Previous Topic: Assertion Processing Customization (Relying Party)Next Topic: Implement the MessageConsumerPlugin Interface


Customize Assertion Processing (Relying Party)

The message consumer plug-in is a Java program that implements the Message Consumer Extension API. The plug-in lets you implement your own business logic for processing assertions, such as rejecting an assertion and returning a status code. This additional processing works together with the standard processing of an assertion.

During authentication, the system first tries to process the assertion by mapping a user to its local user store. If CA SiteMinder® Federation cannot find the user, it calls the postDisambiguateUser method of the message consumer plug-in.

If the plug-in successfully finds the user, the process continues to the second phase of authentication. If the plug-in cannot map the user to a local user store, the plug-in returns a UserNotFound error. The plug-in can optionally use the redirect URL feature. Without the consumer plug-in, the redirect URLs are based on the error that the SAML authentication scheme generates.

During the second phase of authentication, the system calls the postAuthenticateUser method of the message consumer plug-in, if the plug-in is configured. If the method succeeds, CA SiteMinder® Federation redirects the user to the requested resource. If the method fails, you can configure the plug-in to send the user to a failure page. The failure page can be one of the redirect URLs that you can specify with the authentication scheme configuration.

Reference information (method signatures, parameters, return values, data types), and the constructor for UserContext class, are in the Java SDK Programming Reference. Refer to the MessageConsumerPlugin interface.

To configure the plugin:

  1. Install the CA SiteMinder® Federation SDK.
  2. Implement the MessageconsumerPlugin.java interface, which is part of the SDK.
  3. Deploy your message consumer plug-in implementation class.
  4. Enable the message consumer plug-in in the Administrative UI.