Customize Assertion Content
Implement the AssertionGeneratorPlugin Interface
The first step in creating a custom assertion generator plug-in is to implement the AssertionGeneratorPlugin interface. The following requirements apply to the implementation class:
- The implementation must provide a public default constructor method that contains no parameters.
- The implementation must be stateless, so that many threads can use a single plug-in class.
- The implementation must include a call to the customizeAssertion methods. You can overwrite the existing implementations of these methods as your requirements dictate. See the sample programs.
- The syntax requirements and use of the parameter string that is passed into the customizeAssertion method is the responsibility of the custom object.
federation_sdk_home\sample\com\ca\federation\sdk\plugin\sample includes two sample implementation classes.
Deploy an Assertion Generator Plug-in
After you have coded your implementation class for the AssertionGeneratoPlugin interface, compile it and verify that
CA Single Sign-OnFederation can find your executable file.
To deploy the assertion generator plug-in
- Compile the assertion plug-in code in one of the following ways:
- If you are using a sample plug-in, use the build script for your platform to compile the plug-in. The build scripts are installed in the directoryfederation_sdk_home\sample. The build scripts are:Windows:build_plugin.batUNIX:build_plugin.shA compiled sample plug-in, fedpluginsample.jar, is in the directoryfederation_sdk_home\jar.
- If you write your own plug-in, include the smapi.jar when you compile your plug-in.
- In the JVMOptions.txt file, modify the -Djava.class.path value so it includes the classpath for the plug-in. Locate the JVMOptions.txt file in the directoryfederation_install_dir\siteminder\config.You can place the plug-in jar in any directory and have the JVMOptions.txt file point to it. To use the sample plug-in, modify the classpath to point to fedpluginsample.jar; however, do not modify the classpath for smapi.jar.To use Apache Xerces or Xalan in your plug-in, use the Xerces or Xalan binary files installed withCA Single Sign-OnFederation. The binaries are not installed with theCA Single Sign-OnFederation SDK. Using these files is necessary for compatibility reasons.
- Restart theCA Single Sign-OnFederation services.Restarting the services helps ensure thatCA Single Sign-OnFederation uses the latest version of the assertion generator plug-in.
Enable the Assertion Generator Plug-in
After writing an assertion generator plug-in and compiling it, you enable the plug-in by configuring settings in the
CA Single Sign-OnFederation UI. The UI parameters let
CA Single Sign-OnFederation know where to find the plug-in.
Do not configure the plug-in settings until you deploy the plug-in.
To enable the Assertion Generator plug-in
- Log on to the Administrative UI.
- Navigate to the Assertion Configuration step of the Partnership wizard for the partnership you want to modify.
- Enter values for the Assertion Generator Plug-in settings that follow:
- Plug-in ClassSpecifies the Java class name of the plug-in. Enter a name. This plug-in is invoked at run time.Example: com.mycompany.assertiongenerator.AssertionSampleThe plug-in class can parse and modify the assertion, and then return the result toCA Single Sign-OnFederation for final processing. Specify an Assertion Generator plug-in for each relying party. A compiled sample plug-in is included in the SDK. You can view complied sample assertion plug-ins in the directoryfederation_sdk_home/jar.You can also view the source code for theCA Single Sign-OnFederation sample plug-ins in the directoryfederation_sdk_home\sample\com\ca\federation\sdk\plugin\sample.
- Plug-in Parameter(Optional). Specifies the string thatCA Single Sign-OnFederation passes to the plug-in as a parameter at run time. The string can contain any value; there is no specific syntax to follow.The plug-in interprets the parameters that it receives. For example, the parameter could be the name of an attribute or the string can contain an integer that instructs the plug-in to do something.
Reference information (method signatures, parameters, return values, data types), and the constructor for UserContext class and the APIContext class, are in the
Javadoc Reference. Refer to the AssertionGeneratorPlugin interface in the Javadoc.