Federation Security Services GuideIdentify WS-Federation Resource Partners at the Account PartnerCustomizing Content in WS-Federation Assertions › Integrate the Assertion Generator Plug-in with SiteMinder (SAML 2.0/WS-Federation)

Previous Topic: Customizing Content in WS-Federation Assertions

Next Topic: Protect the Authentication URL to Generate a SiteMinder Session

Integrate the Assertion Generator Plug-in with SiteMinder (SAML 2.0/WS-Federation)

If you write an assertion generator plug-in, you have to integrate the plug-in to work with SiteMinder.

To compile the assertion plug-in Java file, see the instructions in the SAML2AssertionSample.java file in the directory:

sdk/samples/assertiongeneratorplugin

To integrate the assertion generator plug-in with SiteMinder

  1. Compile the assertion plug-in Java file.

    This file requires the following .jar files installed with the Policy Server:

  2. In the JVMOptions.txt file, modify the -Djava.class.path value so it includes the classpath for the plug-in. This enables the plug-in to be loaded.

    Note: Do not modify the classpath for xercesImpl.jar, xalan.jar, or SMJavaApi.jar.

  3. In the FSS Administrative UI, specify the plug-in that SiteMinder should use. Access the Advanced tab in the Service Provider Properties or Resource Partner Properties dialog and complete the following fields:

    Note: Instead of specifying the assertion plug-in class and its parameters via the FSS Administrative UI, you can use the Policy Management API (C or Perl) to integrate the plug-in. For instructions, see the SiteMinder Programming Guide for C or the SiteMinder Programming Guide for Java.

  4. Restart the Policy Server.

    Restarting the Policy Server ensures that the latest version of the assertion plug-in is picked up after being recompiled.

To enable the Assertion Generator to include attributes from a web application in an assertion

  1. Compile the assertion plug-in Java file.

    This file requires the following .jar files installed with the Policy Server:

  2. In the JVMOptions.txt file, modify the -Djava.class.path value so it includes the classpath for the plug-in. This enables the plug-in to be loaded.

    Note: Do not modify the classpath for xercesImpl.jar, xalan.jar, or SMJavaApi.jar.

  3. Configure a sample plug-in.

    There is an APIContext class in the SMJavaAPI that has a new method, getAttrMap(), which returns a map object containing the attributes from the web application to be included in the assertion. In the SiteMinder SDK, there are two sample Assertion Generator plug-ins that show how to use this map object:

    These samples are located in the directory sdk/samples/assertiongeneratorplugin. They enable the Assertion Generator to add attributes from a web application to the Assertion Generator for inclusion in an assertion.

  4. In the FSS Administrative UI, specify the plug-in you are using. Access the Advanced tab in the Service Provider Properties or Resource Partner Properties dialog and complete the following fields:

    Note: Instead of specifying the assertion plug-in class and its parameters via the FSS Administrative UI, you can use the Policy Management API (C or Perl) to integrate the plug-in. For instructions, see the SiteMinder SiteMinder Programming Guide for C or the SiteMinder Programming Guide for Java.

  5. Restart the Policy Server.

    Restarting the Policy Server ensures that the latest version of the assertion plug-in is picked up after being recompiled.

Copyright © 2010 CA. All rights reserved. Email CA about this topic