The SAML v2 Plug-in for Federation Services SDK

The SAML v2 Plug-in for Federation Services provides application programming interfaces (API) that can be used to construct and process assertions, requests, and responses. The SAML v2 Plug-in for Federation Services SDK is designed to be pluggable although it can also be run as a standalone application (outside of an instance of Access Manager or Federation Manager).

• For information on the packages in the SDK, see The SDK Packages.

• For ways to set a customized implementation, see Setting a Customized Class.

• For instructions on how to install the SDK as a standalone application, see To Install the SAML v2 Plug-in for Federation Services SDK.

The SDK Packages

The SAML v2 Plug-in for Federation Services SDK includes the following packages:

• com.sun.identity.saml2.assertion Package

• com.sun.identity.saml2.common Package

• com.sun.identity.saml2.protocol Package

For more information, see the Sun Java System SAMLv2 Plug-in for Federation Services Java API Reference.

You can also extract and view the SAML v2 Plug-in for Federation Services Java API Reference internally. Change to the /AccessManager-base/product-directory/saml2/docs directory on Access Manager or the /FederationManager-base/SUNWam/saml2/docs directory on Federation Manager and extract saml2_public_javadocs.jar to your web container. The Java API Reference can then be viewed using a web browser.

com.sun.identity.saml2.assertion Package

This package provides interfaces to construct and process SAML v2 assertions. It also contains the AssertionFactory, a factory class used to obtain instances of the objects defined in the assertion schema.

com.sun.identity.saml2.common Package

This package provides interfaces and classes used to define common SAML v2 utilities and constants.

com.sun.identity.saml2.protocol Package

This package provides interfaces used to construct and process the SAML v2 request/response protocol. It also contains the ProtocolFactory, a factory class used to obtain object instances for concrete elements in the protocol schema.

Setting a Customized Class

There are two ways you could set a customized implementation class:

1. Add a mapping property to AMConfig.properties in the format:

   com.sun.identity.saml2.sdk.mapping.interface-name=new-class-name

   For example, to define a customized Assertion interface, you would add:

   com.sun.identity.saml2.sdk.mapping.Assertion= com.ourcompany.saml2.AssertionImpl

   ---

   Note –

   AMConfig.properties is located in the /etc/opt/product-directory/config directory in Access Manager and in the /staging-directory/web-src/WEB-INF/classes directory in Federation Manager.

   ---

2. Set an environment variable for the Virtual Machine for the Java™ platform (JVM™). For example, you can add the following environment variable when starting the application:

   -Dcom.sun.identity.saml2.sdk.mapping.Assertion= com.ourcompany.saml2.AssertionImpl

To Install the SAML v2 Plug-in for Federation Services SDK

Before You Begin

If installing the SDK on a Linux system, you must have the Red Hat Package Manager (RPM) installed.

1. Log in as root.

2. Create a new directory.

   # mkdir saml2bits

   # cd saml2bits

3. Download the file-name.tar.gz file into the new directory.

   See the Sun Java System SAML v2 Plug-in for Federation Services Release Notes for the download URL.

4. Unpack the product binaries by typing:

   # gunzip —dc file-name.tar.gz | tar -xvof -

   where file-name.tar.gz is the name of the downloaded file.

5. Add the SAML v2 packages as follows:

   # pkgadd -d . SUNWsaml2

   By default, the packages will be installed in /AccessManager-base/product-directory/saml2 or /FederationManager-base/SUNWam/saml2.

6. Add the following to the classpath of your application:

   • For Access Manager 7 2005Q4:

     • /opt/product-directory/saml2/lib/saml2.jar

     • /opt/product-directory/saml2/locale

   • For Federation Manager 7 2005Q4:

     • /opt/SUNWam/saml2/lib/saml2.jar

     • /opt/SUNWam/saml2/locale

7. Get the supporting JAR and locale files using the applicable procedure:

   • For Access Manager 7 2005Q4:

     1. cd /AccessManager-base/product-directory

     2. Run the following command:

        # make -f Makefile.clientsdk

     3. Add the following to the classpath of your application:

        • AccessManager-base/product-directory/clientsdk-webapps/WEB-INF/lib/ amclientsdk.jar

        • AccessManager-base/product-directory/clientsdk-webapps/WEB-INF/classes

   • For Federation Manager 7 2005Q4:

     Add the following to the classpath of your application:

     1. FederationManager-base/SUNWam/fm/web-src/WEB-INF/lib/am_services.jar

     2. FederationManager-base/SUNWam/fm/web-src/WEB-INF/lib/am_sdk.jar

     3. FederationManager-base/SUNWam/fm/web-src/WEB-INF/classes

8. Restart your application.

   You should now be able to process SAML v2 XML messages using the methods in the AssertionFactory and ProtocolFactory.

Next Steps

For details regarding the SAML v2 SDK classes, see the Sun Java System SAMLv2 Plug-in for Federation Services Java API Reference.

You can also extract and view the SAML v2 Plug-in for Federation Services Java API Reference internally. Change to the /AccessManager-base/product-directory/saml2/docs directory on Access Manager or the /FederationManager-base/SUNWam/saml2/docs directory on Federation Manager and extract saml2_public_javadocs.jar to your web container. The Java API Reference can then be viewed using a web browser.