Customize the SAML 1.x Assertion Response (optional)

Federation Security Services Guide › Configure SiteMinder as a SAML 1.x Producer › Customize the SAML 1.x Assertion Response (optional)

Customize the SAML 1.x Assertion Response (optional)

The SiteMinder Assertion Generator produces SAML assertions to authenticate users in a federation environment. You can customize the content of the SAML assertion generated by the Assertion Generator by configuring an Assertion Generator plug-in. Using this plug-in, you can modify the assertion content for your business agreements between partners and vendors.

To use the Assertion Generator plug-in

Implement the plug-in class.
A sample class, AssertionSample.java, can be found in sdk/samples/assertiongeneratorplugin.
Configure the Assertion Generator plug-in from the Advanced tab of the Affiliate Properties dialog.
Note: Specify an Assertion Generator plug-in for each consumer.
1. In the Full Java Class Name field, enter the Java class name of the plug-in.
  For example, com.mycompany.assertiongenerator.AssertionSample
  
  A sample plug-in is included in the SDK. You can view a sample assertion plug-in at sdk/samples/assertiongeneratorplugin.
2. Optionally, in the Parameters field, enter the string that gets passed to the plug-in as a parameter at run time.
  The string can contain any value; there is no specific syntax to follow.

For more information about the Assertion Generator plug-in (method signatures, parameters, return values, data types), and also the new constructor for UserContext class, see the AssertionGeneratorPlugin interface in the Javadoc Reference. For overview and conceptual information, see the SiteMinder Programming Guide for Java.

Implement the AssertionGeneratorPlugin Interface

The first step in creating a custom assertion generator plug-in is to implement the AssertionGeneratorPlugin interface.

Follow these steps:

Provide a public default constructor method that contains no parameters.
Provide code so that the implementation is stateless. Many threads must be able to use a single plug-in class.
Implement methods in the interface to satisfy your requirements.

The implementation must include a call to the customizeAssertion methods. You can overwrite the existing implementations. See the following sample classes for examples:

SAML 1.x/WS-Federation: AssertionSample.java
SAML 2.0: SAML2AssertionSample.java

The sample classes are located in the directory /sdk/samples/assertiongeneratorplugin.

Note: The contents of the parameter string that your implementation passes into the customizeAssertion method is the responsibility of the custom object.

Deploy the Assertion Generator Plug-in

After you have coded your implementation class for the AssertionGeneratorPlugin interface, compile it and verify that SiteMinder can find your executable file.

To deploy the assertion generator plug-in

Compile the assertion plug-in Java file.
Compilation requires the following .jar files, which are installed with the Policy Server:
- policy_server_home/bin/jars/SmJavaApi.jar
- policy_server_home/bin/thirdparty/xercesImpl.jar
- policy_server_home/bin/endorsed/xalan.jar
In the JVMOptions.txt file, modify the -Djava.class.path value so it includes the classpath for the plug-in. This modification enables the plug-in to be loaded with the modified classpath. Locate the JVMOptions.txt file in the directory installation_home\siteminder\config.
Note: Do not modify the classpath for xercesImpl.jar, xalan.jar, or SMJavaApi.jar.
Enable the plug-in.