Java Class Name field.
Note: Instead of enabling the assertion plug-in through the Administrative UI, you can use the Policy Management API (C or Perl) to integrate the plug-in. For more information, see the CA SiteMinder® Programming Guide for C or the CA SiteMinder® Programming Guide for Java.
Restarting the Policy Server ensures that the latest version of the assertion plug-in is picked up after being recompiled.
You can use an assertion generator plug-in to add web application attributes tp an assertion. This is another way to customize the assertion.
To include web application attributes in an assertion
Compilation requires the following .jar files, which are installed with the Policy Server:
Note: Do not modify the classpath for xercesImpl.jar, xalan.jar, or SMJavaApi.jar.
An APIContext class in the SMJavaAPI has a new method, getAttrMap(), which returns a map object containing the attributes from the web application included in the assertion. In the SiteMinder SDK, there are two sample Assertion Generator plug-ins that show how to use this map object:
These samples are located in the directory sdk/samples/assertiongeneratorplugin. They enable the Assertion Generator to add attributes from a web application to an assertion.
Names the Java class for the plug-in. For example, the sample classes included with the CA SiteMinder® SDK are:
(SAML 2.0)
(WS-Federation)
Specify a string of parameters that is passed to the plug-in specified in the Java Class Name field. These parameters would be the attributes that you want to include in the assertion.
Note: Instead of configuring the settings through the Administrative UI, you can use the Policy Management API (C or Perl) to integrate the plug-in. For instructions, see the CA SiteMinder® Programming Guide for C or the CA SiteMinder® Programming Guide for Java.
Restarting the Policy Server verifies that the latest version of the assertion plug-in is picked up after being recompiled.
Copyright © 2013 CA.
All rights reserved.
|
|