Federation Security Services GuideIdentify Service Providers for a SAML 2.0 Identity Provider › Customize a SAML Response Element (optional)

Previous Topic: HTTP Error Handling at the IdP

Next Topic: Integrate the Assertion Generator Plug-in with SiteMinder (SAML 2.0/WS-Federation)

Customize a SAML Response Element (optional)

The Assertion Generator produces SAML assertions to authenticate users in a federated environment. You may want to modify the assertion content based on your business agreements between partners and vendors.

By configuring an Assertion Generator plug-in, you can customize the content of a SAML 2.0 response generated by the Assertion Generator.

To modify a response element using the Assertion Generator plug-in

  1. Implement the plug-in class.

    A sample class, AssertionSample.java, can be found in sdk/samples/assertiongeneratorplugin.

  2. Configure the Assertion Generator plug-in from the Advanced tab of the SAML Service Provider Properties dialog box.

    Note: Specify an Assertion Generator plug-in for each Service Provider.

    1. In the Full Java Class Name field, enter the Java class name of the plug-in. This plug-in is invoked by the Assertion Generator at run time.

      The plug-in class can parse and modify the assertion, and then return the result to the Assertion Generator for final processing.

      Only one plug-in is allowed for each Service Provider. For example, com.mycompany.assertiongenerator.AssertionSample

      A sample plug-in is included in the SDK. You can view a sample assertion plug-in at sdk/samples/assertiongeneratorplugin.

    2. Optionally, in the Parameters field, enter the string that gets passed to the plug-in as a parameter at run time.

      The string can contain any value; there is no specific syntax to follow.

Additional information about the Assertion Generator plug-in can be found as follows:

Copyright © 2010 CA. All rights reserved. Email CA about this topic