The SiteMinder SAML (1.x and 2.0) and WS-Federation authentication schemes process response messages. For business reasons, for example, you might want to add additional steps to further process a response. The Message Consumer Extension API defines an interface that enables you to elaborate on the SAML or WS-Federation response in two ways during the authentication process:
The SiteMinder Java MessageConsumerPlugin API implements the Message Consumer Extension (MCE) interface. You can code to your own requirements and then integrate the custom plug-in into SiteMinder.
The MessageConsumerPlugin includes the following four methods:
|
Method |
Description |
|---|---|
|
init() |
Performs any initialization procedures that the plug-in requires. SiteMinder calls this method once for each plug-in instance, when the plug-in is loaded. |
|
release() |
Performs any rundown procedures that the plug-in requires. SiteMinder calls this method once for each plug-in instance, when SiteMinder is shutting down. |
|
postDisambigu-ateUser() |
Provides processing to disambiguate a user when the authentication scheme is unable to do so, or to add data for new federation users to a user store. Note that this method receives the decrypted assertion. The decrypted assertion is added to the properties map passed to MCP under the key "_DecryptedAssertion". |
|
postAuthentic-ateUser() |
Provides any additional code to determine the final outcome of assertion processing, regardless of whether the policy server processing results in success or failure. |
SiteMinder provides the following samples of the Message Consumer plug-in class: