Scripting and Programming Guides › Developer's Guide for Java › Authentication and Authorization APIs › Use the Authorization API › Modify a SAML Assertion or Response

Modify a SAML Assertion or Response

According to SAML specifications, an assertion (SAML 1.x) or response (SAML 2.0) is generated by a producer site and sent to a consumer site for validation. Typically, you will use the default SAML assertion or response that SiteMinder generates at the producer site. If you want to modify the content of the assertion or the reponse, you can do so by implementing the Java assertion generator plug-in. This plug-in is appropriate for both consumers (SAML 1.x) and Service Providers (SAML 2.0).

To modify the SAML assertion or response

1. Implement a Java SAML assertion generator plug-in.

   The implementation is a plug-in for the SiteMinder Assertion Generator Framework. The Assertion Generator Framework sends a default token to the custom plug-in object. After processing, the custom object passes a modified token to the Assertion Generator Framework.

2. Configure the plug-in by specifying the fully-qualified name of the plug-in class and any optional parameters that the plug-in might require.

   You configure a custom assertion generator plug-in in any of these ways:

   • For SAML 1.x support, on the Advanced tab of the SiteMinder Affiliate Properties dialog.
   • For SAML 2.0 support, on the Advanced tab of the SiteMinder Service Provider Properties dialog.
   • Through the C or Perl Policy Management API.

   Note: Configuration of the assertion generator plug-in requires a Policy Management API session version of at least v6.0 SP 2.