Customize Assertion Content

Contents
casso127
Contents
2
Implement the AssertionGeneratorPlugin Interface
The first step in creating a custom assertion generator plug-in is to implement the AssertionGeneratorPlugin interface. The following requirements apply to the implementation class:
  • The implementation must provide a public default constructor method that contains no parameters.
  • The implementation must be stateless, so that many threads can use a single plug-in class.
  • The implementation must include a call to the customizeAssertion methods. You can overwrite the existing implementations of these methods as your requirements dictate. See the sample programs.
  • The syntax requirements and use of the parameter string that is passed into the customizeAssertion method is the responsibility of the custom object.
The folder
federation_sdk_home
\sample\com\ca\federation\sdk\plugin\sample includes two sample implementation classes.
Deploy an Assertion Generator Plug-in
After you have coded your implementation class for the AssertionGeneratoPlugin interface, compile it and verify that
CA Single Sign-On
Federation can find your executable file.
To deploy the assertion generator plug-in
  1. Compile the assertion plug-in code in one of the following ways:
    • If you are using a sample plug-in, use the build script for your platform to compile the plug-in. The build scripts are installed in the directory
      federation_sdk_home
      \sample. The build scripts are:
      Windows:
      build_plugin.bat
      UNIX:
      build_plugin.sh
      A compiled sample plug-in, fedpluginsample.jar, is in the directory
      federation_sdk_home
      \jar.
    • If you write your own plug-in, include the smapi.jar when you compile your plug-in.
  2. In the JVMOptions.txt file, modify the -Djava.class.path value so it includes the classpath for the plug-in. Locate the JVMOptions.txt file in the directory
    federation_install_dir
    \siteminder\config.
    You can place the plug-in jar in any directory and have the JVMOptions.txt file point to it. To use the sample plug-in, modify the classpath to point to fedpluginsample.jar; however, do not modify the classpath for smapi.jar.
    To use Apache Xerces or Xalan in your plug-in, use the Xerces or Xalan binary files installed with
    CA Single Sign-On
    Federation. The binaries are not installed with the
    CA Single Sign-On
    Federation SDK. Using these files is necessary for compatibility reasons.
  3. Restart the
    CA Single Sign-On
    Federation services.
    Restarting the services helps ensure that
    CA Single Sign-On
    Federation uses the latest version of the assertion generator plug-in.
Enable the Assertion Generator Plug-in
After writing an assertion generator plug-in and compiling it, you enable the plug-in by configuring settings in the
CA Single Sign-On
Federation UI. The UI parameters let
CA Single Sign-On
Federation know where to find the plug-in.
Do not configure the plug-in settings until you deploy the plug-in.
To enable the Assertion Generator plug-in
  1. Log on to the Administrative UI.
  2. Navigate to the Assertion Configuration step of the Partnership wizard for the partnership you want to modify.
  3. Enter values for the Assertion Generator Plug-in settings that follow:
    • Plug-in Class
      Specifies the Java class name of the plug-in. Enter a name. This plug-in is invoked at run time.
      Example: com.mycompany.assertiongenerator.AssertionSample
      The plug-in class can parse and modify the assertion, and then return the result to
      CA Single Sign-On
      Federation for final processing. Specify an Assertion Generator plug-in for each relying party. A compiled sample plug-in is included in the SDK. You can view complied sample assertion plug-ins in the directory
      federation_sdk_home
      /jar.
      You can also view the source code for the
      CA Single Sign-On
      Federation sample plug-ins in the directory
      federation_sdk_home
      \sample\com\ca\federation\sdk\plugin\sample.
    • Plug-in Parameter
      (Optional). Specifies the string that
      CA Single Sign-On
      Federation passes to the plug-in as a parameter at run time. The string can contain any value; there is no specific syntax to follow.
      The plug-in interprets the parameters that it receives. For example, the parameter could be the name of an attribute or the string can contain an integer that instructs the plug-in to do something.
Reference information (method signatures, parameters, return values, data types), and the constructor for UserContext class and the APIContext class, are in the
Javadoc Reference
. Refer to the AssertionGeneratorPlugin interface in the Javadoc.