|
|
|
The SiteMinder agent in federation mode can receive an assertion from the remote partner that includes user attributes. The target SAP application can use these assertion attributes to customize the application for each user.
When the SAP Web AS calls the agent to authenticate a user, the server passes a subject to the agent. The agent adds one or more principals to the subject, as follows:
The primary principal is always added to the subject and it represents the user identity.
A user attributes principal is added to the subject only if user attributes are in the FEDPROFILE cookie sent to the agent.
The agent returns the subject back to the SAP Web AS, which passes this subject and the additional principals to the target application.
For the target application to retrieve the principals, add code to the application that extracts the principals. Add the following code to the SAP application to retrieve the principals and then use the attributes in the user attributes principal for customization.
Set setPrincipals = subject.getPrincipals();
Iterator itrPrincipals = setPrincipals.iterator();
java.security.Principal principal;
while (itrPrincipals.hasNext())
{
principal = (java.security.Principal) itrPrincipals.next();
}
The code sample returns the second principal containing the user attributes to the application. The application can then retrieve the attributes using the following call:
Principal.toString()
Add this string call to the application after the previous code.
The result of retrieving the attributes is a comma-separated string of attributes enclosed in curly braces, as follows:
{attr1=val1, attr2=val2}
Finally, the SAP Web AS application parses the string and process the assertion attributes.
Attribute retrieval by the target application is complete.
| Copyright © 2012 CA. All rights reserved. |
|