Federation Security Services Guide › Configure SiteMinder as an Account Partner › Customize a WS-Federation Assertion (optional)

Customize a WS-Federation Assertion (optional)

The WS-Federation Assertion Generator produces SAML assertions. Assertions are the basis for user authentication in a federated environment. You can customize the content of the SAML assertion by configuring an Assertion Generator plug-in. Using this plug-in, you can modify the assertion content for your business agreements between partners and vendors.

To use the WS-Federation Assertion Generator plug-in

1. Implement the plug-in class.

   A sample class, AssertionSample.java, can be found in sdk/samples/assertiongeneratorplugin.

2. Configure the Assertion Generator plug-in from the Advanced tab of the Resource Partner Properties dialog.

   Note: Specify an Assertion Generator plug-in for each Resource Partner.

   1. In the Full Java Class Name field, enter the Java class name of the plug-in.

      For example, com.mycompany.assertiongenerator.AssertionSample

      A sample plug-in is included in the SDK. You can view the sample assertion plug-in at sdk/samples/assertiongeneratorplugin.

   2. Optionally, in the Parameters field, enter the string that gets passed to the plug-in as a parameter at run time.

      The string can contain any value; there is no specific syntax to follow.

Note: For reference information about the WS-Federation Assertion Generator plug-in, see the AssertionGeneratorPlugin interface in the Javadoc Reference. This information applies to the WS-Federation Assertion Generator and the SAML Assertion Generator. For overview and conceptual information, see the SiteMinder Programming Guide for Java.

Implement the AssertionGeneratorPlugin Interface

The first step in creating a custom assertion generator plug-in is to implement the AssertionGeneratorPlugin interface.

Follow these steps:

1. Provide a public default constructor method that contains no parameters.
2. Provide code so that the implementation is stateless. Many threads must be able to use a single plug-in class.
3. Implement methods in the interface to satisfy your requirements.

The implementation must include a call to the customizeAssertion methods. You can overwrite the existing implementations. See the following sample classes for examples:

SAML 1.x/WS-Federation

AssertionSample.java

SAML 2.0

SAML2AssertionSample.java

The sample classes are located in the directory /sdk/samples/assertiongeneratorplugin.

Note: The contents of the parameter string that your implementation passes into the customizeAssertion method is the responsibility of the custom object.

Deploy the Assertion Generator Plug-in

After you have coded your implementation class for the AssertionGeneratorPlugin interface, compile it and verify that SiteMinder can find your executable file.

To deploy the assertion generator plug-in

1. Compile the assertion plug-in Java file.

   Compilation requires the following .jar files, which are installed with the Policy Server:

   • policy_server_home/bin/jars/SmJavaApi.jar
   • policy_server_home/bin/thirdparty/xercesImpl.jar
   • policy_server_home/bin/endorsed/xalan.jar
2. In the JVMOptions.txt file, modify the -Djava.class.path value so it includes the classpath for the plug-in. This modification enables the plug-in to be loaded with the modified classpath. Locate the JVMOptions.txt file in the directory installation_home\siteminder\config.

   Note: Do not modify the classpath for xercesImpl.jar, xalan.jar, or SMJavaApi.jar.

3. Enable the plug-in.