Scripting and Programming GuidesDeveloper's Guide for JavaAuthentication and Authorization APIsUse the Authorization APIModify a SAML Assertion or Response › Interaction between SiteMinder and an Assertion Generator

Previous Topic: Modify a SAML Assertion or Response

Next Topic: Development and Deployment Notes
Interaction between SiteMinder and an Assertion Generator

The following steps outline the interaction between SiteMinder and a custom assertion generator plug-in. The activities begin when an authorized user makes a request, through a SiteMinder Policy Server, for a resource at a site that consumes assertions:

  1. An authorized user requires a SAML assertion or response for a consumer or Service Provider.
  2. The SiteMinder Assertion Generator Framework generates a default SAML assertion or response.
  3. If an assertion generator plug-in is defined for the site that consumes the assertion, the SiteMinder Assertion Generator Framework requests an instance of the plug-in object from the plug-in cache.

    Note: The site consuming assertions can have no more than one assertion generator plug-in defined for it.

  4. If the plug-in has not yet been loaded into cache:
    1. SiteMinder instantiates the plug-in class and loads it into cache.
    2. SiteMinder calls the plug-in’s init() method. This method performs any initialization procedures that you have implemented for the plug-in.

    A successfully initialized plug-in object remains in cache until SiteMinder shuts down. This avoids having to re-load and re-initialize the object every time the plug-in is required.

  5. The SiteMinder Assertion Generator Framework passes the default XML token, generated in step 2, to the plug-in’s customizeAssertion() method.
  6. The plug-in validates or modifies the information as required, and returns the processed assertion to the Assertion Generator Framework.
  7. The Assertion Generator Framework passes the processed token to the consumer or Service Provider. This site uses the information in the assertion to determine how to respond to the user’s request.
  8. Steps through are repeated whenever a user requires an assertion for the service provider.

When SiteMinder is about to shut down, SiteMinder calls the plug-in’s release() method to allow the plug-in to perform any rundown activities it might require.