Federation Guides › Legacy Federation Guide › Setup the SAML 1.x Assertion Generator File

Setup the SAML 1.x Assertion Generator File

This section contains the following topics:

Configure the SAML 1.x Assertion Generator Properties File

Review the JVMOptions File Which Creates a JVM

The JVMOptions.txt File

Configure the SAML 1.x Assertion Generator Properties File

The Policy Server at the producer includes a component named the assertion generator. For SAML 1.x only, the AMAssertionGenerator.properties file is required for the assertion generator to generate assertions. This properties file also contains commented instructions, which you can read for more information about the settings in the file.

The installed location of this file is:

policy_server_home/config/properties

The assertion generator works without modifying the settings in this file. However, the file contains CA SiteMinder® default values that are used in the assertions, so change these values for your network.

To configure the AMAssertionGenerator.properties file

1. Go to the directory policy_server_home/config/properties.
2. Open the AMAssertionGenerator.properties file in a text editor.
3. Modify the following parameters:

   AssertionIssuerID

   Specifies the URL that identifies the site issuing the assertion.

   This URL must be the same value as the Issuer field that you complete for a SAML authentication scheme.

   Note: Set this value properly so that SAML 1.x assertions are meaningful.

   SecurityDomain

   Identifies the domain of the producer, such as example.com

   SourceID

   Specifies for the SAML 1.x artifact profile only, a unique ID in the artifact that identifies the producer. For more information, see the SAML specification at the OASIS website.

The values in this file must match the values for the equivalent settings at the consumer site.

Note: Updates to the AmAssertionGenerator.properties file are picked up after the Policy Server is restarted.

Review the JVMOptions File Which Creates a JVM

The JVMOptions.txt File

The JVMOptions.txt file contains the settings that the Policy Server uses when creating the Java virtual machine that is used to support Federation Web Services. SAML 1.x, SAML 2.0, and WS‑Federation use this file.

During a Policy Server upgrade, the existing JVMOptions.txt file is renamed to JVMOptions.txt.backup. A new JVMOptions.txt file is created.

If the original file included customized parameters, be sure to modify the newly created file to include these customized parameters.

The installed location of this file is:

policy_server_home/config/

Important! If you update the JVMOptions.txt file, restart the Policy Server for the changes to take effect.

Notes:

• In some environments, logging off a system while the Policy Server is running causes the Policy Server service to fail. The failure is the result of a JVM issue. To prevent the failure, add the -Xrs command to its own command line in the JVMOptions.txt file. This java command reduces usage of operating system signals by the Java virtual machine.

  This command is case-sensitive so be sure to capitalize the X.

• If you encounter errors relating to missing classes, modify the classpath directive in this file. For complete information about the settings contained in the JVMOptions.txt file, see your Java documentation. The Java compiler directive java.endorsed.dirs is used in the JVMOptions.txt file to control class loading.